Closed Bug 295392 Opened 19 years ago Closed 19 years ago

Xulrunner segfaults when launching mybrowser-0.2

Categories

(Toolkit Graveyard :: XULRunner, defect)

Product:
Toolkit Graveyard
Component:
XULRunner
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: remi2402, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla XULRunner 1.8b2 2005052404

a few weeks ago I opened bug #291698 (different issue)when trying xulrunner out
on gentoo.

Trying the exact same ebuild with today's and this weekend's builds segfaults
when launching mybrowser-0.2 :

stratos root # LD_LIBRARY_PATH="/opt/xulrunner/" /opt/xulrunner/xulrunner-bin
/home/remi/c++/mybrowser/application.ini
Segmentation fault

I tried installing manually thinking my ebuild was the cause, but it did not
make any difference.

strace shows nothing revelant, it shows the loading of the different libs and
then segfaults. I can't really make anything out of it.

Reproducible: Always

Steps to Reproduce:
This bug is kinda useless without a backtrace or more information.
WORKSFORME, XULRunner 1.8b2 2005052404, using a modified version of Redhat 9
Linux.  I tested with and without a fresh mybrowser profile.
Can you try running xulrunner-bin from within gdb?  gdb should be able to give
you  a stacktrace that at least could tell us some information such as in which
library the crash is occuring.
I ran it in ddd. Here is what is says :


Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run /home/remi/c++/mybrowser/application.ini
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1233287504 (LWP 11649)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1233287504 (LWP 11649)]
0xb6cbe458 in g_option_context_parse () from /usr/lib/libglib-2.0.so.0



I'm using glib-2.6.3 and as far as my system logs show, that's the version of
glib I was using a couple weeks ago as well.



Finally, here is the dump of the assembly:


Dump of assembler code from 0xb6cbe458 to 0xb6cbe558:
    0xb6cbe458 <g_option_context_parse+984>:        movb   $0x2d,(%edx)
    0xb6cbe45b <g_option_context_parse+987>:        mov    0x4(%esi),%ecx
    0xb6cbe45e <g_option_context_parse+990>:        mov    %ecx,0x4(%esp)
    0xb6cbe462 <g_option_context_parse+994>:        mov    (%esi),%edx
    0xb6cbe464 <g_option_context_parse+996>:        mov    (%edx),%ecx
    0xb6cbe466 <g_option_context_parse+998>:        inc    %ecx
    0xb6cbe467 <g_option_context_parse+999>:        mov    %ecx,(%esp)
    0xb6cbe46a <g_option_context_parse+1002>:       call   0xb6c953c8
<_Xi18n_lock+48052>
    0xb6cbe46f <g_option_context_parse+1007>:       jmp    0xb6cbe248
<g_option_context_parse+456>
    0xb6cbe474 <g_option_context_parse+1012>:       mov    0x14(%ebp),%eax
    0xb6cbe477 <g_option_context_parse+1015>:       mov    %eax,0xc(%esp)
    0xb6cbe47b <g_option_context_parse+1019>:       mov    0x10(%edx),%ecx
    0xb6cbe47e <g_option_context_parse+1022>:       mov    %esi,(%esp)
    0xb6cbe481 <g_option_context_parse+1025>:       mov    %edx,0x4(%esp)
    0xb6cbe485 <g_option_context_parse+1029>:       mov    %ecx,0x8(%esp)
    0xb6cbe489 <g_option_context_parse+1033>:       call   *0x2c(%edx)
    0xb6cbe48c <g_option_context_parse+1036>:       test   %eax,%eax
    0xb6cbe48e <g_option_context_parse+1038>:       jne    0xb6cbe211
<g_option_context_parse+401>
    0xb6cbe494 <g_option_context_parse+1044>:       mov    0x8(%ebp),%eax
    0xb6cbe497 <g_option_context_parse+1047>:       mov    (%eax),%esi
    0xb6cbe499 <g_option_context_parse+1049>:       test   %esi,%esi
    0xb6cbe49b <g_option_context_parse+1051>:       je     0xb6cbe4b4
<g_option_context_parse+1076>
    0xb6cbe49d <g_option_context_parse+1053>:       lea    0x0(%esi),%esi
    0xb6cbe4a0 <g_option_context_parse+1056>:       mov    (%esi),%edx
    0xb6cbe4a2 <g_option_context_parse+1058>:       mov    0x30(%edx),%ecx
    0xb6cbe4a5 <g_option_context_parse+1061>:       test   %ecx,%ecx
    0xb6cbe4a7 <g_option_context_parse+1063>:       jne    0xb6cbe540
<g_option_context_parse+1216>
    0xb6cbe4ad <g_option_context_parse+1069>:       mov    0x4(%esi),%esi
    0xb6cbe4b0 <g_option_context_parse+1072>:       test   %esi,%esi
    0xb6cbe4b2 <g_option_context_parse+1074>:       jne    0xb6cbe4a0
<g_option_context_parse+1056>
    0xb6cbe4b4 <g_option_context_parse+1076>:       mov    0x8(%ebp),%esi
    0xb6cbe4b7 <g_option_context_parse+1079>:       mov    0x10(%esi),%edx
    0xb6cbe4ba <g_option_context_parse+1082>:       test   %edx,%edx
    0xb6cbe4bc <g_option_context_parse+1084>:       je     0xb6cbe4c5
<g_option_context_parse+1093>
    0xb6cbe4be <g_option_context_parse+1086>:       mov    0x30(%edx),%ecx
    0xb6cbe4c1 <g_option_context_parse+1089>:       test   %ecx,%ecx
    0xb6cbe4c3 <g_option_context_parse+1091>:       jne    0xb6cbe51f
<g_option_context_parse+1183>
    0xb6cbe4c5 <g_option_context_parse+1093>:       mov    0x8(%ebp),%edx
    0xb6cbe4c8 <g_option_context_parse+1096>:       movl   $0x1,0x4(%esp)
    0xb6cbe4d0 <g_option_context_parse+1104>:       mov    %edx,(%esp)
    0xb6cbe4d3 <g_option_context_parse+1107>:       call   0xb6cbf440
<g_option_group_set_translation_domain+144>
    0xb6cbe4d8 <g_option_context_parse+1112>:       mov    0x8(%ebp),%esi
    0xb6cbe4db <g_option_context_parse+1115>:       mov    0x18(%esi),%eax
    0xb6cbe4de <g_option_context_parse+1118>:       test   %eax,%eax
    0xb6cbe4e0 <g_option_context_parse+1120>:       mov    %eax,%edi
    0xb6cbe4e2 <g_option_context_parse+1122>:       je     0xb6cbe506
<g_option_context_parse+1158>
    0xb6cbe4e4 <g_option_context_parse+1124>:       mov    (%edi),%esi
    0xb6cbe4e6 <g_option_context_parse+1126>:       mov    0x4(%esi),%ecx
    0xb6cbe4e9 <g_option_context_parse+1129>:       mov    %ecx,(%esp)
    0xb6cbe4ec <g_option_context_parse+1132>:       call   0xb6cb8d40 <g_free>
    0xb6cbe4f1 <g_option_context_parse+1137>:       mov    %esi,(%esp)
    0xb6cbe4f4 <g_option_context_parse+1140>:       call   0xb6cb8d40 <g_free>
    0xb6cbe4f9 <g_option_context_parse+1145>:       mov    0x4(%edi),%edi
    0xb6cbe4fc <g_option_context_parse+1148>:       test   %edi,%edi
    0xb6cbe4fe <g_option_context_parse+1150>:       jne    0xb6cbe4e4
<g_option_context_parse+1124>
    0xb6cbe500 <g_option_context_parse+1152>:       mov    0x8(%ebp),%edi
    0xb6cbe503 <g_option_context_parse+1155>:       mov    0x18(%edi),%eax
    0xb6cbe506 <g_option_context_parse+1158>:       mov    %eax,(%esp)
    0xb6cbe509 <g_option_context_parse+1161>:       call   0xb6cabdc0 <g_list_free>
    0xb6cbe50e <g_option_context_parse+1166>:       mov    0x8(%ebp),%eax
    0xb6cbe511 <g_option_context_parse+1169>:       movl   $0x0,0x18(%eax)
    0xb6cbe518 <g_option_context_parse+1176>:       xor    %eax,%eax
    0xb6cbe51a <g_option_context_parse+1178>:       jmp    0xb6cbe3cb
<g_option_context_parse+843>
    0xb6cbe51f <g_option_context_parse+1183>:       mov    0x14(%ebp),%eax
    0xb6cbe522 <g_option_context_parse+1186>:       mov    %eax,0xc(%esp)
    0xb6cbe526 <g_option_context_parse+1190>:       mov    0x10(%edx),%edi
    0xb6cbe529 <g_option_context_parse+1193>:       mov    %esi,(%esp)
    0xb6cbe52c <g_option_context_parse+1196>:       mov    %edx,0x4(%esp)
    0xb6cbe530 <g_option_context_parse+1200>:       mov    %edi,0x8(%esp)
    0xb6cbe534 <g_option_context_parse+1204>:       call   *0x30(%edx)
    0xb6cbe537 <g_option_context_parse+1207>:       jmp    0xb6cbe4c5
<g_option_context_parse+1093>
    0xb6cbe539 <g_option_context_parse+1209>:       lea    0x0(%esi),%esi
    0xb6cbe540 <g_option_context_parse+1216>:       mov    0x14(%ebp),%edi
    0xb6cbe543 <g_option_context_parse+1219>:       mov    %edi,0xc(%esp)
    0xb6cbe547 <g_option_context_parse+1223>:       mov    0x8(%ebp),%edi
    0xb6cbe54a <g_option_context_parse+1226>:       mov    0x10(%edx),%ecx
    0xb6cbe54d <g_option_context_parse+1229>:       mov    %edx,0x4(%esp)
    0xb6cbe551 <g_option_context_parse+1233>:       mov    %ecx,0x8(%esp)
    0xb6cbe555 <g_option_context_parse+1237>:       mov    %edi,(%esp)
Can you capture the output of the "bt" command in DDD once the crash has occured?
output from bt:

(gdb) bt
#0  0xb6cbe458 in g_option_context_parse () from /usr/lib/libglib-2.0.so.0
#1  0xb6f692ef in gtk_parse_args () from /usr/lib/libgtk-x11-2.0.so.0
#2  0xb6f69326 in gtk_init_check () from /usr/lib/libgtk-x11-2.0.so.0
#3  0xb6f69376 in gtk_init () from /usr/lib/libgtk-x11-2.0.so.0
#4  0xb75ee989 in XRE_main () from /opt/xulrunner/libxul.so
#5  0x080493b4 in ?? ()
#6  0x00000003 in ?? ()
#7  0x0804cea8 in ?? ()
#8  0xbffff0a0 in ?? ()
#9  0x00000000 in ?? ()
#10 0xbffff0a0 in ?? ()
#11 0x00000000 in ?? ()
#12 0x0804cea8 in ?? ()
#13 0xbffff32e in ?? ()
#14 0x00000024 in ?? ()
#15 0x0804cf70 in ?? ()
#16 0x0804a260 in ?? ()
#17 0x0804a360 in ?? ()
#18 0x0804a460 in ?? ()
#19 0x0804a480 in ?? ()
#20 0x0804a4a0 in ?? ()
#21 0x0804a5a0 in ?? ()
#22 0x00000000 in ?? ()
#23 0xbffff0d4 in ?? ()
#24 0xb7582cb8 in NS_NewFastLoadFileUpdater () from /opt/xulrunner/libxul.so
#25 0xb69d31b1 in __libc_start_main () from /lib/libc.so.6
#26 0x08048b91 in ?? ()
I wonder if this bug is caused by the "-app" added into argv here:
http://lxr.mozilla.org/mozilla/source/xulrunner/app/nsXULRunnerApp.cpp#313

If so, then the crash may be solved by fixing bug 294683.

Does the crash go away if you run xulrunner with an explicit -app command line
flag?  Like so:
xulrunner -app /path/to/mybrowser/application.ini
-app fixes the problem. I still get the bug #291698. Ran it as root, then as
user and it works fine.

Thanks for your time
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.