Closed
Bug 184127
Opened 22 years ago
Closed 22 years ago
immediate crash upon loading weather.com [@ gdk_pixmap_colormap_create_from_xpm_d ?]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: jraymond, Assigned: iamawalrus)
References
()
Details
(Keywords: crash, top100)
Crash Data
Attachments
(6 files, 2 obsolete files)
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.3a) Gecko/20021206 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.3a) Gecko/20021206 On a Sun Blade running Solaris 8, going to http://www.weather.com causes mozilla to crash immediately. Reproducible: Always Steps to Reproduce: 1.Surf to http://www.weather.com/ 2.Crash happens. Actual Results: Crash Expected Results: No Crash
Comment 2•22 years ago
|
||
worksforme with linux trunk build 20021206 do you have Flash installed? do you crash if you remove the plugin?
Severity: normal → critical
Keywords: crash
Comment 4•22 years ago
|
||
are you running desktop in 8bpp mode ? http://lxr.mozilla.org/seamonkey/source/xpfe/bootstrap/nsNativeAppSupportGtk.cpp#74 Why is
Summary: immediate crash upon loading weather.com → immediate crash upon loading weather.com [@ gdk_pixmap_colormap_create_from_xpm_d ?]
Comment 6•22 years ago
|
||
you may want to upgrade your gdk/gtk libs on Solaris, other than that, I have little idea.
Assignee: asa → sgehani
Status: UNCONFIRMED → NEW
Component: Browser-General → XP Apps
Ever confirmed: true
QA Contact: asa → paw
Comment 7•22 years ago
|
||
==> Browser/General
Assignee: sgehani → asa
Component: XP Apps → Browser-General
QA Contact: paw → asa
Comment 8•22 years ago
|
||
I am probably having the same problem: Solaris 8, Ultra-10, gtk+-1.2.10 and other libraries as documented on ftp://depot.mcom.com/pub/pioch/mozilla-1.3a/README Running Mozilla 1.3a on a 8-bit display Opening http://it.fit.edu/ -> Immediate crash Attaching "pstack core | c++filt" ----------------- lwp# 1 / thread# 1 -------------------- ff052be0 _gdk_pixmap_create_from_xpm (84089c, c99c0, 922598, fcc1144e, 0, 9188b 0) + 574 ff052e7c gdk_pixmap_colormap_create_from_xpm_d (839578, 0, ffbe5e9c, fcc1144e, fcc24950, fcc1144e) + 3c fcc12e94 ???????? (851c08, 3e, fce20c30, ff3e66b4, 0, 1) fcc130e8 makePixmap (851c08, 0, 836e58, 0, ffbe5fe0, 2) + 4 fcc1239c NPP_SetWindow (851c08, 62f17c, fd527c88, fd527c84, fd5289f0, ffbe5c58) + 80 fcc136a4 Private_SetWindow (927c10, 62f17c, fcc1369c, 0, fd9779cc, 853998) + 8
Comment 9•22 years ago
|
||
pstack core | c++filt
Comment 10•22 years ago
|
||
PS: I do not have Flash, Java, or any other plugin installed.
Comment 11•22 years ago
|
||
Another instant crasher: http://bt.classicaka.com/
Comment 12•22 years ago
|
||
Sadly, it only crashes on non-debug builds. I made another Solaris8 build with the same compiler (GCC 3.2.1) and same options EXCEPT commenting out the following, to produce a DEBUG build: # ac_add_options --disable-debug # ac_add_options --enable-strip # ac_add_options --disable-tests # ac_add_options --enable-optimize and it doesn't crash anymore. Instead, on all 3 URLs, the Plugin-Finder popup appears and states that shockwave is not installed. How do we proceed from here?
Comment 13•22 years ago
|
||
My solaris8 debug build is available at ftp://depot.mcom.com/pub/pioch/mozilla-1.3a-dbg/ including a 13 kB README file explaining how it was produced.
Comment 14•22 years ago
|
||
> How do we proceed from here?
you might try doing
ac_add_options --enable-optimize="-O -g"
ac_add_options --disable-debug
optimization or debugging is what is different. the above will give you an
equivalent build with full symbols (although no assertions, etc)
a testcase would be helpful as well.
Comment 15•22 years ago
|
||
Flags above produce a build that dumps core on http://bt.classicaka.com/ ! Well done. I'm using the above web page as test case as it is really minimalistic HTML. attaching pstack core | c++filt Solaris 8, GCC 3.2.1, compilation detailed at ftp://depot.mcom.com/pub/pioch/mozilla-1.3a/README
Comment 16•22 years ago
|
||
OK, I have simplified http://bt.classicaka.com/ even more to make a test case: Loading this local file.html into Mozilla/1.3a doesn't make it crash: <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://do wnload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" wid th="100%" height="100%" align="middle"> <param name="movie" value="http://bt.classicaka.com/bt.swf"> <param name="quality" value="high"> </object> However, loading this file makes it crash: <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://do wnload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" wid th="100%" height="100%" align="middle"> <param name="movie" value="http://bt.classicaka.com/bt.swf"> <param name="quality" value="high"> <embed src="http://bt.classicaka.com/bt.swf" quality="high" pluginspage="htt p://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" w idth="50%" height="100%" align="middle"> </embed> </object> In other words, it's adding the <embed> instead the <object> that causes the crash. Maybe a second call to the plugin finder since Mozilla has neither plugins ?
Comment 17•22 years ago
|
||
Simplified version of http://bt.classicaka.com/ that causes instant crash.
Comment 18•22 years ago
|
||
if you remove the <EMBED SRC=...></EMBED> line inside the <OBJECT ...></OBJECT>, it doesn't crash anymore.
Comment 19•22 years ago
|
||
stack trace corresponding to test case attachment 110607 [details]
pstack core | c++filt
Comment 20•22 years ago
|
||
==> plugins
Assignee: asa → peterlubczynski
Component: Browser-General → Plug-ins
QA Contact: asa → shrir
Comment 21•22 years ago
|
||
Nicolas, do you crash with the testcase with Flash plug-in ? Or does it only happen when this plug-in isn't installed ?
Comment 22•22 years ago
|
||
Crashes are when absolutely no plugins are installed, neither Flash nor Java, just the standard libnullplugin.so shipped with Mozilla. In other words, Mozilla as it builds. I suspect it's due to a recursive plugin call into libnullplugin.so, due to <OBJECT> and <EMBED> inside ?
Comment 23•22 years ago
|
||
Actually the crash is inside libnullplugin.so
If I disable this plugin (remove it from the plugins/ directory)
Mozilla doesn't crash anymore on test case attachment 110607 [details]
and instead displays a popup window saying:
Mozilla cannot find the Plugin Downloader Plugin. Without [...], you
cannot automatically download and install plugins. Please visit [Netscape] to
install the Plugin Downloader Plugin.
[ ] I know I need the Plugin Downloader Plugin, but don't show me this dialog again.
So my guess is that the bug is within the libnullplugin.so code
that doesn't handle double invokation properly.
Comment 24•22 years ago
|
||
I guess stack trace in attachment 110610 [details] makes the crash happen in file
mozilla/modules/plugin/samples/default/unix/nullplugin.c
around line 387, within function createPixmap()
nullPluginGdkPixmap = gdk_pixmap_create_from_xpm_d(gdk_window , &mask,
&style->bg[GTK_STATE_NORMAL], npnul320_xpm);
/* Pixmap is created on original X session but used by new session */
XSync(GDK_DISPLAY(), False);
Comment 25•22 years ago
|
||
GDB 5.3 stack trace: Loaded symbols for /train/tmp/rel-1.3a/mozilla/dist/bin/components/libmork.so Reading symbols from /train/tmp/rel-1.3a/mozilla/modules/plugin/samples/default/unix/libnullplugin.so...done. Loaded symbols for /train/tmp/rel-1.3a/mozilla/modules/plugin/samples/default/unix/libnullplugin.so #0 _gdk_pixmap_create_from_xpm (window=0x664c58, colormap=0xd2b98, mask=0xffbeba14, transparent_color=0xfcd6144e, get_buf=0xfed53450 <mem_buffer>, handle=0xffbeb998) at gdkpixmap.c:526 526 gdkpixmap.c: No such file or directory. in gdkpixmap.c (gdb) bt #0 _gdk_pixmap_create_from_xpm (window=0x664c58, colormap=0xd2b98, mask=0xffbeba14, transparent_color=0xfcd6144e, get_buf=0xfed53450 <mem_buffer>, handle=0xffbeb998) at gdkpixmap.c:526 #1 0xfed534d8 in gdk_pixmap_colormap_create_from_xpm_d (window=0x75c, colormap=0xd2b98, mask=0x855650, transparent_color=0xfcd6144e, data=0xfcd74978) at gdkpixmap.c:744 #2 0xfcd62eb4 in createPixmap (This=0x64abc0) at nullplugin.c:387 #3 0xfcd63108 in makePixmap (This=0x64abc0) at nullplugin.c:464 #4 0xfcd623bc in NPP_SetWindow (instance=0x64abc0, window=0x7d2324) at npshell.c:226 #5 0xfcd636c4 in Private_SetWindow (instance=0x64abc0, window=0x7d2324) at npunix.c:259 #6 0xfd46bcb8 in ns4xPluginInstance::SetWindow(nsPluginWindow*) ( this=0x665260, window=0x7d2324) at ns4xPluginInstance.cpp:1016 #7 0xfd475e44 in nsPluginHostImpl::InstantiateEmbededPlugin(char const*, nsIURI*, nsIPluginInstanceOwner*) (this=0x127660, aMimeType=0x654a40 "application/x-shockwave-flash", aURL=0x616c38, aOwner=0x828ef0) at nsPluginHostImpl.cpp:3552 #8 0xfce1cd9c in ?? () from /train/tmp/rel-1.3a/mozilla/dist/bin/components/libgklayout.so #9 0xfce1c2e8 in ?? () (gdb) p window $1 = (GdkWindow *) 0x664c58 Current language: auto; currently c (gdb) p *window $2 = {user_data = 0x59b208} (gdb) p *colormap $3 = {size = 256, colors = 0x1098d8} (gdb) p *(colormap->colors) $5 = {pixel = 0, red = 65535, green = 65535, blue = 65535} (gdb) p *mask $6 = (GdkBitmap *) 0xff3e7d40 (gdb) p **mask $7 = {user_data = 0x0} (gdb) p *transparent_color $8 = {pixel = 858664960, red = 27753, green = 25187, blue = 11891} (gdb) p *handle Attempt to dereference a generic pointer. (gdb) up #1 0xfed534d8 in gdk_pixmap_colormap_create_from_xpm_d (window=0x75c, colormap=0xd2b98, mask=0x855650, transparent_color=0xfcd6144e, data=0xfcd74978) at gdkpixmap.c:744 744 in gdkpixmap.c (gdb) p *data $11 = (gchar *) 0xfcd63d88 "32 32 6 1" (gdb) p *window Cannot access memory at address 0x75c (gdb) p *colormap $12 = {size = 256, colors = 0x1098d8} (gdb) p *mask $13 = (GdkBitmap *) 0xb (gdb) p **mask Cannot access memory at address 0xb (gdb) p *transparent_color $14 = {pixel = 858664960, red = 27753, green = 25187, blue = 11891} (gdb) p *data $15 = (gchar *) 0xfcd63d88 "32 32 6 1"
Comment 26•22 years ago
|
||
The <OBJECT> tag has nothing to do with the crash, in fact the test case can be shrank to a one-liner: <embed src="http://bt.classicaka.com/bt.swf"> That's enough to cause the crash on a new, empty profile.
Attachment #110607 -
Attachment is obsolete: true
Attachment #110608 -
Attachment is obsolete: true
Comment 27•22 years ago
|
||
*** Bug 187824 has been marked as a duplicate of this bug. ***
Updated•22 years ago
|
Flags: blocking1.3b?
Keywords: mozilla1.3,
top100
Comment 28•22 years ago
|
||
This seems Flash plugins 's bug.
Comment 29•22 years ago
|
||
Nope -- this crash is triggered by Flash or Java embedded objects when NEITHER plugin is installed, so the bug is certainly NOT in a component that is not present on the machine ! The bug is in libnullplugin, which opens a dialog box (Plugin Downloader Window) that includes an XPM bitmap, whose rendering causes a crash in GTK.
Comment 30•22 years ago
|
||
*** Bug 188060 has been marked as a duplicate of this bug. ***
Comment 31•22 years ago
|
||
from bug 188060, also happen on Tru64 Unix, V5.1A.
Comment 32•22 years ago
|
||
ccing robin.lu@sun.com the last person touched that code to fix bug 180147
Assignee | ||
Comment 33•22 years ago
|
||
Can you use the latest trunk to have a check? The patch I checked in at Nov. 22 for bug 180147 has a problem that could make the 'style' invalid, which could cause the parameter 'style->bg[GTK_STATE_NORMAL]' of gdk_pixmap_colormap_create_from_xpm_d invalid. It is due to MOZ_ENABLE_GTK is not a defined macro that could be used in source code. I am sorry for that. But the patch I have checked in at Dec. 12 fixed the bug.
Comment 34•22 years ago
|
||
testcase works in a nightly trunk build, marking WFM
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
Comment 35•22 years ago
|
||
Peter, you tested on _Solaris_ right? If you tested on Linux, that's not very useful -- this is likely a Solaris-only bug. Reopening to prevent this getting lost in the meantime; please just reclose if you tested Solaris.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 36•22 years ago
|
||
Sorry, I do not have Solaris eotier. I have requested the reporter (by mail) to kindly retry this bug and mention his findings.
Comment 37•22 years ago
|
||
I would be happy to retry the latest fix if somebody could build me a version that will work on my machine. I would rather avoid investing the time to build a version directly myself, since I have little time available to play here at work.
Comment 38•22 years ago
|
||
All the solaris boxes I tried didn't have the right configurations and system administrators were too busy. Can someone try the nightly builds: http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-sparc-sun-solaris2.6.tar.gz
Reporter | ||
Comment 39•22 years ago
|
||
Still crashes for me.
Assignee | ||
Comment 40•22 years ago
|
||
I built yesterday's trunk on solaris8 and it does not crash. The default plugin dialog popes up and I can see the puzzle like xpm icon on the position where the plugin should be. Here's my configure command line: ../mozilla/configure --disable-debug --disable-tests --with-xprint --enable-xinerama --enable-ldap --enable-x11-shm --disable-auto-deps --enable-crypto --enable-strip-libs My display depth is 24
Comment 41•22 years ago
|
||
Robin: you might try --enable-optimize. see comment 12
Assignee | ||
Comment 42•22 years ago
|
||
I used the exactly configuration as comment 12 to rebuild and it is WFM too. Attached is the screenshot of weather.com
Assignee | ||
Comment 43•22 years ago
|
||
Forget to say that my compiler is Forte C 6 update 2.
Comment 44•22 years ago
|
||
*** Bug 189600 has been marked as a duplicate of this bug. ***
Comment 45•22 years ago
|
||
from bug 189600, also happen on OpenVMS.
Comment 47•22 years ago
|
||
I don't have a Solaris box. Robin, since you have one, can you see if this is a regression from bug 180147? Thanks!
Assignee: peterlubczynski → robin.lu
Status: REOPENED → NEW
Assignee | ||
Comment 48•22 years ago
|
||
Please see my comment 33. I have checked by my solaris8 and can not reproduce the crash. I also traced the code and found the regression of my first patch of bug 180147 has been fixed by my second patch. From comment 25, mozilla crashed at line 526 of gdkpixmap.c which is: color->color = *transparent_color; The transparent_color is just what my first regression patch might affect. So I highly recommend the reporters of this bug could use the latest trunk or at least later than Dec. 12 to check again.
Comment 49•22 years ago
|
||
http://www.adelphia-econnections.com/ Crashes Mozilla every time I attempt to open it. Mozilla 1.3a Mozilla/5.0 (X11; U; OpenVMS COMPAQ_AlphaServer_DS10_466_MHz; en-US; rv:1.3a) Gecko/20021210 Crash dump follows: EAGLE> @sys$common:[mozilla]mozilla Starting mozilla-bin... %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=0000000001C0 05BA, PC=0000000000202824, PS=0000001B %TRACE-F-TRACEBACK, symbolic stack dump follows image module routine line rel PC abs PC LIBGDK GDKPIXMAP _gdk_pixmap_create_from_xpm 19313 0000000000001044 0000000000202824 LIBGDK GDKPIXMAP gdk_pixmap_colormap_create_from_xpm_d 19531 00000000000018FC 00000000002030DC LIBNULLPLUGIN NULLPLUGIN createPixmap 54018 0000000000001148 0000000005B2D778 LIBNULLPLUGIN NULLPLUGIN makePixmap 54095 0000000000000000 0000000000000000 LIBNULLPLUGIN NPSHELL NPP_SetWindow 40762 0000000000000564 0000000005B2C564 LIBGKPLUGIN NS4XPLUGININSTANCE SetWindow 93400 00000000000021C4 000000000271A1D4 LIBGKPLUGIN NSPLUGINHOSTIMPL InstantiateEmbededPlugin 101700 0000000000011D74 000000000272D0E4 LIBGKPLUGIN NSPLUGINHOSTIMPL OnStartRequest 100348 000000000000A60C 000000000272597C LIBNECKO NSHTTPCHANNEL CallOnStartRequest 61608 0000000000004AB4 00000000011A08B4 LIBNECKO NSHTTPCHANNEL ProcessNormal 61733 00000000000053A4 00000000011A11A4 LIBNECKO NSHTTPCHANNEL ProcessResponse 61635 0000000000004C4C 00000000011A0A4C LIBNECKO NSREQUESTOBSERVERPROXY HandleEvent 26681 000000000000052C 000000000112B16C LIBXPCOM PLEVENT PL_HandleEvent 40834 0000000000000E08 00000000006DF088 LIBXPCOM PLEVENT PL_ProcessPendingEvents 40764 0000000000000C3C 00000000006DEEBC LIBXPCOM NSEVENTQUEUE ProcessPendingEvents 27140 0000000000001704 00000000006D5BE4 LIBWIDGET_GTK NSAPPSHELL our_gdk_io_invoke 71671 00000000000005A4 0000000001D00684 LIBGLIB GMAIN g_main_dispatch 19265 0000000000000B80 0000000000141FD0 LIBGLIB GMAIN g_main_iterate 19486 000000000000132C 000000000014277C LIBGLIB GMAIN g_main_run 19544 0000000000001548 0000000000142998 LIBGTK GTKMAIN gtk_main 21888 0000000000000AD8 00000000003BFDE8 LIBWIDGET_GTK NSAPPSHELL Run 71942 0000000000001474 0000000001D01554 MOZILLA-BIN NSAPPRUNNER main1 86565 0000000000009724 0000000000069724 MOZILLA-BIN NSAPPRUNNER main 86926 000000000000A5E8 000000000006A5E8 MOZILLA-BIN NSAPPRUNNER __MAIN 0 00000000000000B8 00000000000600B8 MOZILLA-BIN 0 0000000000065FF8 0000000000075FF8 PTHREAD$RTL 0 000000000003E5B0 000000007BCFE5B0 PTHREAD$RTL 0 000000000001C31C 000000007BCDC31C 0 FFFFFFFF8028563C FFFFFFFF8028563C
Comment 50•22 years ago
|
||
John: we know the problem exists with 1.3a. We need to know if the problem still exists with recent builds (1.3b for example)
Comment 51•22 years ago
|
||
Verified fixed, works for me Mozilla/1.3b : ftp://depot.mcom.com/pub/pioch/mozilla-1.3b/mozilla-1.3b.sparc-sun-solaris2.8.tar.bz2 I'm getting the correct plugin downloader window saying that the Flash plugin must be downloaded to view the embedded object. Tested on 2 different websites, including weather.com
Comment 52•22 years ago
|
||
marking WFM based on last comment
Status: NEW → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → WORKSFORME
Comment 53•22 years ago
|
||
Without the Flash plug-in installed, I am able to go to both the http://www.weather.com and http://www.adelphia-econnections.com/ pages. I will try it again with the flash plug-in installed.
Comment 54•22 years ago
|
||
With the flash plug-in installed, the browser crashed, so it's off to search Bugzilla to see if this has been reported yet. There is a bug in the plug-in, but it should not cause the browser to crash, just the plug-in to terminate.
Comment 55•22 years ago
|
||
The plugin is linked into the browser at runtime; as far as the OS is concerned they are part of a single executable. Any crash in the plugin will bring down the browser under those conditions (or rather the OS will terminate the process involved).
Comment 56•22 years ago
|
||
The way a plug-in is linked has nothing to do with the issue. The browser should not allow an error in a plug-in to cause it to crash. The plug-in interfaces should be considered un-trusted, and so all signals that would normally crash a program should be diverted to a signal handler to report the problem and terminate the plug-in instead of crashing the entire application. I have entered bug number 193429 about this weakness in the browser. Fixing this weakness will remove bugs the plug-ins from being able to be a critical browser bug.
Comment 57•21 years ago
|
||
*** Bug 196844 has been marked as a duplicate of this bug. ***
Comment 58•21 years ago
|
||
FWIW, I just downloaded the HP-contributed Tru64 build of 1.5 from mozilla.org, and it still crashes for me when visiting a page with a Flash plugin.
Comment 59•20 years ago
|
||
And now I have finally talked my sysadmins into installing Mozilla, they installed 1.6b, and it did not crash.
Updated•13 years ago
|
Crash Signature: [@ gdk_pixmap_colormap_create_from_xpm_d ?]
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•