Closed
Bug 545653
Opened 14 years ago
Closed 14 years ago
crash [@ objc_msgSend] using object freed by [WebKit]IdleTimerVector/PoolCleaner after loading a PKCS#11 module
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | .5-fixed |
People
(Reporter: Stefan.Neis, Assigned: smichaud)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
36.72 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; de-AT; rv:1.8.1.23) Gecko/20090906 SeaMonkey/1.1.18
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
We are using a PKCS#11 module (from onepin-opensc-pkcs11) which works nicely on other platforms and even on OSX with Firefox 3.5, but it crashes with Firefox 3.6.
We realize it's going to be hard for you to reproduce, but thought that maybe the crash dump might give someone some idea(s). So here's the dump:
Process: firefox-bin [252]
Path: /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/firefox-bin
Identifier: org.mozilla.firefox
Version: 3.6 (3.6)
Code Type: X86 (Native)
Parent Process: bash [222]
Interval Since Last Report: 3029 sec
Crashes Since Last Report: 1
Per-App Interval Since Last Report: 2239 sec
Per-App Crashes Since Last Report: 1
Date/Time: 2010-02-10 08:15:07.006 +0100
OS Version: Mac OS X 10.5.8 (9L30)
Report Version: 6
Anonymous UUID: C752ACC9-9CAE-4219-81F0-F15D7CBFB5F0
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000c0000023
Crashed Thread: 0
Thread 0 Crashed:
0 libobjc.A.dylib 0x916e9688 objc_msgSend + 24
1 XUL 0x01a1df9a JSD_GetValueForObject + 879946
2 XUL 0x018a6a47 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7304055
3 XUL 0x00fd013b XRE_main + 15707
4 org.mozilla.firefox 0x00002cb8 start + 2168
5 org.mozilla.firefox 0x00002542 start + 258
6 org.mozilla.firefox 0x00002469 start + 41
Thread 1:
0 libSystem.B.dylib 0x926f03ca select$DARWIN_EXTSN$NOCANCEL + 10
1 libnspr4.dylib 0x000563e2 PR_Now + 2034
2 libnspr4.dylib 0x000523f9 PR_Poll + 121
3 XUL 0x0108ef5a DumpJSStack + 686938
4 XUL 0x0108fb64 DumpJSStack + 690020
5 XUL 0x010900e3 DumpJSStack + 691427
6 XUL 0x01af2a0c NS_GetComponentRegistrar_P + 36156
7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
8 XUL 0x0108f69b DumpJSStack + 688795
9 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247
10 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
11 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796
12 libnspr4.dylib 0x00053ce8 PR_Select + 856
13 libSystem.B.dylib 0x926ea155 _pthread_start + 321
14 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 2:
0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267
2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48
3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241
4 libmozjs.dylib 0x0022dd8f js_ValueToCharBuffer + 18463
5 libnspr4.dylib 0x00053ce8 PR_Select + 856
6 libSystem.B.dylib 0x926ea155 _pthread_start + 321
7 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 3:
0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244
2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47
3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177
4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79
5 XUL 0x01001b23 DumpJSStack + 108323
6 libnspr4.dylib 0x00053ce8 PR_Select + 856
7 libSystem.B.dylib 0x926ea155 _pthread_start + 321
8 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 4:
0 libSystem.B.dylib 0x926b9286 mach_msg_trap + 10
1 libSystem.B.dylib 0x926c0a7c mach_msg + 72
2 com.unsanity.ape 0x00626c39 __ape_agent + 316
3 libSystem.B.dylib 0x926ea155 _pthread_start + 321
4 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 5:
0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244
2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47
3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177
4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79
5 XUL 0x01af7047 NS_GetComponentRegistrar_P + 54135
6 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247
7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
8 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796
9 libnspr4.dylib 0x00053ce8 PR_Select + 856
10 libSystem.B.dylib 0x926ea155 _pthread_start + 321
11 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 6:
0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244
2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47
3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177
4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79
5 libnspr4.dylib 0x000548cf PR_Sleep + 143
6 libnss3.dylib 0x002e20cc SECMOD_UpdateSlotList + 1051
7 libnss3.dylib 0x002e21a7 SECMOD_WaitForAnyTokenEvent + 156
8 XUL 0x0190d026 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7723350
9 libnspr4.dylib 0x00053ce8 PR_Select + 856
10 libSystem.B.dylib 0x926ea155 _pthread_start + 321
11 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 7:
0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267
2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48
3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241
4 XUL 0x018d04fe void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7474734
5 libnspr4.dylib 0x00053ce8 PR_Select + 856
6 libSystem.B.dylib 0x926ea155 _pthread_start + 321
7 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 8:
0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267
2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48
3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241
4 XUL 0x018d11b4 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7477988
5 libnspr4.dylib 0x00053ce8 PR_Select + 856
6 libSystem.B.dylib 0x926ea155 _pthread_start + 321
7 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 9:
0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244
2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47
3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177
4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79
5 libnspr4.dylib 0x0004ebf9 PR_Wait + 57
6 XUL 0x01af4a32 NS_GetComponentRegistrar_P + 44386
7 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247
8 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
9 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796
10 libnspr4.dylib 0x00053ce8 PR_Select + 856
11 libSystem.B.dylib 0x926ea155 _pthread_start + 321
12 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 10:
0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267
2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48
3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241
4 libnspr4.dylib 0x0004ebf9 PR_Wait + 57
5 XUL 0x01af1c80 NS_GetComponentRegistrar_P + 32688
6 XUL 0x01af2a44 NS_GetComponentRegistrar_P + 36212
7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
8 XUL 0x01af2ca3 NS_GetComponentRegistrar_P + 36819
9 libnspr4.dylib 0x00053ce8 PR_Select + 856
10 libSystem.B.dylib 0x926ea155 _pthread_start + 321
11 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 11:
0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10
1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267
2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48
3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241
4 libnspr4.dylib 0x0004ebf9 PR_Wait + 57
5 XUL 0x01af1c80 NS_GetComponentRegistrar_P + 32688
6 XUL 0x01af2a44 NS_GetComponentRegistrar_P + 36212
7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922
8 XUL 0x01af2ca3 NS_GetComponentRegistrar_P + 36819
9 libnspr4.dylib 0x00053ce8 PR_Select + 856
10 libSystem.B.dylib 0x926ea155 _pthread_start + 321
11 libSystem.B.dylib 0x926ea012 thread_start + 34
Thread 0 crashed with X86 Thread State (32-bit):
eax: 0x18d712d0 ebx: 0x90448c8f ecx: 0x916f865c edx: 0xc0000003
edi: 0x004385b0 esi: 0x00457dc0 ebp: 0xbffff208 esp: 0xbffff148
ss: 0x0000001f efl: 0x00210202 eip: 0x916e9688 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
cr2: 0xc0000023
Binary Images:
0x1000 - 0x2ff7 +org.mozilla.firefox 3.6 (3.6) <db7b8fbee74e2c8537e9c3e269839db7> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/firefox-bin
0x6000 - 0x6ff8 +libxpcom.dylib ??? (???) <7794c3e150bf38c19eb8f387aa2c970b> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libxpcom.dylib
0xb000 - 0x10ff3 +libplds4.dylib ??? (???) <fa4e2c871fe6f3eb1a5ba65bff3179b0> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libplds4.dylib
0x14000 - 0x1afeb +libplc4.dylib ??? (???) <214dbe4d9dab9ea6295391198644db53> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libplc4.dylib
0x35000 - 0x5efef +libnspr4.dylib ??? (???) <1a4a36bbe1ee858745773a9a8476c0c7> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib
0x72000 - 0xdcfeb +libsqlite3.dylib ??? (???) <a66752ccfaca20b519d177582328496a> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib
0xe4000 - 0xf9fec +libsmime3.dylib ??? (???) <1a88903ec1b5eea81f78bf4282f646ea> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsmime3.dylib
0x102000 - 0x12afe3 +libssl3.dylib ??? (???) <b9aa6ac1907c747c5a76a913240e0365> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libssl3.dylib
0x157000 - 0x296fff +libmozjs.dylib ??? (???) <7b1de76271427808a0e6acebbbe6fce4> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libmozjs.dylib
0x2ae000 - 0x368fe7 +libnss3.dylib ??? (???) <a5aad3f55d722f70f3a64248f8c467e0> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib
0x37b000 - 0x388fef +libnssutil3.dylib ??? (???) <bccee0d697d90085441944ef80c1d934> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssutil3.dylib
0x60c000 - 0x60ffff +libbrowserdirprovider.dylib ??? (???) <5f9562c9021becf1bc5ea09e2cca3b17> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/components/libbrowserdirprovider.dylib
0x625000 - 0x637fff +com.unsanity.ape 2.5 (2.5) <05296fb55e88a72c8528a373a17f4229> /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer
0x8c5000 - 0x8f2fe3 +libsoftokn3.dylib ??? (???) <910324a98f26809eedfc8f8f46618f06> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsoftokn3.dylib
0x91a000 - 0x938ff5 +libnssdbm3.dylib ??? (???) <9c87c7f227505f58cac7b3148e5aa0aa> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssdbm3.dylib
0x9ad000 - 0xa14ff7 +libfreebl3.dylib ??? (???) <b56b94073a7de8c77dbbc783a2c183be> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libfreebl3.dylib
0xa21000 - 0xa2fffe +onepin-opensc-pkcs11.so ??? (???) <faa795959a3d016cf1fe19970aeeea64> /home/gutsche/SwissSign/FF3.6/lib/onepin-opensc-pkcs11.so
0xa3b000 - 0xa59ffd +libpkcs15init.2.dylib ??? (???) <9fa01364659f22c5891ee9339638427b> /home/gutsche/SwissSign/FF3.6/lib/libpkcs15init.2.dylib
0xa6b000 - 0xaf6ffb +libopensc.2.dylib ??? (???) <ac8de5c240113b9d326bd88fbfcdccaf> /home/gutsche/SwissSign/FF3.6/lib/libopensc.2.dylib
0xb28000 - 0xb2bffc +libltdl.3.dylib ??? (???) <7eb66768e1abe38c3799255e56cf3693> /home/gutsche/SwissSign/FF3.6/lib/libltdl.3.dylib
0xb31000 - 0xb33ffe +libscconf.2.dylib ??? (???) <bf07299ef3e70ac6c10fa6bedaa05971> /home/gutsche/SwissSign/FF3.6/lib/libscconf.2.dylib
0xb38000 - 0xc7ffe0 +PCSC ??? (???) <4b8ff6ae3b5bd219a5cbd94d35ddbe99> /home/gutsche/SwissSign/FF3.6/lib/PCSC
0xd08000 - 0xd14fff com.apple.iokit.IOHIDLib 1.5.5 (1.5.5) <b8fc922eae4ec02441920c284952b437> /System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDLib.plugin/Contents/MacOS/IOHIDLib
0xd22000 - 0xd2bff7 com.apple.iokit.IOUSBLib 3.4.9 (3.4.9) <ea4061ec718fddebf2cf952e8606ae87> /System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBLib.bundle/Contents/MacOS/IOUSBLib
0xd35000 - 0xd76ffb +libnssckbi.dylib ??? (???) <0f8cfb2a87bf71ce808d6507e82dece4> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssckbi.dylib
0xfc5000 - 0x1d68fef +XUL ??? (???) <5f8846906946b6fe562d5f322f5aeabd> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/XUL
0x131c6000 - 0x131effe7 +libbrowsercomps.dylib ??? (???) <bed87c30242e8f453b584ad47a9b4850> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/components/libbrowsercomps.dylib
0x19299000 - 0x194a0fef com.apple.RawCamera.bundle 2.1.1 (508) <2598b38224411e6865888bcc9b96acc8> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x8fe00000 - 0x8fe2db43 dyld 97.1 (???) <458eed38a009e5658a79579e7bc26603> /usr/lib/dyld
0x90003000 - 0x900f7ff4 libiconv.2.dylib ??? (???) <c508c60fafca17824c0017b2e4369802> /usr/lib/libiconv.2.dylib
0x900f8000 - 0x9012afff com.apple.LDAPFramework 1.4.5 (110) <bb7a3e5d66f00d1d1c8a40569b003ba3> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x9012b000 - 0x902cbfff com.apple.JavaScriptCore 5531.21 (5531.21.9) <8b132638e4d517b8cd4613155ed82b87> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x902cc000 - 0x90393ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x90394000 - 0x903c1feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x903c2000 - 0x903eaff7 com.apple.shortcut 1.0.1 (1.0) <131202e7766e327d02d55c0f5fc44ad7> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut
0x903eb000 - 0x9040ffff libxslt.1.dylib ??? (???) <0a9778d6368ae668826f446878deb99b> /usr/lib/libxslt.1.dylib
0x90410000 - 0x90c0efef com.apple.AppKit 6.5.9 (949.54) <4df5d2e2271175452103f789b4f4d8a8> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x90c1b000 - 0x90ccbfff edu.mit.Kerberos 6.0.13 (6.0.13) <804bd1b3f08fb57396781f012006367c> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x90e05000 - 0x90e14fff libsasl2.2.dylib ??? (???) <bb7971ca2f609c070f87786a93d1041e> /usr/lib/libsasl2.2.dylib
0x90e18000 - 0x90e30ff7 com.apple.CoreVideo 1.6.0 (20.0) <587c9c8966070a7d50276db35e1c76aa> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x90e31000 - 0x90e41ffc com.apple.LangAnalysis 1.6.5 (1.6.5) <d057feb38163121ffd871c564c692804> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x90e42000 - 0x90f75fe7 com.apple.CoreFoundation 6.5.7 (476.19) <a332c8f45529ee26d2e9c36d0c723bad> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90fda000 - 0x912b4ff3 com.apple.CoreServices.CarbonCore 786.11 (786.14) <d5cceb2fe9551d345d40dd1ecf409ec2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x912b5000 - 0x912b5ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x912f1000 - 0x912f2ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib
0x912f3000 - 0x91380ff7 com.apple.framework.IOKit 1.5.2 (???) <7a3cc24f78f93931731203854ae0d891> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x91381000 - 0x91385fff libGIF.dylib ??? (???) <e7d550bda10018f52e61bb499dcf445f> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91386000 - 0x91394ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib
0x9145f000 - 0x914b8ff7 libGLU.dylib ??? (???) <a3b9be30100a25a6cd3ad109892f52b7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x91676000 - 0x916d3ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib
0x916d4000 - 0x917b4fff libobjc.A.dylib ??? (???) <7b92613fdf804fd9a0a3733a0674c30b> /usr/lib/libobjc.A.dylib
0x917f9000 - 0x917fcfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x917fd000 - 0x91809ffe libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x9180b000 - 0x9188aff5 com.apple.SearchKit 1.2.2 (1.2.2) <3b5f3ab6a363a4d8a2bbbf74213ab0e5> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x918f2000 - 0x91985fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x91986000 - 0x91a6eff3 com.apple.CoreData 100.2 (186.2) <44df326fea0236718f5ed64084e82270> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x91a6f000 - 0x91a73fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib
0x91ac0000 - 0x91acbfe7 libCSync.A.dylib ??? (???) <d88c20c9a2fd0676dec62fddfa74979f> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x91aef000 - 0x91b69ff8 com.apple.print.framework.PrintCore 5.5.4 (245.6) <03d0585059c20cb0bde5e000438c49e1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91b6a000 - 0x91bf4fe3 com.apple.DesktopServices 1.4.8 (1.4.8) <a6edef2d49ffdee3b01010b7e6edac1f> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x91bf8000 - 0x91bf8ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x91d00000 - 0x91d24feb libssl.0.9.7.dylib ??? (???) <5b29af782be5894be8b336c9c73c18b6> /usr/lib/libssl.0.9.7.dylib
0x91d25000 - 0x91d25ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x91d26000 - 0x91d2ffff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x91d63000 - 0x91d63fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x91d64000 - 0x91d93fe3 com.apple.AE 402.3 (402.3) <b13bfda0ad9314922ee37c0d018d7de9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91d94000 - 0x91f14fff com.apple.AddressBook.framework 4.1.2 (702) <f9360f9926ccd411fdf7550b73034d17> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x91f88000 - 0x920d0ff7 com.apple.ImageIO.framework 2.0.7 (2.0.7) <cf45179ee2de2d46a6ced2ed147a454c> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x92121000 - 0x92429fe7 com.apple.HIToolbox 1.5.6 (???) <eece3cb8aa0a4e6843fcc1500aca61c5> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x9242f000 - 0x9242fffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x92430000 - 0x92448fff com.apple.openscripting 1.2.8 (???) <572c7452d7e740e8948a5ad07a99602b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92449000 - 0x92449ffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x9244a000 - 0x9244ffff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x92450000 - 0x924acff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x924ad000 - 0x924adffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x924e0000 - 0x9251efff libGLImage.dylib ??? (???) <a6425aeb77f4da13212ac75df57b056d> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x9251f000 - 0x92658ff7 libicucore.A.dylib ??? (???) <f2819243b278259b9a622ea111ea5fd6> /usr/lib/libicucore.A.dylib
0x9265e000 - 0x926afff7 com.apple.HIServices 1.7.1 (???) <ba7fd0ede540a0da08db027f87efbd60> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x926b0000 - 0x926b7fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib
0x926b8000 - 0x9281fff3 libSystem.B.dylib ??? (???) <ae47ca9b1686b065f8ac4d2de09cc432> /usr/lib/libSystem.B.dylib
0x92820000 - 0x928a7ff7 libsqlite3.0.dylib ??? (???) <3334ea5af7a911637413334154bb4100> /usr/lib/libsqlite3.0.dylib
0x928a8000 - 0x928c6ff3 com.apple.DirectoryService.Framework 3.5.7 (3.5.7) <0dc7272ee811169b47b4c682bfc666c6> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x928c7000 - 0x928cdfff com.apple.print.framework.Print 218.0.3 (220.2) <5b7f4ef7c2df36aff9605377775781e4> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x928ce000 - 0x928ceff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x928cf000 - 0x928d1ff5 libRadiance.dylib ??? (???) <3561a7a6405223a1737f41352f1fd8c8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x9290f000 - 0x9291bff9 com.apple.helpdata 1.0.1 (14.2) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData
0x92a88000 - 0x92ae2ff7 com.apple.CoreText 2.0.4 (???) <f0b6c1d4f40bd21505097f0255abfead> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x92b5e000 - 0x92b6efff com.apple.speech.synthesis.framework 3.7.1 (3.7.1) <06d8fc0307314f8ffc16f206ad3dbf44> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x92b6f000 - 0x92becfeb com.apple.audio.CoreAudio 3.1.2 (3.1.2) <782a08c44be4698597f4bbd79cac21c6> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x92ca5000 - 0x92ce7fef com.apple.NavigationServices 3.5.2 (163) <91844980804067b07a0b6124310d3f31> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x92ce8000 - 0x92ce8ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer
0x92ce9000 - 0x93389feb com.apple.CoreGraphics 1.409.5 (???) <a40644ccdbdc76e3a0ab4d468b2f9bdd> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9338a000 - 0x933a8fff libresolv.9.dylib ??? (???) <a8018c42930596593ddf27f7c20fe7af> /usr/lib/libresolv.9.dylib
0x933a9000 - 0x933e0fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x933e1000 - 0x933f6ffb com.apple.ImageCapture 5.0.2 (5.0.2) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x933f7000 - 0x938c8fbe libGLProgrammability.dylib ??? (???) <7f18294a7bd0b6afe4319f29187fc70d> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x938c9000 - 0x938d0ff7 libCGATS.A.dylib ??? (???) <1339abfb67318d65c0130f76bc8c4da6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x93975000 - 0x93a2ffe3 com.apple.CoreServices.OSServices 228 (228) <bc83e97f6888673c33f86652677c09cb> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x93a30000 - 0x93a4cff3 libPng.dylib ??? (???) <df60749fd50bcfa0da5b4cac899e09df> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x93a65000 - 0x93af2ff7 com.apple.LaunchServices 292 (292) <a41286c7c1eb20ffd5cc796f791070f0> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x93af3000 - 0x93b9afeb com.apple.QD 3.11.57 (???) <35f058678972d42b88ebdf652df79956> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x93b9b000 - 0x93f59fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x93f5a000 - 0x93f9bfe7 libRIP.A.dylib ??? (???) <e9c5df8bd574b71e55ac60c910b929ce> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x93f9c000 - 0x9486dfff com.apple.WebCore 5531.21 (5531.21.8) <fa100d959d8655e174d84b87fe154b31> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore
0x9486e000 - 0x948a8fe7 com.apple.coreui 1.2 (62) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x948a9000 - 0x948abfff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x948e3000 - 0x948f9fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
0x949dd000 - 0x94c59fe7 com.apple.Foundation 6.5.9 (677.26) <c68b3cff7864959becfc7fd1a384f925> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x94c5a000 - 0x94c69ffe com.apple.DSObjCWrappers.Framework 1.3 (1.3) <09deb9e32d0d09dfb95ae569bdd2b7a4> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94cc3000 - 0x94d8efef com.apple.ColorSync 4.5.3 (4.5.3) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x94d8f000 - 0x94ee1ff3 com.apple.audio.toolbox.AudioToolbox 1.5.3 (1.5.3) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x94ee2000 - 0x94f89fec com.apple.CFNetwork 438.14 (438.14) <5f9ee0430b5f6319f18d9b23e777e0d2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x94f8a000 - 0x94fa9ffa libJPEG.dylib ??? (???) <37050c2a8d6f7026c94b4bf07c4d8a80> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x94fef000 - 0x94ffcfe7 com.apple.opengl 1.5.10 (1.5.10) <5a2813f80c9441170cc1ab8a3dac5038> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x95032000 - 0x9503afff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x9503b000 - 0x953d8fef com.apple.QuartzCore 1.5.8 (1.5.8) <a28fa54346a9f9d5b3bef076a1ee0fcf> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x9556f000 - 0x95602ff3 com.apple.ApplicationServices.ATS 3.8 (???) <eda9db16110de6b7fd9436cd0daa787d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x95603000 - 0x9560affe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib
0x9560b000 - 0x956ecff7 libxml2.2.dylib ??? (???) <b3bc0b280c36aa17ac477b4da56cd038> /usr/lib/libxml2.2.dylib
0x96686000 - 0x966affff libcups.2.dylib ??? (???) <a40b9403cc4a0dffefed110e1eab90c4> /usr/lib/libcups.2.dylib
0x966b0000 - 0x966b5fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
0x9691f000 - 0x969fbfef com.apple.WebKit 5531.21 (5531.21.8) <aac476a6fa3231d4cdce9a111143e0b7> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
0x969fc000 - 0x96bcdff3 com.apple.security 5.0.6 (37592) <c7c68c3ba198b36d571d4b1e028a1a77> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x96bce000 - 0x96c4bfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x96c4c000 - 0x96c8bfef libTIFF.dylib ??? (???) <cd2e392973a1fa35f23a0f37f55c579c> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x96c8c000 - 0x96cb7fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib
0x96cb8000 - 0x96d6affb libcrypto.0.9.7.dylib ??? (???) <d02f7e5b8a68813bb7a77f5edb34ff9d> /usr/lib/libcrypto.0.9.7.dylib
0x96dde000 - 0x97104fe2 com.apple.QuickTime 7.6.4 (1327.73) <96515f6a2d628cd2105c7082295199b5> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x9714c000 - 0x97156feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x97157000 - 0x971a0fef com.apple.Metadata 10.5.8 (398.26) <e4d268ea45379200f03cdc7c8bedae6f> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x971a1000 - 0x975b1fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Reproducible: Always
Steps to Reproduce:
Unfortunately, we can only reproduce it on our specific setup (with specific hardware and PKCS#11 module). Anyway, it's usually enough to just load the PKCS#11 module and wait some time. At the latest, when entering the PIN, firefox crashes...
Actual Results:
Firefox crashed.
Expected Results:
Successful login to the chipcard
|
Reporter | |
Comment 1•14 years ago
|
||
Finally having had some success in using valgrind, here's additional information. Valgrind reports several errors: The first one: ==20704== Conditional jump or move depends on uninitialised value(s) ==20704== at 0x6D28038: SECMOD_UpdateSlotList (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x6D281A6: SECMOD_WaitForAnyTokenEvent (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x190D025: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x61CE7: PR_Select (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib) ==20704== by 0x883154: _pthread_start (in /usr/lib/libSystem.B.dylib) ==20704== by 0x883011: thread_start (in /usr/lib/libSystem.B.dylib) The second/third (probably harmless?): ==20704== Syscall param write(buf) points to uninitialised byte(s) ==20704== at 0x88829A: write$NOCANCEL$UNIX2003 (in /usr/lib/libSystem.B.dylib) ==20704== by 0x6C3570F: sqlite3_value_type (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C5011F: sqlite3_randomness (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C501DA: sqlite3_randomness (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) And fourth to the final crash, all of which seem to be related: ==20704== Invalid read of size 4 ==20704== at 0x3FC1684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FC16B0: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FB0496: object_getClassName (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1BC1: _objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1C2F: __objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB0636: _freedHandler (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1FC3025: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== vex x86->IR: unhandled instruction bytes: 0xF 0xB 0x55 0x89 ==20704== valgrind: Unrecognised instruction at address 0x3fb1bfa.
|
|
Reporter | |
Comment 2•14 years ago
|
||
Finally having had some success in using valgrind, here's additional information. Valgrind reports several errors: The first one: ==20704== Conditional jump or move depends on uninitialised value(s) ==20704== at 0x6D28038: SECMOD_UpdateSlotList (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x6D281A6: SECMOD_WaitForAnyTokenEvent (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x190D025: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x61CE7: PR_Select (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib) ==20704== by 0x883154: _pthread_start (in /usr/lib/libSystem.B.dylib) ==20704== by 0x883011: thread_start (in /usr/lib/libSystem.B.dylib) The second/third (probably harmless?): ==20704== Syscall param write(buf) points to uninitialised byte(s) ==20704== at 0x88829A: write$NOCANCEL$UNIX2003 (in /usr/lib/libSystem.B.dylib) ==20704== by 0x6C3570F: sqlite3_value_type (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C5011F: sqlite3_randomness (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C501DA: sqlite3_randomness (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) And fourth to the final crash, all of which seem to be related: ==20704== Invalid read of size 4 ==20704== at 0x3FC1684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FC16B0: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FB0496: object_getClassName (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1BC1: _objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1C2F: __objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB0636: _freedHandler (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1FC3025: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== vex x86->IR: unhandled instruction bytes: 0xF 0xB 0x55 0x89 ==20704== valgrind: Unrecognised instruction at address 0x3fb1bfa.
|
|
Reporter | |
Comment 3•14 years ago
|
||
Sorry for the duplicated comment... :-(
Summary: spontanuous crash some seconds to minutes after loading a PKCS#11 module → Bug in JSD_GetValueForObject (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module
reporter: you need to grab shark enabled builds: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-3.7a2pre.en-US.mac-shark.dmg otherwise you're just randomly pointing at libraries.
Summary: Bug in JSD_GetValueForObject (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module → problem somewhere (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module
|
|
Reporter | |
Comment 5•14 years ago
|
||
I'm just trying that. It is still crashing, so should I use the crash report thing and add a reference to this bug here in the comment field? Also, could you elaborate a bit on what "shark enabled" really means and why it's needed? So far, I always found the regular "crash dumps" quite helpful, so I'm a bit surprised why they should contain "random nonsense" in the case of firefox... So far, I only found http://developer.apple.com/tools/sharkoptimize.html which doesn't help me much to understand what "shark enabled builds" are about.
if you use the build i linked to, then the apple crash report saved to a file and attached to this bug will be fine. our symbols are huge, and as 99.99999% of our customers have no use for them, we strip them to save the download time for them (and to save bandwidth and disk space for us). it's not that you're going to be using 'shark', it's that the builds we have which support shark aren't stripped and are such useful for analyzing your problem using the tool you were already using.
|
|
Reporter | |
Comment 7•14 years ago
|
||
Sorry to ask still another stupid question: Using the build you linked to, I get a crash report form that seems to be mozilla specific. How do I get to the apple crash report?
if you're running in valgrind, it won't matter.... https://developer.mozilla.org/en/Environment_variables_affecting_crash_reporting
|
|
Reporter | |
Comment 9•14 years ago
|
||
|
|
Reporter | |
Comment 10•14 years ago
|
||
I see. I attached the crash log, but I suppose this fragment from valgrind's output is more helpful - it seems to show that some object that has been already relases by its AutoreleasePool is accessed again... ==1046== Invalid read of size 4 ==1046== at 0x61F3684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==1046== by 0x2CDA269: nsAppShell::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2B51AC6: nsAppStartup::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x21589D8: XRE_main (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2387: main (in ./firefox-bin) ==1046== Address 0x1cd73f50 is 0 bytes inside a block of size 20 free'd ==1046== at 0x137AF: free (vg_replace_malloc.c:325) ==1046== by 0x61E36B2: _internal_object_dispose (in /usr/lib/libobjc.A.dylib) ==1046== by 0x4FE57BF: NSDeallocateObject (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==1046== by 0x4FE14F0: NSPopAutoreleasePool (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==1046== by 0x1AB5C185: PoolCleaner (in /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit) ==1046== by 0x545359B: IdleTimerVector (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x63A38F4: CFRunLoopRunSpecific (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation) ==1046== by 0x63A3AA7: CFRunLoopRunInMode (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation) ==1046== by 0x53E52AB: RunCurrentEventLoopInMode (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x53E4FFD: ReceiveNextEventCommon (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x53E4F38: BlockUntilNextEventMatchingListInMode (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x42DC6D4: _DPSNextEvent (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x42DBF87: -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x42D4F9E: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x2CDA269: nsAppShell::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2B51AC6: nsAppStartup::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x21589D8: XRE_main (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2387: main (in ./firefox-bin)
Attachment #429728 -
Attachment mime type: text/x-log → text/plain
Component: General → Widget: Cocoa
Keywords: crash
Product: Firefox → Core
QA Contact: general → cocoa
Summary: problem somewhere (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module → crash [@ objc_msgSend] using object freed by [WebKit]IdleTimerVector/PoolCleaner after loading a PKCS#11 module
Version: unspecified → Trunk
Stefan, if you're going to provide more than a few lines of debugging information, please do so as attachments rather than pasting as comments (see "Add an attachment" in https://developer.mozilla.org/en/Bug_writing_guidelines ). Presumably this is more fallout from bug 509130? Steven, it looks like you never linked to a tryserver build with the second patch on bug 533001, so we can't point reporters of bugs like this to that build for testing.
|
Assignee | |
Comment 12•14 years ago
|
||
> Presumably this is more fallout from bug 509130? I think this is unlikely. The only way it could happen is if some other Cocoa program launched/spawned Firefox. > Steven, it looks like you never linked to a tryserver build with the > second patch on bug 533001, so we can't point reporters of bugs like > this to that build for testing. It seems I forgot to post it. But even if I had, it would by now have been deleted from the tryserver build archives. I'll start another build and comment here when it's done.
|
|
Assignee | |
Comment 13•14 years ago
|
||
The valgrind log fragment from comment #10 is very strange. In fact, on the face of it, it looks impossible: A Firefox process appears to be spawning another Firefox process, and this without using fork() or the like!!
|
|
Reporter | |
Comment 14•14 years ago
|
||
Where do you see this? Maybe you just did miss the line saying "Address 0x1cd73f50 is 0 bytes inside a block of size 20 free'd"? I.e. that fragment ist saying "Invalid read at <backtrace> for memory block freed at <backtrace>" and both backtraces seem OK to me.
|
|
Assignee | |
Comment 15•14 years ago
|
||
I don't have much experience reading valgrind traces, so I'll take your word for it that I've misread the traces from comment #10. (For example I thought it was one trace, but it appears that it's two separate traces.) But I'd still be very surprised if my patch for bug 509130 could have triggered IdleTimerVector() crashes without either of the following being true: 1) Gecko is being run from a Cocoa embedder (like Camino) or 2) Firefox is being spawned from some other Cocoa app. Is #2 true? Are you spawning Firefox from some other Cocoa app? Once my tryserver build (of the patch for bug 533001) is ready, you can test with that. But that won't be for several hours.
|
|
Assignee | |
Comment 16•14 years ago
|
||
Also, how do you load your PKCS#11 module? Is it a plugin? An extension?
|
|
Assignee | |
Comment 17•14 years ago
|
||
> Is #2 true? Are you spawning Firefox from some other Cocoa app?
Is valgrind a Cocoa app? :-)|
|
Assignee | |
Comment 18•14 years ago
|
||
>> Is #2 true? Are you spawning Firefox from some other Cocoa app? > > Is valgrind a Cocoa app? :-) From a quick look through the valgrind source, it appears the answer is "no".
|
|
Reporter | |
Comment 19•14 years ago
|
||
Yes, that valgrind output was two separate traces; it's a command line utility (so I think the answer to whether it's a Cocoa app is "no" in that sense, but I have no idea what kind of APIs it might use internally). Anyway, the same crash (see the attached crash report) seems to occur when starting it without valgrind, i.e. when I'm just starting it from the "regular" shell window via "DYLD_LIBRARY_PATH=<path_to_the_PKCS#11_module_and_related_libs> <Path-to>/firefox -profile <profile directory for testing>". About the PKCS#11 module: it's OpenSC's "onepin-opensc-pkcs11.so", which however loads a driver for a chipcard reader which is directly talking to the USB port, i.e. it's not using pcsclite. When you load that module (via the usual "Load security module" interface) for the first time, it's actually working, it's just crashing, once it's stored in the profile that this module should be loaded - sorry for not mentioning that earlier. I don't really know about the technical differences between plugin/extension/whatever, so I just hope I gave enough details to enable you to answer your last question yourself. ;-) I'll try the "tryserver build" tommorow...
|
||
Comment 20•14 years ago
|
||
http://en.wikipedia.org/wiki/PKCS11
|
|
Assignee | |
Comment 21•14 years ago
|
||
> once it's stored in the profile that this module should be loaded
What does this mean? Do you mean the Firefox profile? If so, what do
you put in the Firefox profile to load the PKCS#11 module?Maybe :kaie can provide some additional details about how NSS and PSM handle loading of PKCS#11 modules and how that might relate to the crashing in this bug.
|
|
Assignee | |
Comment 23•14 years ago
|
||
Here's a link to my new tryserver build (made with the patch from bug 533001 comment #10): https://build.mozilla.org/tryserver-builds/smichaud@pobox.com-bugzilla533001-rev2/bugzilla533001-rev2-macosx.dmg
|
|
Reporter | |
Comment 24•14 years ago
|
||
IIRC, the information which security modules are to be loaded is stored in a seaprate file named "secmod.db", so what I meant to say is that once the information about the module is stored in secmod.db, I get those crashes, while things work if I start with the standard secmod.db. Anyway, the tryserver build seems to work fine, one thing I noticed when running under valgrind is that memory seems to be allocated via "new[]" in gfxTextRun::AllocateStorage(void const*&, unsigned int, unsigned int), but freed via "free" in gfxTextRun::~gfxTextRun(). AFAIK, that's bad at least in theory. Anyway, that build is working for me...
|
||
Comment 25•14 years ago
|
||
http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/src/gfxFont.cpp?mark=2300,2374#2300 afaict it's a matched pair. If it isn't, please file a bug w/ stacks.
|
|
Assignee | |
Comment 26•14 years ago
|
||
Thanks for the information, Stefan Neis. I don't yet know how it's happening, but it's pretty clear that this bug's crashes are triggered by my patch for bug 509130 (from the traces in comment #10, and the fact that my patch for bug 533001 makes the crashes go away).
Blocks: 509130
|
|
Reporter | |
Comment 27•14 years ago
|
||
So what does this mean in practicem in view of your comments to bug 533001? [ But I hope that (if no unfixable problems are discovered) we can get it into FF 3.6.1. ] The bug is probably going to be fixed in the next release? Or is it already too late for this and I should rather hope for the one after that?
|
|
||
Comment 28•14 years ago
|
||
there won't be a 3.6.1 ;-), and 3.6.2 is freezing today iiuc
(In reply to comment #24) > Anyway, the tryserver build seems to work fine, one thing I noticed when > running under valgrind is that memory seems to be allocated via "new[]" in > gfxTextRun::AllocateStorage(void const*&, unsigned int, unsigned int), but > freed via "free" in gfxTextRun::~gfxTextRun(). AFAIK, that's bad at least in > theory. (In reply to comment #25) > http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/src/gfxFont.cpp?mark=2300,2374#2300 > afaict it's a matched pair. If it isn't, please file a bug w/ stacks. FYI, Jesse filed bug 551279 that appears to cover this valgrind complaint.
|
|
Assignee | |
Comment 30•14 years ago
|
||
This should be fixed by my patch for bug 533001, which landed on the trunk on 2010-04-05 and which just landed on the 1.9.2 branch (and so will appear in FF 3.6.5).
|
||
Updated•13 years ago
|
Crash Signature: [@ objc_msgSend]
You need to log in
before you can comment on or make changes to this bug.
Description
•