Closed Bug 499338 Opened 10 years ago Closed 10 years ago

Browsing to website causes immediate CTD

Categories

(Core :: Graphics, defect, critical)

1.9.1 Branch
x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: sam_n_linds, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4

Crash to desktop on visiting www.usaa.com. Repeatable 100% of the 5 times tried. Open browser, browse to www.usaa.com; firefox crashes to desktop before page is loaded completely.

Here is all of the output when running firefox --sync:

[sam@skinny ~]$ firefox --sync
LoadPlugin: failed to initialize shared library /usr/lib/flash-plugin/libflashplayer.so [/usr/lib/flash-plugin/libflashplayer.so: wrong ELF class: ELFCLASS32]
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 13883 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'RenderBadPicture (invalid Picture parameter)'.
  (Details: serial 13885 error_code 161 request_code 149 minor_code 5)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)


Reproducible: Always

Steps to Reproduce:
1. Open Firefox
2. Go to www.usaa.com
3. Browser crashes before main page is loaded, and before being prompted with a login option.
Actual Results:  
[sam@skinny ~]$ firefox --sync
LoadPlugin: failed to initialize shared library /usr/lib/flash-plugin/libflashplayer.so [/usr/lib/flash-plugin/libflashplayer.so: wrong ELF class: ELFCLASS32]
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 13883 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'RenderBadPicture (invalid Picture parameter)'.
  (Details: serial 13885 error_code 161 request_code 149 minor_code 5)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)


Expected Results:  
Presentation with the USAA homepage, and (among other things) the option to log in.

I just installed Fedora 11 yesterday. As of yesterday, all updates were installed. (Today is 19 Jun 2009).
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1pre) Gecko/20090614 Shiretoko/3.5pre

This is not reproducible on windows.
Version: unspecified → 3.5 Branch
reporter: could you possibly *follow* the instructions that were printed on your console?

http://fedoraproject.org/wiki/StackTraces
I finally got this to work, thanks much for the link with helpful instructions on how to do the backtrace.

Here are the results:
(I started a new Firefox session with gdb /usr/lib64/firefox-3.5b4/firefox and ran it in gdb with the --sync command-line option.) Within firefox, I went directly to www.usaa.com and Breakpoint 2 (gdk_x_error() function) was reached, after about 1 second of load time, and before the page was fully loaded. Hopefully this output is helpful.

(gdb) break gdk_x_error
Breakpoint 2 at 0x35c9657250: file gdkmain-x11.c, line 613.
(gdb) run --sync
Starting program: /usr/lib64/firefox-3.5b4/firefox --sync
[Thread debugging using libthread_db enabled]
[New Thread 0x7fdfaa1f0910 (LWP 2906)]
[New Thread 0x7fdfa95e6910 (LWP 2907)]
[New Thread 0x7fdfa85ff910 (LWP 2908)]
[New Thread 0x7fdfa75bd910 (LWP 2909)]
[New Thread 0x7fdfa2bd2910 (LWP 2910)]
[New Thread 0x7fdfa21d1910 (LWP 2911)]
[New Thread 0x7fdfa17d0910 (LWP 2912)]
[New Thread 0x7fdfa0bff910 (LWP 2913)]
[New Thread 0x7fdf9ffff910 (LWP 2914)]
[New Thread 0x7fdf9f5fe910 (LWP 2915)]
[Thread 0x7fdf9f5fe910 (LWP 2915) exited]
LoadPlugin: failed to initialize shared library /usr/lib/flash-plugin/libflashplayer.so [/usr/lib/flash-plugin/libflashplayer.so: wrong ELF class: ELFCLASS32]
[New Thread 0x7fdf9f5fe910 (LWP 2916)]
[Thread 0x7fdf9f5fe910 (LWP 2916) exited]
[New Thread 0x7fdf9f5fe910 (LWP 2917)]
[Thread 0x7fdf9f5fe910 (LWP 2917) exited]
[New Thread 0x7fdf9e6ff910 (LWP 2918)]
[Thread 0x7fdf9e6ff910 (LWP 2918) exited]

Breakpoint 2, gdk_x_error (display=0x7fdfb1987000, error=0x7fffb9c7e440)
    at gdkmain-x11.c:613
613	{
Current language:  auto; currently c
(gdb) backtrace
#0  gdk_x_error (display=0x7fdfb1987000, error=0x7fffb9c7e440)
    at gdkmain-x11.c:613
#1  0x00000035c2846094 in _XError () from /usr/lib64/libX11.so.6
#2  0x00000035c284c3dc in ?? () from /usr/lib64/libX11.so.6
#3  0x00000035c284ca80 in _XReply () from /usr/lib64/libX11.so.6
#4  0x00000035c2840943 in XSync () from /usr/lib64/libX11.so.6
#5  0x00000035c2840afb in ?? () from /usr/lib64/libX11.so.6
#6  0x00000035c2826ea4 in XFreePixmap () from /usr/lib64/libX11.so.6
#7  0x00000035c783f370 in _cairo_xlib_display_notify (display=0x7fdfa65f23a0)
    at cairo-xlib-display.c:478
#8  0x00000035c7844fac in _cairo_xlib_surface_fill_rectangles (
    abstract_surface=0x7fdfa0c2c380, op=3116885056, color=0x133, rects=0x913c, 
    num_rects=-1313447872) at cairo-xlib-surface.c:1915
#9  0x00000035c782bf67 in _cairo_surface_fill_rectangles (
    surface=0x7fdfb1987000, op=CAIRO_OPERATOR_CLEAR, color=0x35c785c8a0, 
    rects=0x7fffb9c7f070, num_rects=-1313447872) at cairo-surface.c:1458
#10 0x00000035c782c14c in _cairo_surface_fill_region (surface=0x7fdfa0c2c380, 
    op=CAIRO_OPERATOR_CLEAR, color=0x35c785c8a0, region=0x7fffb9c7fa70)
    at cairo-surface.c:1409
#11 0x00000035c782ed46 in _clip_and_composite_trapezoids (src=0x7fdf9e8acb60, 
    op=CAIRO_OPERATOR_CLEAR, dst=0x7fdfa0c2c380, traps=0x7fffb9c7faf0, 
    clip=0x0, antialias=<value optimized out>) at cairo-surface-fallback.c:617
#12 0x00000035c782f39d in _cairo_surface_fallback_paint (
---Type <return> to continue, or q <return> to quit---
    surface=0x7fdfa0c2c380, op=CAIRO_OPERATOR_CLEAR, source=0x7fdf9e8acb60)
    at cairo-surface-fallback.c:705
#13 0x00000035c782be9f in _cairo_surface_paint (surface=0x7fdfa0c2c380, 
    op=CAIRO_OPERATOR_CLEAR, source=<value optimized out>)
    at cairo-surface.c:1492
#14 0x00000035c781486a in _cairo_gstate_paint (gstate=0x7fdf9db21030)
    at cairo-gstate.c:878
#15 0x00000035c780eb99 in *INT_cairo_paint (cr=0x7fdf9db21000) at cairo.c:1938
#16 0x00000035c780ec6d in cairo_paint_with_alpha (cr=0x7fdfb1987000, alpha=1)
    at cairo.c:1966
#17 0x00000035d278e358 in gfxPlatformGtk::CreateOffscreenSurface (
    this=<value optimized out>, size=@0x7fdf9db2cb58, 
    imageFormat=gfxASurface::ImageFormatARGB32) at gfxPlatformGtk.cpp:238
#18 0x00000035d27826f6 in gfxPlatform::OptimizeImage (this=0x7fdfb1987000, 
    aSurface=0x7fdf9db2cb40, format=307) at gfxPlatform.cpp:280
#19 0x00000035d2683fe9 in nsThebesImage::Optimize (this=0x7fdf9e74be80, 
    aContext=<value optimized out>) at nsThebesImage.cpp:374
#20 0x00000035d276d758 in gfxImageFrame::SetMutable (
    this=<value optimized out>, aMutable=<value optimized out>)
    at gfxImageFrame.cpp:191
#21 0x00000035d1fd36c0 in imgContainer::DecodingComplete (
    this=<value optimized out>) at imgContainer.cpp:306
#22 0x00000035d1fde9f3 in end_callback (png_ptr=0x7fdf9db20800, 
---Type <return> to continue, or q <return> to quit---
    info_ptr=0x7fdf9e71ec80) at nsPNGDecoder.cpp:869
#23 0x00000035d279f974 in MOZ_PNG_push_read_chunk (png_ptr=0x7fdf9db20800, 
    info_ptr=0x7fdf9e71ec80) at pngpread.c:348
#24 0x00000035d279fdcb in MOZ_PNG_process_data (png_ptr=0x7fdf9db20800, 
    info_ptr=0x7fdf9e71ec80, buffer=0x133 <Address 0x133 out of bounds>, 
    buffer_size=<value optimized out>) at pngpread.c:35
#25 0x00000035d1fde2d0 in ReadDataOut(struct nsIInputStream *, void *, const char *, PRUint32, PRUint32, PRUint32 *) (in=<value optimized out>, 
    closure=<value optimized out>, fromRawSegment=<value optimized out>, 
    toOffset=<value optimized out>, count=37180, 
    writeCount=<value optimized out>) at nsPNGDecoder.cpp:351
#26 0x00000035d272fef4 in nsInputStreamTee::WriteSegmentFun (
    in=0x7fdfb1987000, closure=0x7fdf9e7d5a30, 
    fromSegment=0x133 <Address 0x133 out of bounds>, offset=37180, 
    count=2981519424, writeCount=0x0) at nsInputStreamTee.cpp:102
#27 0x00000035d2733592 in nsPipeInputStream::ReadSegments (
    this=0x7fdf9e8bb810, 
    writer=0x35d272fee0 <nsInputStreamTee::WriteSegmentFun(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*)>, 
    closure=0x7fdf9e7d5a30, count=3122, readCount=0x7fffb9c80248)
    at nsPipe3.cpp:799
#28 0x00000035d1fde1be in nsPNGDecoder::WriteFrom (this=0x7fdf9e74be10, 
    inStr=0x7fdfb1987000, count=<value optimized out>, _retval=0x7fffb9c80248)
---Type <return> to continue, or q <return> to quit---
    at nsPNGDecoder.cpp:370
#29 0x00000035d1fdb25b in imgRequest::OnDataAvailable (this=0x7fdf9e8738b0, 
    aRequest=0x7fffb9c80210, ctxt=<value optimized out>, inStr=0x7fdf9e7d5a30, 
    sourceOffset=2981519424, count=3122) at imgRequest.cpp:993
#30 0x00000035d1ef9cb5 in nsStreamListenerTee::OnDataAvailable (
    this=0x7fdf9e7d5a00, request=<value optimized out>, context=0x0, 
    input=0x7fdf9e8bb810, offset=0, count=3122) at nsStreamListenerTee.cpp:97
#31 0x00000035d1f4a1f3 in nsHttpChannel::OnDataAvailable (this=0x7fdf9e8f0800, 
    request=<value optimized out>, ctxt=<value optimized out>, 
    input=0x7fdf9e8bb810, offset=<value optimized out>, 
    count=<value optimized out>) at nsHttpChannel.cpp:5035
#32 0x00000035d1ee28d9 in nsInputStreamPump::OnStateTransfer (
    this=0x7fdf9e8ec5c0) at nsInputStreamPump.cpp:508
#33 0x00000035d1ee29d5 in nsInputStreamPump::OnInputStreamReady (
    this=0x7fdf9e8ec5c0, stream=0x7fffb9c7e440) at nsInputStreamPump.cpp:398
#34 0x00000035d2734338 in nsInputStreamReadyEvent::Run (this=0x7fdf9e8fe880)
    at nsStreamUtils.cpp:111
#35 0x00000035d274874d in nsThread::ProcessNextEvent (this=0x7fdfb193b790, 
    mayWait=1, result=0x7fffb9c804fc) at nsThread.cpp:510
#36 0x00000035d2719f10 in NS_ProcessNextEvent_P (thread=0x7fdfb1987000, 
    mayWait=-1178082240) at nsThreadUtils.cpp:227
#37 0x00000035d26732d9 in nsBaseAppShell::Run (this=0x7fdfab93a040)
    at nsBaseAppShell.cpp:170
---Type <return> to continue, or q <return> to quit---
#38 0x00000035d2523a14 in nsAppStartup::Run (this=0x7fdfaa4719c0)
    at nsAppStartup.cpp:193
#39 0x00000035d1e6d4f8 in XRE_main (argc=<value optimized out>, 
    argv=<value optimized out>, aAppData=<value optimized out>)
    at nsAppRunner.cpp:3298
#40 0x00000000004022ab in main (argc=<value optimized out>, 
    argv=0x7fffb9c83f48) at nsXULStub.cpp:385
Component: General → GFX: Thebes
Product: Firefox → Core
QA Contact: general → thebes
Version: 3.5 Branch → 1.9.1 Branch
Status: UNCONFIRMED → NEW
Ever confirmed: true
I don't know what changed over the past few months, but somewhere in one of the recent upgrades, the problem has been fixed, so you can probably close out this bug.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Thanks for getting back to us.
(We use WORKSFORME when we don't know what fixed the issue.)
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.