309915 - Crash at croczilla's xbl2.xml (with background image) but not xbl1.xml

Status: RESOLVED WORKSFORME

(Core :: SVG, defect)

Description

[Gergan Penkov]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20050924 Firefox/1.6a1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20050924 Firefox/1.6a1

Different svg-test sites crash for me with all browser from deer park2 up to the
cvs-head. The URL represents one of them. The second, which I found is
http://www.croczilla.com/svg/samples/xbl2/xbl2.xml - although the same test
without the background image http://www.croczilla.com/svg/samples/xbl1/xbl1.xml
does not have any problems. I'm building it with enable-system-cairo if this
matters and using gentoos cairo-1.0.0-r2 ebuild.

Reproducible: Always

Steps to Reproduce:
1.go to the urls
2.
3.

Actual Results:  
crash

Expected Results:  
firefox does not crash

Comment 1

[Jesse Ruderman]

This bug report has two parts:
1) http://www.linuxrising.org/svg_test/test_firefox_big.html crashes
2) http://www.croczilla.com/svg/samples/xbl2/xbl2.xml crashes

I filed bug 309926 for part of (1) and I'm restricting this bug to (2).  In the
future, please file separate bug reports when reporting multiple crashes that
are likely to have different causes.

I can't reproduce (2) on Mac, using Mozilla/5.0 (Macintosh; U; PPC Mac OS X
Mach-O; en-US; rv:1.9a1) Gecko/20050924 Firefox/1.6a1.

Comment 2

[Gergan Penkov]

Ok, excuse me for not filing two different bugs about this, but I thought they
are somehow interrelated. The problem with this is when moving the triangles,
the page loads and shouws up ok, but when moving the triangles, it crashes. 
This is the configuration, which I use:
  --enable-application=browser
  --enable-optimize=-O2
  --enable-old-abi-compat-wrappers
  --with-pthreads
  --disable-installer
  --disable-pedantic
  --enable-crypto
  --with-system-jpeg
  --with-system-png
  --with-system-zlib
  --without-system-nspr
  --enable-default-toolkit=gtk2
  --enable-ipv6
  --disable-xinerama
  --enable-xprint
  --disable-freetype2
  --enable-xft
  --enable-pango
  --disable-debug
  --disable-tests
  --enable-reorder
  --enable-strip
  --enable-strip-libs
  --enable-elf-dynstr-gc
  --disable-mailnews
  --enable-single-profile
  --disable-profilesharing
  --disable-profilelocking
  --enable-native-uconv
  --enable-image-encoder=all
  --enable-system-cairo
  --enable-svg
  --enable-canvas
  --enable-svg-renderer=cairo
  --enable-glitz
  --enable-python
  --enable-oji
  --enable-mathml
  --enable-jsd
  --enable-xpctools
  --with-default-mozilla-five-home=/usr/lib/mozilla-deeppark
  --enable-extensions=default,typeaheadfind,-inspector,-reporter,venkman
The mozilla-config.h :
#define ACCESSIBILITY 1
#define D_INO d_ino
#define FUNCPROTO 15
#define HAVE_DIRENT_H 1
#define HAVE_FCHMOD 1
#define HAVE_FLOCKFILE 1
#define HAVE_GETOPT_H 1
#define HAVE_GNU_GET_LIBC_VERSION 1
#define HAVE_GNU_LIBC_VERSION_H 1
#define HAVE_I18N_LC_MESSAGES 1
#define HAVE_INT16_T 1
#define HAVE_INT32_T 1
#define HAVE_INT64_T 1
#define HAVE_LANGINFO_CODESET 1
#define HAVE_LCHOWN 1
#define HAVE_LIBDL 1
#define HAVE_LIBM 1
#define HAVE_LOCALTIME_R 1
#define HAVE_LSTAT64 1
#define HAVE_MALLOC_H 1
#define HAVE_MEMMOVE 1
#define HAVE_MEMORY_H 1
#define HAVE_NL_TYPES_H 1
#define HAVE_RANDOM 1
#define HAVE_RES_NINIT 1
#define HAVE_RINT 1
#define HAVE_SIGINFO_T 1
#define HAVE_SNPRINTF 1
#define HAVE_STAT64 1
#define HAVE_STRERROR 1
#define HAVE_STRTOK_R 1
#define HAVE_ST_BLKSIZE 1
#define HAVE_SYS_BITYPES_H 1
#define HAVE_SYS_CDEFS_H 1
#define HAVE_SYS_STATFS_H 1
#define HAVE_SYS_STATVFS_H 1
#define HAVE_UINT 1
#define HAVE_UNAME_DOMAINNAME_FIELD 1
#define HAVE_UNISTD_H 1
#define HAVE_VA_COPY 1
#define HAVE_VISIBILITY_HIDDEN_ATTRIBUTE 1
#define HAVE_VISIBILITY_PRAGMA 1
#define HAVE_X11_XKBLIB_H 1
#define HAVE_XSHM 1
#define HAVE___CXA_DEMANGLE 1
#define IBMBIDI 1
#define JS_THREADSAFE 1
#define MOZILLA_LOCALE_VERSION "1.9a1"
#define MOZILLA_REGION_VERSION "1.9a1"
#define MOZILLA_SKIN_VERSION "1.8"
#define MOZILLA_VERSION "1.9a1"
#define MOZILLA_VERSION_U 1.9a1
#define MOZ_ACCESSIBILITY_ATK 1
#define MOZ_BUILD_APP browser
#define MOZ_DEFAULT_MOZILLA_FIVE_HOME "/usr/lib/mozilla-deeppark"
#define MOZ_DEFAULT_TOOLKIT "gtk2"
#define MOZ_DISTRIBUTION_ID "org.mozilla"
#define MOZ_DLL_SUFFIX ".so"
#define MOZ_ENABLE_CANVAS 1
#define MOZ_ENABLE_GLITZ 1
#define MOZ_ENABLE_GNOMEUI 1
#define MOZ_ENABLE_OLD_ABI_COMPAT_WRAPPERS 1
#define MOZ_ENABLE_PANGO 1
#define MOZ_ENABLE_XFT 1
#define MOZ_ENABLE_XREMOTE 1
#define MOZ_EXTRA_X11CONVERTERS 1
#define MOZ_JSLOADER 1
#define MOZ_LOGGING 1
#define MOZ_MATHML 1
#define MOZ_PHOENIX 1
#define MOZ_SVG 1
#define MOZ_SVG_RENDERER_CAIRO 1
#define MOZ_UPDATE_CHANNEL default
#define MOZ_USER_DIR ".mozilla"
#define MOZ_USE_NATIVE_UCONV 1
#define MOZ_VIEW_SOURCE 1
#define MOZ_WIDGET_GTK2 1
#define MOZ_X11 1
#define MOZ_XPINSTALL 1
#define MOZ_XTF 1
#define MOZ_XUL 1
#define MOZ_XUL_APP 1
#define NS_PRINTING 1
#define NS_PRINT_PREVIEW 1
#define OJI 1
#define STDC_HEADERS 1
#define UNIX_ASYNC_DNS 1
#define VA_COPY va_copy
#define XP_UNIX 1
#define _REENTRANT 1

Comment 3

[tor]

Stack?

Comment 4

[Gergan Penkov]

I'll compile a debug-version, now it simply dumps the following in normal
terminal or in gdb:
[Thread -1268495440 (LWP 15136) exited]
The program 'Gecko' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 82768 error_code 2 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Program exited with code 01.

Comment 5

[Andrew Schultz]

> Program exited with code 01.

you need to invoke firefox with the --sync flag as it suggests and then in gdb,
you need to set a break point at exit before you start up:

(gdb) b exit

Comment 6

[Gergan Penkov]

Thanks for the tip. Here is the output:
(gdb) info stack
#0  0xa76224a0 in exit () from /lib/libc.so.6
#1  0xa7ab662e in gdk_keyboard_grab_info_libgtk_only () from
/usr/lib/libgdk-x11-2.0.so.0
#2  0xa78668b0 in _XError () from /usr/lib/libX11.so.6
#3  0xa7866f26 in _XReply () from /usr/lib/libX11.so.6
#4  0xa785e285 in XSync () from /usr/lib/libX11.so.6
#5  0xa785e345 in XSync () from /usr/lib/libX11.so.6
#6  0xa783fc35 in XCreatePixmap () from /usr/lib/libX11.so.6
#7  0xa79d5a43 in cairo_test_xlib_disable_render () from /usr/lib/libcairo.so.2
#8  0x03e009e5 in ?? ()
#9  0x00000000 in ?? ()
#10 0x00000000 in ?? ()
#11 0x00000008 in ?? ()
#12 0xafcb2a60 in ?? ()
#13 0x00000020 in ?? ()
#14 0xafcb2af0 in ?? ()
#15 0x00014254 in ?? ()
#16 0xa7de8684 in __read_nocancel () from /lib/libpthread.so.0
#17 0xafcb2af8 in ?? ()
#18 0x00000000 in ?? ()
#19 0x037f0c7f in ?? ()
#20 0xa759c52b in XRenderQueryFormats () from /usr/lib/libXrender.so.1
Hope this helps.

Comment 7

[timeless]

get symbols for cairo, repeat.

Comment 8

[Gergan Penkov]

Ok this is the dump from firefox-1.5b1 :
#0  0xa75954a0 in exit () from /lib/libc.so.6
#1  0xa757cf7d in __libc_start_main () from /lib/libc.so.6
#2  0x00000000 in ?? ()
#3  0xafc25f34 in ?? ()
#4  0xafc25f40 in ?? ()
#5  0x08049fe3 in ?? ()
#6  0xa7696ff4 in ?? () from /lib/libc.so.6
#7  0x00000000 in ?? ()
#8  0xafc25ec0 in ?? ()
#9  0x08057f40 in ?? ()
#10 0xafc25eb0 in ?? ()
#11 0xa757cf2e in __libc_start_main () from /lib/libc.so.6
#12 0x00000000 in ?? ()
#13 0x00000000 in ?? ()
#14 0x00000000 in ?? ()
#15 0xa7f29fd4 in ?? () from /lib/ld-linux.so.2
#16 0x00000002 in ?? ()
#17 0x0804afe0 in ?? ()
#18 0x00000000 in ?? ()
#19 0xa7f1e440 in _dl_rtld_di_serinfo () from /lib/ld-linux.so.2
#20 0x0804b001 in ?? ()
#21 0x0804b0a0 in ?? ()
#22 0x00000002 in ?? ()
#23 0xafc25f34 in ?? ()
#24 0x08057f40 in ?? ()
#25 0x08057fb0 in ?? ()
#26 0xa7f1f110 in _dl_rtld_di_serinfo () from /lib/ld-linux.so.2
#27 0x00000000 in ?? ()
#28 0x00000000 in ?? ()
#29 0xafc2713e in ?? ()
#30 0xafc2720d in ?? ()
#31 0xafc27221 in ?? ()
#32 0xafc27235 in ?? ()
#33 0xafc27245 in ?? ()
#34 0xafc27250 in ?? ()
#35 0xafc27272 in ?? ()
#36 0xafc2728d in ?? ()
#37 0xafc2729d in ?? ()
#38 0xafc272af in ?? ()
#39 0xafc272bf in ?? ()
#40 0xafc272dc in ?? ()
#41 0xafc272ff in ?? ()
#42 0xafc27322 in ?? ()
#43 0xafc2732c in ?? ()
#44 0xafc27747 in ?? ()
#45 0xafc2777f in ?? ()
#46 0xafc2778d in ?? ()
#47 0xafc277b5 in ?? ()
#48 0xafc277da in ?? ()
#49 0xafc27808 in ?? ()
#50 0xafc27821 in ?? ()
#51 0xafc27851 in ?? ()
#52 0xafc27882 in ?? ()
#53 0xafc278b8 in ?? ()
#54 0xafc278c4 in ?? ()
#55 0xafc278d8 in ?? ()
#56 0xafc27922 in ?? ()
#57 0xafc27931 in ?? ()
#58 0xafc2795c in ?? ()
#59 0xafc27a87 in ?? ()
#60 0xafc27a9b in ?? ()
#61 0xafc27aa7 in ?? ()
#62 0xafc27ab6 in ?? ()
#63 0xafc27c51 in ?? ()
#64 0xafc27c71 in ?? ()
#65 0xafc27c82 in ?? ()
#66 0xafc27ca8 in ?? ()
#67 0xafc27cb8 in ?? ()
#68 0xafc27ccc in ?? ()
#69 0xafc27cd9 in ?? ()
#70 0xafc27ce2 in ?? ()
#71 0xafc27cfa in ?? ()
#72 0xafc27d1d in ?? ()
#73 0xafc27d3c in ?? ()
#74 0xafc27d44 in ?? ()
#75 0xafc27d54 in ?? ()
#76 0xafc27d77 in ?? ()
#77 0xafc27d82 in ?? ()
#78 0xafc27db2 in ?? ()
#79 0xafc27dbf in ?? ()
#80 0xafc27dca in ?? ()
#81 0xafc27dd6 in ?? ()
#82 0xafc27e38 in ?? ()
#83 0xafc27e44 in ?? ()
#84 0xafc27e5d in ?? ()
#85 0xafc27ede in ?? ()
#86 0xafc27eeb in ?? ()
#87 0xafc27f01 in ?? ()
#88 0xafc27f1d in ?? ()
#89 0xafc27f39 in ?? ()
#90 0xafc27f4e in ?? ()
#91 0xafc27fc4 in ?? ()
#92 0x00000000 in ?? ()
#93 0x00000020 in ?? ()
#94 0xffffe400 in ?? ()
#95 0x00000021 in ?? ()
#96 0xffffe000 in ?? ()
#97 0x00000010 in ?? ()
#98 0x0383fbff in ?? ()
#99 0x00000006 in ?? ()
#100 0x00001000 in ?? ()
#101 0x00000011 in ?? ()
#102 0x00000064 in ?? ()
#103 0x00000003 in ?? ()
#104 0x08048034 in ?? ()
#105 0x00000004 in ?? ()
#106 0x00000020 in ?? ()
#107 0x00000005 in ?? ()
#108 0x00000008 in ?? ()
#109 0x00000007 in ?? ()
#110 0xa7f12000 in ?? ()
#111 0x00000008 in ?? ()
#112 0x00000000 in ?? ()
#113 0x00000009 in ?? ()
#114 0x0804afe0 in ?? ()
#115 0x0000000b in ?? ()
#116 0x000003e8 in ?? ()
#117 0x0000000c in ?? ()
#118 0x000003e8 in ?? ()
#119 0x0000000d in ?? ()
#120 0x00000064 in ?? ()
#121 0x0000000e in ?? ()
#122 0x00000064 in ?? ()
#123 0x00000017 in ?? ()
#124 0x00000000 in ?? ()
#125 0x0000000f in ?? ()
#126 0xafc260db in ?? ()
#127 0x00000000 in ?? ()
#128 0x00000000 in ?? ()
#129 0x00000000 in ?? ()
#130 0x00000000 in ?? ()
#131 0x69000000 in ?? ()
#132 0x00363836 in ?? ()
#133 0x00000000 in ?? ()
#134 0x00000000 in ?? ()
...
and this goes to infinity. Probably that's why, ddd have shown sth about corrupt
stack in the gui the last time, but in some way the message was not there in the
output from info stack.
I have built from cvs 1-2 hours ago and could not move the triangles, but on the
other hand I could not crash it also (or simply did not try hard enough).

Comment 9

[Daniel C]

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051006 Firefox/1.6a1

I do not crash here, but I do get a high RAM usage and quite a slowdown.

In a debug build I get an assertion:

###!!! ASSERTION: trying to get data on an immutable frame: 'mMutable', file
/home/djc/mozilla-stuff/mozilla/sources/mozilla/gfx/src/shared/gfxImageFrame.cpp,
line 276
Break: at file
/home/djc/mozilla-stuff/mozilla/sources/mozilla/gfx/src/shared/gfxImageFrame.cpp,
line 276

Not sure if it's related.

Comment 10

[Stuart Parmenter]

this isn't a cairo-gtk2 build.. shipping off to SVG land

Comment 11

[Boris Zbarsky [:bzbarsky]]

This worksforme on Linux with a current trunk build.  Gergan Penkov, are you still seeing this in a current build?

Comment 12

[Robert Longson [:longsonr]]

The mutable frame issue in comment 9 is bug 295639. I don't think it's related.

Comment 13

[Gergan Penkov]

Well I think it could be closed, it appears that it was cairo problem. Anyway I don't have this problem anymore.
Sorry, I have simply forgotten about this issue.