Closed Bug 184127 Opened 22 years ago Closed 22 years ago

immediate crash upon loading weather.com [@ gdk_pixmap_colormap_create_from_xpm_d ?]

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
Sun
SunOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jraymond, Assigned: iamawalrus)

References

(
URL
)

Details

(Keywords: crash, top100)

Crash Data

Attachments

(6 files, 2 obsolete files)

stack trace from crash
14.19 KB, text/plain
Details
Stack trace
13.26 KB, text/plain
Details
stack trace on http://bt.classicaka.com/
11.94 KB, text/plain
Details
stack trace corresponding to test case attachment 110607
10.97 KB, text/plain
Details
simplified test case, one liner with EMBED tag
46 bytes, text/html
Details
screenshot
274.46 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.3a) Gecko/20021206
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.3a) Gecko/20021206

On a Sun Blade running Solaris 8, going to http://www.weather.com causes mozilla
to crash immediately.

Reproducible: Always

Steps to Reproduce:
1.Surf to http://www.weather.com/
2.Crash happens.


Actual Results:  
Crash

Expected Results:  
No Crash
Attached file stack trace from crash 

    
    

    
  
worksforme with linux trunk build 20021206
do you have Flash installed?  do you crash if you remove the plugin?
Severity: normal → critical
Keywords: crash

    
    

    
  
No -- I don't have the flash plugin installed.

    
    

    
  
are you running desktop in 8bpp mode ?

http://lxr.mozilla.org/seamonkey/source/xpfe/bootstrap/nsNativeAppSupportGtk.cpp#74
Why is 
Summary: immediate crash upon loading weather.com → immediate crash upon loading weather.com [@ gdk_pixmap_colormap_create_from_xpm_d ?]

    
    

    
  
No. I'm running in 24bpp.



    
    

    
  
you may want to upgrade your gdk/gtk libs on Solaris, other than that, I have
little idea.
Assignee: asa → sgehani
Status: UNCONFIRMED → NEW
Component: Browser-General → XP Apps
Ever confirmed: true
QA Contact: asa → paw

    
    

    
  
==> Browser/General
Assignee: sgehani → asa
Component: XP Apps → Browser-General
QA Contact: paw → asa

    
    

    
  
I am probably having the same problem:

Solaris 8, Ultra-10, gtk+-1.2.10 and other libraries as documented on
ftp://depot.mcom.com/pub/pioch/mozilla-1.3a/README

Running Mozilla 1.3a on a 8-bit display

Opening http://it.fit.edu/

-> Immediate crash

Attaching "pstack core | c++filt"

-----------------  lwp# 1 / thread# 1  --------------------
 ff052be0 _gdk_pixmap_create_from_xpm (84089c, c99c0, 922598, fcc1144e, 0, 9188b
0) + 574
 ff052e7c gdk_pixmap_colormap_create_from_xpm_d (839578, 0, ffbe5e9c, fcc1144e, 
fcc24950, fcc1144e) + 3c
 fcc12e94 ???????? (851c08, 3e, fce20c30, ff3e66b4, 0, 1)
 fcc130e8 makePixmap (851c08, 0, 836e58, 0, ffbe5fe0, 2) + 4
 fcc1239c NPP_SetWindow (851c08, 62f17c, fd527c88, fd527c84, fd5289f0, ffbe5c58)
 + 80
 fcc136a4 Private_SetWindow (927c10, 62f17c, fcc1369c, 0, fd9779cc, 853998) + 8


    
    

    
  

      
      
      
      

        Attached file
          
        Stack trace
      

    


  
pstack core | c++filt

    
    

    
  
PS: I do not have Flash, Java, or any other plugin installed.


    
    

    
  
Another instant crasher: http://bt.classicaka.com/


    
    

    
  
Sadly, it only crashes on non-debug builds.

I made another Solaris8 build with the same compiler (GCC 3.2.1) and same
options EXCEPT commenting out the following, to produce a DEBUG build:

# ac_add_options --disable-debug
# ac_add_options --enable-strip
# ac_add_options --disable-tests
# ac_add_options --enable-optimize

and it doesn't crash anymore. Instead, on all 3 URLs, the Plugin-Finder popup
appears and states that shockwave is not installed.

How do we proceed from here?


    
    

    
  
My solaris8 debug build is available at

  ftp://depot.mcom.com/pub/pioch/mozilla-1.3a-dbg/

including a 13 kB README file explaining how it was produced.


    
    

    
  
> How do we proceed from here?

you might try doing 

ac_add_options --enable-optimize="-O -g"
ac_add_options --disable-debug

optimization or debugging is what is different.  the above will give you an
equivalent build with full symbols (although no assertions, etc)

a testcase would be helpful as well.

    
    

    
  


  
Flags above produce a build that dumps core on http://bt.classicaka.com/ !
Well done. I'm using the above web page as test case as it is really
minimalistic HTML.

attaching pstack core | c++filt

Solaris 8, GCC 3.2.1, compilation detailed at
ftp://depot.mcom.com/pub/pioch/mozilla-1.3a/README

    
    

    
  
OK, I have simplified http://bt.classicaka.com/ even more to make a test case:

Loading this local file.html into Mozilla/1.3a doesn't make it crash:

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://do
wnload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" wid
th="100%" height="100%" align="middle">
    <param name="movie" value="http://bt.classicaka.com/bt.swf">
    <param name="quality" value="high">
  </object>

However, loading this file makes it crash:

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://do
wnload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" wid
th="100%" height="100%" align="middle">
    <param name="movie" value="http://bt.classicaka.com/bt.swf">
    <param name="quality" value="high">
    <embed src="http://bt.classicaka.com/bt.swf" quality="high" pluginspage="htt
p://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" w
idth="50%" height="100%" align="middle">
    </embed> 
  </object>

In other words, it's adding the <embed> instead the <object> that causes
the crash. Maybe a second call to the plugin finder since Mozilla has
neither plugins ?


    
    

    
  

      
      
      
      

        Attached file
          
        instant crasher test case (obsolete)
        — 
      

    


  
Simplified version of http://bt.classicaka.com/
that causes instant crash.

    
    

    
  


  
if you remove the <EMBED SRC=...></EMBED> line inside the
<OBJECT ...></OBJECT>, it doesn't crash anymore.

    
    

    
  


  
stack trace corresponding to test case attachment 110607 [details]

   pstack core | c++filt

    
    

    
  
==> plugins
Assignee: asa → peterlubczynski
Component: Browser-General → Plug-ins
QA Contact: asa → shrir

    
    

    
  
Nicolas, do you crash with the testcase with Flash plug-in ? Or does it only
happen when this plug-in isn't installed ?

    
    

    
  
Crashes are when absolutely no plugins are installed, neither Flash nor Java,
just the standard libnullplugin.so shipped with Mozilla.

In other words, Mozilla as it builds.

I suspect it's due to a recursive plugin call into libnullplugin.so,
due to <OBJECT> and <EMBED> inside ?


    
    

    
  
Actually the crash is inside libnullplugin.so

If I disable this plugin (remove it from the plugins/ directory)
Mozilla doesn't crash anymore on test case attachment 110607 [details]
and instead displays a popup window saying:

Mozilla cannot find  the Plugin Downloader Plugin. Without [...], you
cannot automatically download and install plugins. Please visit [Netscape] to
install the Plugin Downloader Plugin.

[ ] I know I need the Plugin Downloader Plugin, but don't show me this dialog again.

So my guess is that the bug is within the libnullplugin.so code
that doesn't handle double invokation properly.


    
    

    
  
I guess stack trace in attachment 110610 [details] makes the crash happen in file
  mozilla/modules/plugin/samples/default/unix/nullplugin.c

around line 387, within function createPixmap()

  nullPluginGdkPixmap = gdk_pixmap_create_from_xpm_d(gdk_window , &mask,
             &style->bg[GTK_STATE_NORMAL], npnul320_xpm);
  /* Pixmap is created on original X session but used by new session */
  XSync(GDK_DISPLAY(), False);


    
    

    
  
GDB 5.3 stack trace:

Loaded symbols for /train/tmp/rel-1.3a/mozilla/dist/bin/components/libmork.so
Reading symbols from
/train/tmp/rel-1.3a/mozilla/modules/plugin/samples/default/unix/libnullplugin.so...done.
Loaded symbols for
/train/tmp/rel-1.3a/mozilla/modules/plugin/samples/default/unix/libnullplugin.so
#0  _gdk_pixmap_create_from_xpm (window=0x664c58, colormap=0xd2b98, 
    mask=0xffbeba14, transparent_color=0xfcd6144e, 
    get_buf=0xfed53450 <mem_buffer>, handle=0xffbeb998) at gdkpixmap.c:526
526     gdkpixmap.c: No such file or directory.
        in gdkpixmap.c

(gdb) bt
#0  _gdk_pixmap_create_from_xpm (window=0x664c58, colormap=0xd2b98, 
    mask=0xffbeba14, transparent_color=0xfcd6144e, 
    get_buf=0xfed53450 <mem_buffer>, handle=0xffbeb998) at gdkpixmap.c:526
#1  0xfed534d8 in gdk_pixmap_colormap_create_from_xpm_d (window=0x75c, 
    colormap=0xd2b98, mask=0x855650, transparent_color=0xfcd6144e, 
    data=0xfcd74978) at gdkpixmap.c:744
#2  0xfcd62eb4 in createPixmap (This=0x64abc0) at nullplugin.c:387
#3  0xfcd63108 in makePixmap (This=0x64abc0) at nullplugin.c:464
#4  0xfcd623bc in NPP_SetWindow (instance=0x64abc0, window=0x7d2324)
    at npshell.c:226
#5  0xfcd636c4 in Private_SetWindow (instance=0x64abc0, window=0x7d2324)
    at npunix.c:259
#6  0xfd46bcb8 in ns4xPluginInstance::SetWindow(nsPluginWindow*) (
    this=0x665260, window=0x7d2324) at ns4xPluginInstance.cpp:1016
#7  0xfd475e44 in nsPluginHostImpl::InstantiateEmbededPlugin(char const*,
nsIURI*, nsIPluginInstanceOwner*) (this=0x127660, 
    aMimeType=0x654a40 "application/x-shockwave-flash", aURL=0x616c38, 
    aOwner=0x828ef0) at nsPluginHostImpl.cpp:3552
#8  0xfce1cd9c in ?? ()
   from /train/tmp/rel-1.3a/mozilla/dist/bin/components/libgklayout.so
#9  0xfce1c2e8 in ?? ()


(gdb) p window
$1 = (GdkWindow *) 0x664c58
Current language:  auto; currently c
(gdb) p *window
$2 = {user_data = 0x59b208}
(gdb) p *colormap
$3 = {size = 256, colors = 0x1098d8}
(gdb) p *(colormap->colors)
$5 = {pixel = 0, red = 65535, green = 65535, blue = 65535}
(gdb) p *mask
$6 = (GdkBitmap *) 0xff3e7d40
(gdb) p **mask
$7 = {user_data = 0x0}
(gdb) p *transparent_color
$8 = {pixel = 858664960, red = 27753, green = 25187, blue = 11891}
(gdb) p *handle
Attempt to dereference a generic pointer.

(gdb) up
#1  0xfed534d8 in gdk_pixmap_colormap_create_from_xpm_d (window=0x75c, 
    colormap=0xd2b98, mask=0x855650, transparent_color=0xfcd6144e, 
    data=0xfcd74978) at gdkpixmap.c:744
744     in gdkpixmap.c
(gdb) p *data
$11 = (gchar *) 0xfcd63d88 "32 32 6 1"
(gdb) p *window
Cannot access memory at address 0x75c
(gdb) p *colormap
$12 = {size = 256, colors = 0x1098d8}
(gdb) p *mask
$13 = (GdkBitmap *) 0xb
(gdb) p **mask
Cannot access memory at address 0xb
(gdb) p *transparent_color
$14 = {pixel = 858664960, red = 27753, green = 25187, blue = 11891}
(gdb) p *data
$15 = (gchar *) 0xfcd63d88 "32 32 6 1"


    
    

    
  


  
The <OBJECT> tag has nothing to do with the crash, in fact the test case
can be shrank to a one-liner:

<embed src="http://bt.classicaka.com/bt.swf">

That's enough to cause the crash on a new, empty profile.

        Attachment #110607 -
        Attachment is obsolete: true

        Attachment #110608 -
        Attachment is obsolete: true

    
    

    
  
*** Bug 187824 has been marked as a duplicate of this bug. ***
Flags: blocking1.3b?
Keywords: mozilla1.3, 
          
            top100

    
    

    
  
This seems Flash plugins 's bug.

    
    

    
  
Nope -- this crash is triggered by Flash or Java embedded objects
when NEITHER plugin is installed, so the bug is certainly NOT
in a component that is not present on the machine !

The bug is in libnullplugin, which opens a dialog box (Plugin Downloader Window)
that includes an XPM bitmap, whose rendering causes a crash in GTK.


    
    

    
  
*** Bug 188060 has been marked as a duplicate of this bug. ***

    
    

    
  
from bug 188060, also happen on Tru64 Unix, V5.1A.

    
    

    
  
ccing robin.lu@sun.com the last person touched that code to fix bug 180147

    
    

    
  
Can you use the latest trunk to have a check?
The patch I checked in at Nov. 22 for bug 180147 has a problem that could make
the  'style' invalid, which could cause the parameter
'style->bg[GTK_STATE_NORMAL]' of gdk_pixmap_colormap_create_from_xpm_d invalid.
It is due to MOZ_ENABLE_GTK is not a defined macro that could be used in source
code. I am sorry for that. But the patch I have checked in at Dec. 12 fixed the bug.

    
    

    
  
testcase works in a nightly trunk build, marking WFM
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME

    
    

    
  
Peter, you tested on _Solaris_ right?  If you tested on Linux, that's not very
useful -- this is likely a Solaris-only bug.

Reopening to prevent this getting lost in the meantime; please just reclose if
you tested Solaris.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---

    
    

    
  
Sorry, I do not have Solaris eotier. I have requested the reporter (by mail) to 
kindly retry this bug  and mention his findings. 

    
    

    
  
I would be happy to retry the latest fix if somebody could build me a version 
that will work on my machine.  I would rather avoid investing the time to build 
a version directly myself, since I have little time available to play here at 
work.

    
    

    
  
All the solaris boxes I tried didn't have the right configurations and system
administrators were too busy. Can someone try the nightly builds:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-sparc-sun-solaris2.6.tar.gz

    
    

    
  
Still crashes for me.

    
    

    
  
I built yesterday's trunk on solaris8 and it does not crash. The default plugin
dialog popes up and I can see the puzzle like xpm icon on the position where the
plugin should be.
Here's my configure command line:
../mozilla/configure --disable-debug --disable-tests --with-xprint
--enable-xinerama --enable-ldap --enable-x11-shm --disable-auto-deps
--enable-crypto --enable-strip-libs

My display depth is 24

    
    

    
  
Robin: you might try --enable-optimize.   see comment 12

    
    

    
  

      
      
      
      

        Attached image
          
        screenshot
      

    


  
I used the exactly configuration as comment 12 to rebuild and it is WFM too.
Attached is the screenshot of weather.com

    
    

    
  
Forget to say that my compiler is Forte C 6 update 2.

    
    

    
  
*** Bug 189600 has been marked as a duplicate of this bug. ***

    
    

    
  
from bug 189600, also happen on OpenVMS.

    
    

    
  
so this is no longer a problem? 
Flags: blocking1.3b? → blocking1.3b-

    
    

    
  
I don't have a Solaris box.  
Robin, since you have one, can you see if this is a regression from bug 180147?
Thanks!
Assignee: peterlubczynski → robin.lu
Status: REOPENED → NEW

    
    

    
  
Please see my comment 33. 

I have checked by my solaris8 and can not reproduce the crash. I also traced the
code and found the regression of my first patch of bug 180147 has been fixed by
my second patch. 

From comment 25, mozilla crashed at line 526 of gdkpixmap.c which is:
	  color->color = *transparent_color;
The transparent_color is just what my first regression patch might affect. So I
highly recommend the reporters of this bug could use the latest trunk or at
least later than Dec. 12 to check again.


    
    

    
  
http://www.adelphia-econnections.com/  Crashes Mozilla every time I attempt to
open it.

Mozilla 1.3a

Mozilla/5.0 (X11; U; OpenVMS COMPAQ_AlphaServer_DS10_466_MHz; en-US; rv:1.3a)
Gecko/20021210

Crash dump follows:

EAGLE> @sys$common:[mozilla]mozilla
Starting mozilla-bin...
%SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=0000000001C0
05BA, PC=0000000000202824, PS=0000001B
%TRACE-F-TRACEBACK, symbolic stack dump follows
  image    module    routine             line      rel PC           abs PC
 LIBGDK  GDKPIXMAP  _gdk_pixmap_create_from_xpm
                                        19313 0000000000001044 0000000000202824
 LIBGDK  GDKPIXMAP  gdk_pixmap_colormap_create_from_xpm_d
                                        19531 00000000000018FC 00000000002030DC
 LIBNULLPLUGIN  NULLPLUGIN  createPixmap
                                        54018 0000000000001148 0000000005B2D778
 LIBNULLPLUGIN  NULLPLUGIN  makePixmap  54095 0000000000000000 0000000000000000
 LIBNULLPLUGIN  NPSHELL  NPP_SetWindow  40762 0000000000000564 0000000005B2C564
 LIBGKPLUGIN  NS4XPLUGININSTANCE  SetWindow
                                        93400 00000000000021C4 000000000271A1D4
 LIBGKPLUGIN  NSPLUGINHOSTIMPL  InstantiateEmbededPlugin
                                       101700 0000000000011D74 000000000272D0E4
 LIBGKPLUGIN  NSPLUGINHOSTIMPL  OnStartRequest
                                       100348 000000000000A60C 000000000272597C
 LIBNECKO  NSHTTPCHANNEL  CallOnStartRequest
                                        61608 0000000000004AB4 00000000011A08B4
 LIBNECKO  NSHTTPCHANNEL  ProcessNormal
                                        61733 00000000000053A4 00000000011A11A4
 LIBNECKO  NSHTTPCHANNEL  ProcessResponse
                                        61635 0000000000004C4C 00000000011A0A4C
 LIBNECKO  NSREQUESTOBSERVERPROXY  HandleEvent
                                        26681 000000000000052C 000000000112B16C
 LIBXPCOM  PLEVENT  PL_HandleEvent      40834 0000000000000E08 00000000006DF088
 LIBXPCOM  PLEVENT  PL_ProcessPendingEvents
                                        40764 0000000000000C3C 00000000006DEEBC
 LIBXPCOM  NSEVENTQUEUE  ProcessPendingEvents
                                        27140 0000000000001704 00000000006D5BE4
 LIBWIDGET_GTK  NSAPPSHELL  our_gdk_io_invoke
                                        71671 00000000000005A4 0000000001D00684
 LIBGLIB  GMAIN  g_main_dispatch        19265 0000000000000B80 0000000000141FD0
 LIBGLIB  GMAIN  g_main_iterate         19486 000000000000132C 000000000014277C
 LIBGLIB  GMAIN  g_main_run             19544 0000000000001548 0000000000142998
 LIBGTK  GTKMAIN  gtk_main              21888 0000000000000AD8 00000000003BFDE8
 LIBWIDGET_GTK  NSAPPSHELL  Run         71942 0000000000001474 0000000001D01554
 MOZILLA-BIN  NSAPPRUNNER  main1        86565 0000000000009724 0000000000069724
 MOZILLA-BIN  NSAPPRUNNER  main         86926 000000000000A5E8 000000000006A5E8
 MOZILLA-BIN  NSAPPRUNNER  __MAIN           0 00000000000000B8 00000000000600B8
 MOZILLA-BIN                                0 0000000000065FF8 0000000000075FF8
 PTHREAD$RTL                                0 000000000003E5B0 000000007BCFE5B0
 PTHREAD$RTL                                0 000000000001C31C 000000007BCDC31C
                                            0 FFFFFFFF8028563C FFFFFFFF8028563C

    
    

    
  
John: we know the problem exists with 1.3a.  We need to know if the problem
still exists with recent builds (1.3b for example)

    
    

    
  
Verified fixed, works for me Mozilla/1.3b :
ftp://depot.mcom.com/pub/pioch/mozilla-1.3b/mozilla-1.3b.sparc-sun-solaris2.8.tar.bz2

I'm getting the correct plugin downloader window saying that the Flash plugin
must be downloaded to view the embedded object.

Tested on 2 different websites, including weather.com


    
    

    
  
marking WFM based on last comment
Status: NEW → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → WORKSFORME

    
    

    
  
Without the Flash plug-in installed, I am able to go to both the
http://www.weather.com and http://www.adelphia-econnections.com/
pages.

I will try it again with the flash plug-in installed.

    
    

    
  
With the flash plug-in installed, the browser crashed, so it's off to search
Bugzilla to see if this has been reported yet.

There is a bug in the plug-in, but it should not cause the browser to crash,
just the plug-in to terminate.

    
    

    
  
The plugin is linked into the browser at runtime; as far as the OS is concerned
they are part of a single executable.  Any crash in the plugin will bring down
the browser under those conditions (or rather the OS will terminate the process
involved).

    
    

    
  
The way a plug-in is linked has nothing to do with the issue.

The browser should not allow an error in a plug-in to cause it to crash.  The
plug-in interfaces should be considered un-trusted, and so all signals that
would normally crash a program should be diverted to a signal handler to report
the problem and terminate the plug-in instead of crashing the entire application.

I have entered bug number 193429 about this weakness in the browser.  Fixing
this weakness will remove bugs the plug-ins from being able to be a critical
browser bug.

    
    

    
  
*** Bug 196844 has been marked as a duplicate of this bug. ***

    
    

    
  
FWIW, I just downloaded the HP-contributed Tru64 build of 1.5 from mozilla.org,
and it still crashes for me when visiting a page with a Flash plugin. 

    
    

    
  
And now I have finally talked my sysadmins into installing Mozilla, they
installed 1.6b, and it did not crash. 
Crash Signature: [@ gdk_pixmap_colormap_create_from_xpm_d ?]

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: