Closed Bug 1422539 Opened 8 years ago Closed 8 years ago

Canceling a file picker crashes Firefox

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
57 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: imphil, Unassigned)

References

Details

(Keywords: crash)

STR === - Go to the GitLab.com "New Issue" page. - Click on Attach File - In the file picker dialog, choose "Cancel" Now Firefox crashes. Backtrace ========= ("Datei oder Verzeichnis nicht gefunden." = "file or directory not found") Thread 1 "firefox" received signal SIGSEGV, Segmentation fault. nsCOMPtr_base::assign_assuming_AddRef (aNewPtr=0x0, this=0x7fffc0db80a8) at /usr/src/debug/obj/dist/include/nsCOMPtr.h:355 355 /usr/src/debug/obj/dist/include/nsCOMPtr.h: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 0x00007fffe9270997 in nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) (aNewPtr=0x0, this=0x7fffc0db80a8) at /usr/src/debug/obj/dist/include/nsCOMPtr.h:355 #1 0x00007fffe9270997 in nsCOMPtr<nsIFilePickerShownCallback>::operator=(decltype(nullptr)) (this=0x7fffc0db80a8) at /usr/src/debug/obj/dist/include/nsCOMPtr.h:631 #2 0x00007fffe9270997 in nsFilePicker::<lambda(gpointer)>::operator() (__closure=0x0, data=0x7fffc0db8050) at /usr/src/debug/mozilla/widget/gtk/nsFilePicker.cpp:393 #3 0x00007fffe9270997 in nsFilePicker::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/mozilla/widget/gtk/nsFilePicker.cpp:399 #4 0x00007ffff29f3e05 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #5 0x00007ffff29f41d0 in () at /usr/lib64/libglib-2.0.so.0 #6 0x00007ffff29f425c in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0 #7 0x00007fffe925ec6f in nsAppShell::ProcessNextNativeEvent(bool) (this=<optimized out>, mayWait=<optimized out>) at /usr/src/debug/mozilla/widget/gtk/nsAppShell.cpp:280 #8 0x00007fffe9229442 in nsBaseAppShell::DoProcessNextNativeEvent(bool) (this=this@entry=0x7fffda0ad9a0, mayWait=mayWait@entry=false) at /usr/src/debug/mozilla/widget/nsBaseAppShell.cpp:140 #9 0x00007fffe922967c in nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) (this=0x7fffda0ad9a0, thr=0x7fffe29f7de0, mayWait=<optimized out>) at /usr/src/debug/mozilla/widget/nsBaseAppShell.cpp:273 #10 0x00007fffe73f2f85 in nsThread::ProcessNextEvent(bool, bool*) (this=0x7fffe29f7de0, aMayWait=<optimized out>, aResult=0x7fffffffbba7, this=<optimized out>) at /usr/src/debug/mozilla/xpcom/threads/nsThread.cpp:952 #11 0x00007fffe73f1588 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=<optimized out>, aThread@entry=0x7fffe29f7de0, aMayWait=aMayWait@entry=false) at /usr/src/debug/mozilla/xpcom/threads/nsThreadUtils.cpp:521 #12 0x00007fffe77fd6b2 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (this=0x7fffe2964940, aDelegate=0x7ffff6b59700) at /usr/src/debug/mozilla/ipc/glue/MessagePump.cpp:97 #13 0x00007fffe77d26f0 in MessageLoop::RunInternal() (this=<optimized out>) at /usr/src/debug/mozilla/ipc/chromium/src/base/message_loop.cc:326 #14 0x00007fffe77d26f0 in MessageLoop::RunHandler() (this=<optimized out>) at /usr/src/debug/mozilla/ipc/chromium/src/base/message_loop.cc:319 #15 0x00007fffe77d26f0 in MessageLoop::Run() (this=<optimized out>) at /usr/src/debug/mozilla/ipc/chromium/src/base/message_loop.cc:299 #16 0x00007fffe9224808 in nsBaseAppShell::Run() (this=0x7fffda0ad9a0) at /usr/src/debug/mozilla/widget/nsBaseAppShell.cpp:158 #17 0x00007fffea2bc51e in nsAppStartup::Run() (this=0x7fffd9ee9a60) at /usr/src/debug/mozilla/toolkit/components/startup/nsAppStartup.cpp:288 #18 0x00007fffea34eab3 in XREMain::XRE_mainRun() (this=this@entry=0x7fffffffbe70) at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4703 #19 0x00007fffea34fbc6 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=this@entry=0x7fffffffbe70, argc=argc@entry=1, argv=argv@entry=0x7fffffffd1a8, aConfig=...) at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4867 #20 0x00007fffea34ff42 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=1, argv=0x7fffffffd1a8, aConfig=...) at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4962 #21 0x000055555555b04c in do_main(int, char**, char**) (argc=1, argv=0x7fffffffd1a8, envp=<optimized out>) at /usr/src/debug/mozilla/browser/app/nsBrowserApp.cpp:236 #22 0x000055555555a6dc in main(int, char**, char**) (argc=1, argv=0x7fffffffd1a8, envp=0x7fffffffd1b8) at /usr/src/debug/mozilla/browser/app/nsBrowserApp.cpp:309 The crash reporter also tried to upload the crashes, but it seemed to be unable to find the installed symbols (bp-8500971d-a0a0-402b-ba40-c95f00171202 and bp-b376524e-e5ba-4646-a642-32ecd0171202) System information ================== I'm using OpenSUSE Tumbleweed with KDE, and the default distro-provided builds of Firefox. $ rpm -q MozillaFirefox MozillaFirefox-57.0-2.1.x86_64 $ cat /etc/os-release NAME="openSUSE Tumbleweed" # VERSION="20171201" ID=opensuse ID_LIKE="suse" VERSION_ID="20171201" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:tumbleweed:20171201" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/"
Component: Untriaged → XUL
Product: Firefox → Core
The Mozilla crash reporter knows only about the symbols of Mozilla.org builds. Ubuntu uploaded their symbols to the Mozilla crash server in the past but it seems that the server knows nothing about opensuse builds. You can always download an official build from http://ftp.mozilla.org/pub/firefox/releases/57.0/ extract it in /temp/ and run that build from there if you want a working crash reporter. Do you get the crash on every site when canceling the file picker (e.g. on the "attach file" here in bugzilla) ? Is this a new crash in Firefox57 or did it work in Firefox56 ? This works for me with Firefox 57 on Ubuntu 16.04 XFCE
Severity: normal → critical
Component: XUL → Widget: Gtk
Keywords: crash
On the symbols: I have the symbols locally available from the -debugsyms package (otherwise GDB wouldn't find them), so I thought the crash reporter would also pick them up locally. But that's a side issue, let's keep the bug about the actual crash :-) Further notes: - I can reproduce the bug with the OpenSUSE version of Firefox on any file upload dialog that I cancel, also here on Bugzilla. - I cannot reproduce with an official build. - I noted that I get the KDE file open dialog, instead of the standard GTK one in the official builds. - So I assume this is caused by the patched-in KDE integration done by openSUSE, most likely this patch: https://build.opensuse.org/package/view_file/mozilla:Factory/MozillaFirefox/mozilla-kde.patch?expand=1 Adding Wolfgang Rosenauer as package maintainer to this bug.
Flags: needinfo?(mozilla)
Seems there is an openSUSE bug for this one as well: https://bugzilla.opensuse.org/show_bug.cgi?id=1069962
This was fixed in the openSUSE downstream KDE integration. Closing INVALID as it was purely downstream.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Flags: needinfo?(mozilla)
You need to log in before you can comment on or make changes to this bug.