Closed
Bug 327127
Opened 19 years ago
Closed 18 years ago
flash plugin freezes firefox, corrupted double-linked list detected by glibc
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dicks, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060207 Debian/1.5.dfsg+1.5.0.1-1 Firefox/1.5.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060207 Debian/1.5.dfsg+1.5.0.1-1 Firefox/1.5.0.1 When visiting www.webwereld.nl or other sites with flash content, Firefox sometimes freezes completely, where not even the window is repainted when you move another window over it. In some of these cases, glibc also prints messages about corrupted pointers on the console: *** glibc detected *** corrupted double-linked list: 0x0930d9a0 *** or: *** glibc detected *** free(): invalid pointer: 0x0929e4d8 *** It is clearly related to the Flash plugin only (version 7.0r61 and 7.0r25). I can reproduce the problem with only the Flash plugin installed, and with a fresh ~/.mozilla directory without any installed extensions. Reproducible: Sometimes Steps to Reproduce: 1.Start Firefox with installed flash plugin on the commandline. 2.Go to a website with lots so flash, such as www.webwereld.nl. 3.Click on a few article headers. 4.Restart Firefox if it does not freeze after a few pages. Actual Results: Sometimes Firefox freezes and/or messages about corrupted pointers will appear on the console. Expected Results: No freeze and no messages about corrupted pointers. This is on a Debian system with libc6-2.3.5-13. The windowing environment seems to have an influence. On a KDE desktop, the problem seems to occur more frequently than with a desktop with the icewm window manager.
Comment 1•19 years ago
|
||
Does this happen in safe mode? Have you tried reinstalling Flash (making sure if you do so via apt that you flush all cached downloaded files first)?
Reporter | ||
Comment 2•19 years ago
|
||
(In reply to comment #1) > Does this happen in safe mode? Have you tried reinstalling Flash (making sure > if you do so via apt that you flush all cached downloaded files first)? I've manually installed the Flash plugin by copying the files flashplayer.xpt and libflashplayer.so from the Macromedia .tar.gz to /usr/lib/firefox/plugins/. It also happens in safe mode. As I wrote in my initial bug report, it even happens when I remove all other plugins from the plugins directory, and remove the ~/.mozilla/ and ~/.firefox/ directories.
Reporter | ||
Comment 3•19 years ago
|
||
Some additional info: 1) I found an old Flash plugin, 6.0r81, and that one freezes as well. 2) I ran Firefox under valgrind, and found some errors. There were a couple of warnings about overlapping arguments of memcpy, but this is probably harmless: ==8859== Source and destination overlap in memcpy(0x1E5E7DB0, 0x1E5E7DBB, 13) ==8859== at 0x1B905C17: memcpy (mac_replace_strmem.c:113) ==8859== by 0x1E29976E: FlashSecurity::ExtractSubdomainFromPath(char*, int) (in /usr/lib/mozilla/plugins/libflashplayer.so) [...] Probably more serious are the warnings about reading and writing to free'd memory, although I don't know if this is the cause of current problem: ==8859== Invalid read of size 1 ==8859== at 0x1E315FD0: gtkTimerCallback(void*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1C0D08D5: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0CEB8B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D1F6A: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D2446: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1BC2FAC4: gtk_main_iteration (in /usr/lib/libgtk-x11-2.0.so.0.800.10) ==8859== by 0x1E315FF1: gtkTimerCallback(void*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1C0D08D5: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0CEB8B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D1F6A: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D22C6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1BC303A0: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.800.10) ==8859== Address 0x1E071BD4 is 4756 bytes inside a block of size 4764 free'd ==8859== at 0x1B904CA8: operator delete(void*) (vg_replace_malloc.c:155) ==8859== by 0x1E3147E3: PlatformPlayer::~PlatformPlayer() (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E316233: PlatformPlayer::NsDestroyPlayer(_NPP*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E31A870: NPP_Destroy (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E318ACF: Private_Destroy (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x824EBFD: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82F2AD6: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82CD8DE: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82C29F2: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82E724E: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82B69C0: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82E724E: (within /usr/lib/firefox/firefox-bin) ==8859== ==8859== Invalid write of size 1 ==8859== at 0x1E315FF4: gtkTimerCallback(void*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1C0D08D5: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0CEB8B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D1F6A: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D2446: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1BC2FAC4: gtk_main_iteration (in /usr/lib/libgtk-x11-2.0.so.0.800.10) ==8859== by 0x1E315FF1: gtkTimerCallback(void*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1C0D08D5: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0CEB8B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D1F6A: (within /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1C0D22C6: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.800.6) ==8859== by 0x1BC303A0: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.800.10) ==8859== Address 0x1E071BD4 is 4756 bytes inside a block of size 4764 free'd ==8859== at 0x1B904CA8: operator delete(void*) (vg_replace_malloc.c:155) ==8859== by 0x1E3147E3: PlatformPlayer::~PlatformPlayer() (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E316233: PlatformPlayer::NsDestroyPlayer(_NPP*) (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E31A870: NPP_Destroy (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x1E318ACF: Private_Destroy (in /usr/lib/mozilla/plugins/libflashplayer.so) ==8859== by 0x824EBFD: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82F2AD6: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82CD8DE: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82C29F2: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82E724E: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82B69C0: (within /usr/lib/firefox/firefox-bin) ==8859== by 0x82E724E: (within /usr/lib/firefox/firefox-bin)
Comment 4•19 years ago
|
||
Those look to me as if it's all a problem with Flash itself. Could you file a bug report with Adobe/Macromedia? (http://www.macromedia.com/support/flashplayer/) However, I'm not much of a C programmer, so I might be wrong.
Reporter | ||
Comment 5•18 years ago
|
||
The problem seems to disappear when I disable the "artsdsp" sound wrapper, by setting FIREFOX_DSP=none in firefoxrc. Does this ring a bell somewhere?
Comment 6•18 years ago
|
||
I'm going to mark this as invalid, as I feel that it's a Flash issue. Correct me if I'm wrong.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•