Closed Bug 545653 Opened 16 years ago Closed 15 years ago

crash [@ objc_msgSend] using object freed by [WebKit]IdleTimerVector/PoolCleaner after loading a PKCS#11 module

Categories

(Core :: Widget: Cocoa, defect)

Product:
Core
Component:
Widget: Cocoa
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- .5-fixed

People

(Reporter: Stefan.Neis, Assigned: smichaud)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Apple crash report
36.72 KB, text/plain
Details
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; de-AT; rv:1.8.1.23) Gecko/20090906 SeaMonkey/1.1.18 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 We are using a PKCS#11 module (from onepin-opensc-pkcs11) which works nicely on other platforms and even on OSX with Firefox 3.5, but it crashes with Firefox 3.6. We realize it's going to be hard for you to reproduce, but thought that maybe the crash dump might give someone some idea(s). So here's the dump: Process: firefox-bin [252] Path: /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/firefox-bin Identifier: org.mozilla.firefox Version: 3.6 (3.6) Code Type: X86 (Native) Parent Process: bash [222] Interval Since Last Report: 3029 sec Crashes Since Last Report: 1 Per-App Interval Since Last Report: 2239 sec Per-App Crashes Since Last Report: 1 Date/Time: 2010-02-10 08:15:07.006 +0100 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: C752ACC9-9CAE-4219-81F0-F15D7CBFB5F0 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000c0000023 Crashed Thread: 0 Thread 0 Crashed: 0 libobjc.A.dylib 0x916e9688 objc_msgSend + 24 1 XUL 0x01a1df9a JSD_GetValueForObject + 879946 2 XUL 0x018a6a47 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7304055 3 XUL 0x00fd013b XRE_main + 15707 4 org.mozilla.firefox 0x00002cb8 start + 2168 5 org.mozilla.firefox 0x00002542 start + 258 6 org.mozilla.firefox 0x00002469 start + 41 Thread 1: 0 libSystem.B.dylib 0x926f03ca select$DARWIN_EXTSN$NOCANCEL + 10 1 libnspr4.dylib 0x000563e2 PR_Now + 2034 2 libnspr4.dylib 0x000523f9 PR_Poll + 121 3 XUL 0x0108ef5a DumpJSStack + 686938 4 XUL 0x0108fb64 DumpJSStack + 690020 5 XUL 0x010900e3 DumpJSStack + 691427 6 XUL 0x01af2a0c NS_GetComponentRegistrar_P + 36156 7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 8 XUL 0x0108f69b DumpJSStack + 688795 9 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247 10 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 11 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796 12 libnspr4.dylib 0x00053ce8 PR_Select + 856 13 libSystem.B.dylib 0x926ea155 _pthread_start + 321 14 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48 3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241 4 libmozjs.dylib 0x0022dd8f js_ValueToCharBuffer + 18463 5 libnspr4.dylib 0x00053ce8 PR_Select + 856 6 libSystem.B.dylib 0x926ea155 _pthread_start + 321 7 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47 3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177 4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79 5 XUL 0x01001b23 DumpJSStack + 108323 6 libnspr4.dylib 0x00053ce8 PR_Select + 856 7 libSystem.B.dylib 0x926ea155 _pthread_start + 321 8 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x926b9286 mach_msg_trap + 10 1 libSystem.B.dylib 0x926c0a7c mach_msg + 72 2 com.unsanity.ape 0x00626c39 __ape_agent + 316 3 libSystem.B.dylib 0x926ea155 _pthread_start + 321 4 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47 3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177 4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79 5 XUL 0x01af7047 NS_GetComponentRegistrar_P + 54135 6 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247 7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 8 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796 9 libnspr4.dylib 0x00053ce8 PR_Select + 856 10 libSystem.B.dylib 0x926ea155 _pthread_start + 321 11 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47 3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177 4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79 5 libnspr4.dylib 0x000548cf PR_Sleep + 143 6 libnss3.dylib 0x002e20cc SECMOD_UpdateSlotList + 1051 7 libnss3.dylib 0x002e21a7 SECMOD_WaitForAnyTokenEvent + 156 8 XUL 0x0190d026 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7723350 9 libnspr4.dylib 0x00053ce8 PR_Select + 856 10 libSystem.B.dylib 0x926ea155 _pthread_start + 321 11 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 7: 0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48 3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241 4 XUL 0x018d04fe void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7474734 5 libnspr4.dylib 0x00053ce8 PR_Select + 856 6 libSystem.B.dylib 0x926ea155 _pthread_start + 321 7 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 8: 0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48 3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241 4 XUL 0x018d11b4 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 7477988 5 libnspr4.dylib 0x00053ce8 PR_Select + 856 6 libSystem.B.dylib 0x926ea155 _pthread_start + 321 7 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 9: 0 libSystem.B.dylib 0x926b92e6 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2af _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x92735aab pthread_cond_timedwait + 47 3 libnspr4.dylib 0x0004e4f1 PR_AssertCurrentThreadOwnsLock + 177 4 libnspr4.dylib 0x0004e87f PR_WaitCondVar + 79 5 libnspr4.dylib 0x0004ebf9 PR_Wait + 57 6 XUL 0x01af4a32 NS_GetComponentRegistrar_P + 44386 7 XUL 0x01af2a67 NS_GetComponentRegistrar_P + 36247 8 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 9 XUL 0x01af2c8c NS_GetComponentRegistrar_P + 36796 10 libnspr4.dylib 0x00053ce8 PR_Select + 856 11 libSystem.B.dylib 0x926ea155 _pthread_start + 321 12 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 10: 0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48 3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241 4 libnspr4.dylib 0x0004ebf9 PR_Wait + 57 5 XUL 0x01af1c80 NS_GetComponentRegistrar_P + 32688 6 XUL 0x01af2a44 NS_GetComponentRegistrar_P + 36212 7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 8 XUL 0x01af2ca3 NS_GetComponentRegistrar_P + 36819 9 libnspr4.dylib 0x00053ce8 PR_Select + 856 10 libSystem.B.dylib 0x926ea155 _pthread_start + 321 11 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 11: 0 libSystem.B.dylib 0x926b92ce semaphore_wait_signal_trap + 10 1 libSystem.B.dylib 0x926eb2c6 _pthread_cond_wait + 1267 2 libSystem.B.dylib 0x92730539 pthread_cond_wait + 48 3 libnspr4.dylib 0x0004e921 PR_WaitCondVar + 241 4 libnspr4.dylib 0x0004ebf9 PR_Wait + 57 5 XUL 0x01af1c80 NS_GetComponentRegistrar_P + 32688 6 XUL 0x01af2a44 NS_GetComponentRegistrar_P + 36212 7 XUL 0x01ab298a JNIEnv_::CallStaticObjectMethod(_jclass*, _jmethodID*, ...) + 272922 8 XUL 0x01af2ca3 NS_GetComponentRegistrar_P + 36819 9 libnspr4.dylib 0x00053ce8 PR_Select + 856 10 libSystem.B.dylib 0x926ea155 _pthread_start + 321 11 libSystem.B.dylib 0x926ea012 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x18d712d0 ebx: 0x90448c8f ecx: 0x916f865c edx: 0xc0000003 edi: 0x004385b0 esi: 0x00457dc0 ebp: 0xbffff208 esp: 0xbffff148 ss: 0x0000001f efl: 0x00210202 eip: 0x916e9688 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xc0000023 Binary Images: 0x1000 - 0x2ff7 +org.mozilla.firefox 3.6 (3.6) <db7b8fbee74e2c8537e9c3e269839db7> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/firefox-bin 0x6000 - 0x6ff8 +libxpcom.dylib ??? (???) <7794c3e150bf38c19eb8f387aa2c970b> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libxpcom.dylib 0xb000 - 0x10ff3 +libplds4.dylib ??? (???) <fa4e2c871fe6f3eb1a5ba65bff3179b0> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libplds4.dylib 0x14000 - 0x1afeb +libplc4.dylib ??? (???) <214dbe4d9dab9ea6295391198644db53> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libplc4.dylib 0x35000 - 0x5efef +libnspr4.dylib ??? (???) <1a4a36bbe1ee858745773a9a8476c0c7> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib 0x72000 - 0xdcfeb +libsqlite3.dylib ??? (???) <a66752ccfaca20b519d177582328496a> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib 0xe4000 - 0xf9fec +libsmime3.dylib ??? (???) <1a88903ec1b5eea81f78bf4282f646ea> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsmime3.dylib 0x102000 - 0x12afe3 +libssl3.dylib ??? (???) <b9aa6ac1907c747c5a76a913240e0365> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libssl3.dylib 0x157000 - 0x296fff +libmozjs.dylib ??? (???) <7b1de76271427808a0e6acebbbe6fce4> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libmozjs.dylib 0x2ae000 - 0x368fe7 +libnss3.dylib ??? (???) <a5aad3f55d722f70f3a64248f8c467e0> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib 0x37b000 - 0x388fef +libnssutil3.dylib ??? (???) <bccee0d697d90085441944ef80c1d934> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssutil3.dylib 0x60c000 - 0x60ffff +libbrowserdirprovider.dylib ??? (???) <5f9562c9021becf1bc5ea09e2cca3b17> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/components/libbrowserdirprovider.dylib 0x625000 - 0x637fff +com.unsanity.ape 2.5 (2.5) <05296fb55e88a72c8528a373a17f4229> /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer 0x8c5000 - 0x8f2fe3 +libsoftokn3.dylib ??? (???) <910324a98f26809eedfc8f8f46618f06> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libsoftokn3.dylib 0x91a000 - 0x938ff5 +libnssdbm3.dylib ??? (???) <9c87c7f227505f58cac7b3148e5aa0aa> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssdbm3.dylib 0x9ad000 - 0xa14ff7 +libfreebl3.dylib ??? (???) <b56b94073a7de8c77dbbc783a2c183be> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libfreebl3.dylib 0xa21000 - 0xa2fffe +onepin-opensc-pkcs11.so ??? (???) <faa795959a3d016cf1fe19970aeeea64> /home/gutsche/SwissSign/FF3.6/lib/onepin-opensc-pkcs11.so 0xa3b000 - 0xa59ffd +libpkcs15init.2.dylib ??? (???) <9fa01364659f22c5891ee9339638427b> /home/gutsche/SwissSign/FF3.6/lib/libpkcs15init.2.dylib 0xa6b000 - 0xaf6ffb +libopensc.2.dylib ??? (???) <ac8de5c240113b9d326bd88fbfcdccaf> /home/gutsche/SwissSign/FF3.6/lib/libopensc.2.dylib 0xb28000 - 0xb2bffc +libltdl.3.dylib ??? (???) <7eb66768e1abe38c3799255e56cf3693> /home/gutsche/SwissSign/FF3.6/lib/libltdl.3.dylib 0xb31000 - 0xb33ffe +libscconf.2.dylib ??? (???) <bf07299ef3e70ac6c10fa6bedaa05971> /home/gutsche/SwissSign/FF3.6/lib/libscconf.2.dylib 0xb38000 - 0xc7ffe0 +PCSC ??? (???) <4b8ff6ae3b5bd219a5cbd94d35ddbe99> /home/gutsche/SwissSign/FF3.6/lib/PCSC 0xd08000 - 0xd14fff com.apple.iokit.IOHIDLib 1.5.5 (1.5.5) <b8fc922eae4ec02441920c284952b437> /System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDLib.plugin/Contents/MacOS/IOHIDLib 0xd22000 - 0xd2bff7 com.apple.iokit.IOUSBLib 3.4.9 (3.4.9) <ea4061ec718fddebf2cf952e8606ae87> /System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBLib.bundle/Contents/MacOS/IOUSBLib 0xd35000 - 0xd76ffb +libnssckbi.dylib ??? (???) <0f8cfb2a87bf71ce808d6507e82dece4> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/libnssckbi.dylib 0xfc5000 - 0x1d68fef +XUL ??? (???) <5f8846906946b6fe562d5f322f5aeabd> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/XUL 0x131c6000 - 0x131effe7 +libbrowsercomps.dylib ??? (???) <bed87c30242e8f453b584ad47a9b4850> /home/gutsche/SwissSign/FF3.6/firefox.app/Contents/MacOS/components/libbrowsercomps.dylib 0x19299000 - 0x194a0fef com.apple.RawCamera.bundle 2.1.1 (508) <2598b38224411e6865888bcc9b96acc8> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x8fe00000 - 0x8fe2db43 dyld 97.1 (???) <458eed38a009e5658a79579e7bc26603> /usr/lib/dyld 0x90003000 - 0x900f7ff4 libiconv.2.dylib ??? (???) <c508c60fafca17824c0017b2e4369802> /usr/lib/libiconv.2.dylib 0x900f8000 - 0x9012afff com.apple.LDAPFramework 1.4.5 (110) <bb7a3e5d66f00d1d1c8a40569b003ba3> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x9012b000 - 0x902cbfff com.apple.JavaScriptCore 5531.21 (5531.21.9) <8b132638e4d517b8cd4613155ed82b87> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x902cc000 - 0x90393ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x90394000 - 0x903c1feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x903c2000 - 0x903eaff7 com.apple.shortcut 1.0.1 (1.0) <131202e7766e327d02d55c0f5fc44ad7> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x903eb000 - 0x9040ffff libxslt.1.dylib ??? (???) <0a9778d6368ae668826f446878deb99b> /usr/lib/libxslt.1.dylib 0x90410000 - 0x90c0efef com.apple.AppKit 6.5.9 (949.54) <4df5d2e2271175452103f789b4f4d8a8> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x90c1b000 - 0x90ccbfff edu.mit.Kerberos 6.0.13 (6.0.13) <804bd1b3f08fb57396781f012006367c> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x90e05000 - 0x90e14fff libsasl2.2.dylib ??? (???) <bb7971ca2f609c070f87786a93d1041e> /usr/lib/libsasl2.2.dylib 0x90e18000 - 0x90e30ff7 com.apple.CoreVideo 1.6.0 (20.0) <587c9c8966070a7d50276db35e1c76aa> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x90e31000 - 0x90e41ffc com.apple.LangAnalysis 1.6.5 (1.6.5) <d057feb38163121ffd871c564c692804> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x90e42000 - 0x90f75fe7 com.apple.CoreFoundation 6.5.7 (476.19) <a332c8f45529ee26d2e9c36d0c723bad> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90fda000 - 0x912b4ff3 com.apple.CoreServices.CarbonCore 786.11 (786.14) <d5cceb2fe9551d345d40dd1ecf409ec2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x912b5000 - 0x912b5ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x912f1000 - 0x912f2ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x912f3000 - 0x91380ff7 com.apple.framework.IOKit 1.5.2 (???) <7a3cc24f78f93931731203854ae0d891> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x91381000 - 0x91385fff libGIF.dylib ??? (???) <e7d550bda10018f52e61bb499dcf445f> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91386000 - 0x91394ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x9145f000 - 0x914b8ff7 libGLU.dylib ??? (???) <a3b9be30100a25a6cd3ad109892f52b7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x91676000 - 0x916d3ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x916d4000 - 0x917b4fff libobjc.A.dylib ??? (???) <7b92613fdf804fd9a0a3733a0674c30b> /usr/lib/libobjc.A.dylib 0x917f9000 - 0x917fcfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x917fd000 - 0x91809ffe libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x9180b000 - 0x9188aff5 com.apple.SearchKit 1.2.2 (1.2.2) <3b5f3ab6a363a4d8a2bbbf74213ab0e5> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x918f2000 - 0x91985fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x91986000 - 0x91a6eff3 com.apple.CoreData 100.2 (186.2) <44df326fea0236718f5ed64084e82270> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x91a6f000 - 0x91a73fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x91ac0000 - 0x91acbfe7 libCSync.A.dylib ??? (???) <d88c20c9a2fd0676dec62fddfa74979f> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x91aef000 - 0x91b69ff8 com.apple.print.framework.PrintCore 5.5.4 (245.6) <03d0585059c20cb0bde5e000438c49e1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91b6a000 - 0x91bf4fe3 com.apple.DesktopServices 1.4.8 (1.4.8) <a6edef2d49ffdee3b01010b7e6edac1f> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x91bf8000 - 0x91bf8ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x91d00000 - 0x91d24feb libssl.0.9.7.dylib ??? (???) <5b29af782be5894be8b336c9c73c18b6> /usr/lib/libssl.0.9.7.dylib 0x91d25000 - 0x91d25ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91d26000 - 0x91d2ffff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x91d63000 - 0x91d63fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x91d64000 - 0x91d93fe3 com.apple.AE 402.3 (402.3) <b13bfda0ad9314922ee37c0d018d7de9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91d94000 - 0x91f14fff com.apple.AddressBook.framework 4.1.2 (702) <f9360f9926ccd411fdf7550b73034d17> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x91f88000 - 0x920d0ff7 com.apple.ImageIO.framework 2.0.7 (2.0.7) <cf45179ee2de2d46a6ced2ed147a454c> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x92121000 - 0x92429fe7 com.apple.HIToolbox 1.5.6 (???) <eece3cb8aa0a4e6843fcc1500aca61c5> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9242f000 - 0x9242fffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x92430000 - 0x92448fff com.apple.openscripting 1.2.8 (???) <572c7452d7e740e8948a5ad07a99602b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92449000 - 0x92449ffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x9244a000 - 0x9244ffff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92450000 - 0x924acff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x924ad000 - 0x924adffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x924e0000 - 0x9251efff libGLImage.dylib ??? (???) <a6425aeb77f4da13212ac75df57b056d> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x9251f000 - 0x92658ff7 libicucore.A.dylib ??? (???) <f2819243b278259b9a622ea111ea5fd6> /usr/lib/libicucore.A.dylib 0x9265e000 - 0x926afff7 com.apple.HIServices 1.7.1 (???) <ba7fd0ede540a0da08db027f87efbd60> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x926b0000 - 0x926b7fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x926b8000 - 0x9281fff3 libSystem.B.dylib ??? (???) <ae47ca9b1686b065f8ac4d2de09cc432> /usr/lib/libSystem.B.dylib 0x92820000 - 0x928a7ff7 libsqlite3.0.dylib ??? (???) <3334ea5af7a911637413334154bb4100> /usr/lib/libsqlite3.0.dylib 0x928a8000 - 0x928c6ff3 com.apple.DirectoryService.Framework 3.5.7 (3.5.7) <0dc7272ee811169b47b4c682bfc666c6> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x928c7000 - 0x928cdfff com.apple.print.framework.Print 218.0.3 (220.2) <5b7f4ef7c2df36aff9605377775781e4> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x928ce000 - 0x928ceff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x928cf000 - 0x928d1ff5 libRadiance.dylib ??? (???) <3561a7a6405223a1737f41352f1fd8c8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9290f000 - 0x9291bff9 com.apple.helpdata 1.0.1 (14.2) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x92a88000 - 0x92ae2ff7 com.apple.CoreText 2.0.4 (???) <f0b6c1d4f40bd21505097f0255abfead> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x92b5e000 - 0x92b6efff com.apple.speech.synthesis.framework 3.7.1 (3.7.1) <06d8fc0307314f8ffc16f206ad3dbf44> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x92b6f000 - 0x92becfeb com.apple.audio.CoreAudio 3.1.2 (3.1.2) <782a08c44be4698597f4bbd79cac21c6> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x92ca5000 - 0x92ce7fef com.apple.NavigationServices 3.5.2 (163) <91844980804067b07a0b6124310d3f31> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92ce8000 - 0x92ce8ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x92ce9000 - 0x93389feb com.apple.CoreGraphics 1.409.5 (???) <a40644ccdbdc76e3a0ab4d468b2f9bdd> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9338a000 - 0x933a8fff libresolv.9.dylib ??? (???) <a8018c42930596593ddf27f7c20fe7af> /usr/lib/libresolv.9.dylib 0x933a9000 - 0x933e0fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x933e1000 - 0x933f6ffb com.apple.ImageCapture 5.0.2 (5.0.2) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x933f7000 - 0x938c8fbe libGLProgrammability.dylib ??? (???) <7f18294a7bd0b6afe4319f29187fc70d> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x938c9000 - 0x938d0ff7 libCGATS.A.dylib ??? (???) <1339abfb67318d65c0130f76bc8c4da6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x93975000 - 0x93a2ffe3 com.apple.CoreServices.OSServices 228 (228) <bc83e97f6888673c33f86652677c09cb> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x93a30000 - 0x93a4cff3 libPng.dylib ??? (???) <df60749fd50bcfa0da5b4cac899e09df> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x93a65000 - 0x93af2ff7 com.apple.LaunchServices 292 (292) <a41286c7c1eb20ffd5cc796f791070f0> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x93af3000 - 0x93b9afeb com.apple.QD 3.11.57 (???) <35f058678972d42b88ebdf652df79956> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x93b9b000 - 0x93f59fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x93f5a000 - 0x93f9bfe7 libRIP.A.dylib ??? (???) <e9c5df8bd574b71e55ac60c910b929ce> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x93f9c000 - 0x9486dfff com.apple.WebCore 5531.21 (5531.21.8) <fa100d959d8655e174d84b87fe154b31> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore 0x9486e000 - 0x948a8fe7 com.apple.coreui 1.2 (62) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x948a9000 - 0x948abfff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x948e3000 - 0x948f9fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x949dd000 - 0x94c59fe7 com.apple.Foundation 6.5.9 (677.26) <c68b3cff7864959becfc7fd1a384f925> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x94c5a000 - 0x94c69ffe com.apple.DSObjCWrappers.Framework 1.3 (1.3) <09deb9e32d0d09dfb95ae569bdd2b7a4> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94cc3000 - 0x94d8efef com.apple.ColorSync 4.5.3 (4.5.3) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x94d8f000 - 0x94ee1ff3 com.apple.audio.toolbox.AudioToolbox 1.5.3 (1.5.3) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94ee2000 - 0x94f89fec com.apple.CFNetwork 438.14 (438.14) <5f9ee0430b5f6319f18d9b23e777e0d2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x94f8a000 - 0x94fa9ffa libJPEG.dylib ??? (???) <37050c2a8d6f7026c94b4bf07c4d8a80> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x94fef000 - 0x94ffcfe7 com.apple.opengl 1.5.10 (1.5.10) <5a2813f80c9441170cc1ab8a3dac5038> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x95032000 - 0x9503afff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9503b000 - 0x953d8fef com.apple.QuartzCore 1.5.8 (1.5.8) <a28fa54346a9f9d5b3bef076a1ee0fcf> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x9556f000 - 0x95602ff3 com.apple.ApplicationServices.ATS 3.8 (???) <eda9db16110de6b7fd9436cd0daa787d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x95603000 - 0x9560affe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x9560b000 - 0x956ecff7 libxml2.2.dylib ??? (???) <b3bc0b280c36aa17ac477b4da56cd038> /usr/lib/libxml2.2.dylib 0x96686000 - 0x966affff libcups.2.dylib ??? (???) <a40b9403cc4a0dffefed110e1eab90c4> /usr/lib/libcups.2.dylib 0x966b0000 - 0x966b5fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x9691f000 - 0x969fbfef com.apple.WebKit 5531.21 (5531.21.8) <aac476a6fa3231d4cdce9a111143e0b7> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit 0x969fc000 - 0x96bcdff3 com.apple.security 5.0.6 (37592) <c7c68c3ba198b36d571d4b1e028a1a77> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x96bce000 - 0x96c4bfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x96c4c000 - 0x96c8bfef libTIFF.dylib ??? (???) <cd2e392973a1fa35f23a0f37f55c579c> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x96c8c000 - 0x96cb7fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x96cb8000 - 0x96d6affb libcrypto.0.9.7.dylib ??? (???) <d02f7e5b8a68813bb7a77f5edb34ff9d> /usr/lib/libcrypto.0.9.7.dylib 0x96dde000 - 0x97104fe2 com.apple.QuickTime 7.6.4 (1327.73) <96515f6a2d628cd2105c7082295199b5> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x9714c000 - 0x97156feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x97157000 - 0x971a0fef com.apple.Metadata 10.5.8 (398.26) <e4d268ea45379200f03cdc7c8bedae6f> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x971a1000 - 0x975b1fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib Reproducible: Always Steps to Reproduce: Unfortunately, we can only reproduce it on our specific setup (with specific hardware and PKCS#11 module). Anyway, it's usually enough to just load the PKCS#11 module and wait some time. At the latest, when entering the PIN, firefox crashes... Actual Results: Firefox crashed. Expected Results: Successful login to the chipcard
Finally having had some success in using valgrind, here's additional information. Valgrind reports several errors: The first one: ==20704== Conditional jump or move depends on uninitialised value(s) ==20704== at 0x6D28038: SECMOD_UpdateSlotList (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x6D281A6: SECMOD_WaitForAnyTokenEvent (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x190D025: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x61CE7: PR_Select (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib) ==20704== by 0x883154: _pthread_start (in /usr/lib/libSystem.B.dylib) ==20704== by 0x883011: thread_start (in /usr/lib/libSystem.B.dylib) The second/third (probably harmless?): ==20704== Syscall param write(buf) points to uninitialised byte(s) ==20704== at 0x88829A: write$NOCANCEL$UNIX2003 (in /usr/lib/libSystem.B.dylib) ==20704== by 0x6C3570F: sqlite3_value_type (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C5011F: sqlite3_randomness (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C501DA: sqlite3_randomness (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) And fourth to the final crash, all of which seem to be related: ==20704== Invalid read of size 4 ==20704== at 0x3FC1684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FC16B0: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FB0496: object_getClassName (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1BC1: _objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1C2F: __objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB0636: _freedHandler (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1FC3025: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/kobil/SwissSign_FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== vex x86->IR: unhandled instruction bytes: 0xF 0xB 0x55 0x89 ==20704== valgrind: Unrecognised instruction at address 0x3fb1bfa.
Finally having had some success in using valgrind, here's additional information. Valgrind reports several errors: The first one: ==20704== Conditional jump or move depends on uninitialised value(s) ==20704== at 0x6D28038: SECMOD_UpdateSlotList (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x6D281A6: SECMOD_WaitForAnyTokenEvent (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnss3.dylib) ==20704== by 0x190D025: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x61CE7: PR_Select (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libnspr4.dylib) ==20704== by 0x883154: _pthread_start (in /usr/lib/libSystem.B.dylib) ==20704== by 0x883011: thread_start (in /usr/lib/libSystem.B.dylib) The second/third (probably harmless?): ==20704== Syscall param write(buf) points to uninitialised byte(s) ==20704== at 0x88829A: write$NOCANCEL$UNIX2003 (in /usr/lib/libSystem.B.dylib) ==20704== by 0x6C3570F: sqlite3_value_type (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C5011F: sqlite3_randomness (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) ==20704== by 0x6C501DA: sqlite3_randomness (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/libsqlite3.dylib) And fourth to the final crash, all of which seem to be related: ==20704== Invalid read of size 4 ==20704== at 0x3FC1684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FC16B0: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== ==20704== Invalid read of size 4 ==20704== at 0x3FB0496: object_getClassName (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1BC1: _objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB1C2F: __objc_error (in /usr/lib/libobjc.A.dylib) ==20704== by 0x3FB0636: _freedHandler (in /usr/lib/libobjc.A.dylib) ==20704== by 0x1FC3025: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==20704== by 0x1A1DF99: JSD_GetValueForObject (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x18A6A46: void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0xFD013A: XRE_main (in /Users/FF3.6_bug/FF3.6/firefox.app/Contents/MacOS/XUL) ==20704== by 0x2CB7: (below main) (in ./firefox-bin) ==20704== Address 0x179592f0 is not stack'd, malloc'd or (recently) free'd ==20704== vex x86->IR: unhandled instruction bytes: 0xF 0xB 0x55 0x89 ==20704== valgrind: Unrecognised instruction at address 0x3fb1bfa.
Sorry for the duplicated comment... :-(
Summary: spontanuous crash some seconds to minutes after loading a PKCS#11 module → Bug in JSD_GetValueForObject (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module
reporter: you need to grab shark enabled builds: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-3.7a2pre.en-US.mac-shark.dmg otherwise you're just randomly pointing at libraries.
Summary: Bug in JSD_GetValueForObject (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module → problem somewhere (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module
I'm just trying that. It is still crashing, so should I use the crash report thing and add a reference to this bug here in the comment field? Also, could you elaborate a bit on what "shark enabled" really means and why it's needed? So far, I always found the regular "crash dumps" quite helpful, so I'm a bit surprised why they should contain "random nonsense" in the case of firefox... So far, I only found http://developer.apple.com/tools/sharkoptimize.html which doesn't help me much to understand what "shark enabled builds" are about.
if you use the build i linked to, then the apple crash report saved to a file and attached to this bug will be fine. our symbols are huge, and as 99.99999% of our customers have no use for them, we strip them to save the download time for them (and to save bandwidth and disk space for us). it's not that you're going to be using 'shark', it's that the builds we have which support shark aren't stripped and are such useful for analyzing your problem using the tool you were already using.
Sorry to ask still another stupid question: Using the build you linked to, I get a crash report form that seems to be mozilla specific. How do I get to the apple crash report?
if you're running in valgrind, it won't matter.... https://developer.mozilla.org/en/Environment_variables_affecting_crash_reporting
Attached file Apple crash report
I see. I attached the crash log, but I suppose this fragment from valgrind's output is more helpful - it seems to show that some object that has been already relases by its AutoreleasePool is accessed again... ==1046== Invalid read of size 4 ==1046== at 0x61F3684: objc_msgSend (in /usr/lib/libobjc.A.dylib) ==1046== by 0x2CDA269: nsAppShell::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2B51AC6: nsAppStartup::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x21589D8: XRE_main (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2387: main (in ./firefox-bin) ==1046== Address 0x1cd73f50 is 0 bytes inside a block of size 20 free'd ==1046== at 0x137AF: free (vg_replace_malloc.c:325) ==1046== by 0x61E36B2: _internal_object_dispose (in /usr/lib/libobjc.A.dylib) ==1046== by 0x4FE57BF: NSDeallocateObject (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==1046== by 0x4FE14F0: NSPopAutoreleasePool (in /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation) ==1046== by 0x1AB5C185: PoolCleaner (in /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit) ==1046== by 0x545359B: IdleTimerVector (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x63A38F4: CFRunLoopRunSpecific (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation) ==1046== by 0x63A3AA7: CFRunLoopRunInMode (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation) ==1046== by 0x53E52AB: RunCurrentEventLoopInMode (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x53E4FFD: ReceiveNextEventCommon (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x53E4F38: BlockUntilNextEventMatchingListInMode (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox) ==1046== by 0x42DC6D4: _DPSNextEvent (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x42DBF87: -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x42D4F9E: -[NSApplication run] (in /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit) ==1046== by 0x2CDA269: nsAppShell::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2B51AC6: nsAppStartup::Run() (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x21589D8: XRE_main (in /Users/FF3.6_bug/FF3.7/Minefield.app/Contents/MacOS/XUL) ==1046== by 0x2387: main (in ./firefox-bin)
Attachment #429728 - Attachment mime type: text/x-log → text/plain
Component: General → Widget: Cocoa
Keywords: crash
Product: Firefox → Core
QA Contact: general → cocoa
Summary: problem somewhere (MacOS X)? was: spontanuous crash some seconds to minutes after loading a PKCS#11 module → crash [@ objc_msgSend] using object freed by [WebKit]IdleTimerVector/PoolCleaner after loading a PKCS#11 module
Version: unspecified → Trunk
Stefan, if you're going to provide more than a few lines of debugging information, please do so as attachments rather than pasting as comments (see "Add an attachment" in https://developer.mozilla.org/en/Bug_writing_guidelines ). Presumably this is more fallout from bug 509130? Steven, it looks like you never linked to a tryserver build with the second patch on bug 533001, so we can't point reporters of bugs like this to that build for testing.
> Presumably this is more fallout from bug 509130? I think this is unlikely. The only way it could happen is if some other Cocoa program launched/spawned Firefox. > Steven, it looks like you never linked to a tryserver build with the > second patch on bug 533001, so we can't point reporters of bugs like > this to that build for testing. It seems I forgot to post it. But even if I had, it would by now have been deleted from the tryserver build archives. I'll start another build and comment here when it's done.
The valgrind log fragment from comment #10 is very strange. In fact, on the face of it, it looks impossible: A Firefox process appears to be spawning another Firefox process, and this without using fork() or the like!!
Where do you see this? Maybe you just did miss the line saying "Address 0x1cd73f50 is 0 bytes inside a block of size 20 free'd"? I.e. that fragment ist saying "Invalid read at <backtrace> for memory block freed at <backtrace>" and both backtraces seem OK to me.
I don't have much experience reading valgrind traces, so I'll take your word for it that I've misread the traces from comment #10. (For example I thought it was one trace, but it appears that it's two separate traces.) But I'd still be very surprised if my patch for bug 509130 could have triggered IdleTimerVector() crashes without either of the following being true: 1) Gecko is being run from a Cocoa embedder (like Camino) or 2) Firefox is being spawned from some other Cocoa app. Is #2 true? Are you spawning Firefox from some other Cocoa app? Once my tryserver build (of the patch for bug 533001) is ready, you can test with that. But that won't be for several hours.
Also, how do you load your PKCS#11 module? Is it a plugin? An extension?
> Is #2 true? Are you spawning Firefox from some other Cocoa app? Is valgrind a Cocoa app? :-)
>> Is #2 true? Are you spawning Firefox from some other Cocoa app? > > Is valgrind a Cocoa app? :-) From a quick look through the valgrind source, it appears the answer is "no".
Yes, that valgrind output was two separate traces; it's a command line utility (so I think the answer to whether it's a Cocoa app is "no" in that sense, but I have no idea what kind of APIs it might use internally). Anyway, the same crash (see the attached crash report) seems to occur when starting it without valgrind, i.e. when I'm just starting it from the "regular" shell window via "DYLD_LIBRARY_PATH=<path_to_the_PKCS#11_module_and_related_libs> <Path-to>/firefox -profile <profile directory for testing>". About the PKCS#11 module: it's OpenSC's "onepin-opensc-pkcs11.so", which however loads a driver for a chipcard reader which is directly talking to the USB port, i.e. it's not using pcsclite. When you load that module (via the usual "Load security module" interface) for the first time, it's actually working, it's just crashing, once it's stored in the profile that this module should be loaded - sorry for not mentioning that earlier. I don't really know about the technical differences between plugin/extension/whatever, so I just hope I gave enough details to enable you to answer your last question yourself. ;-) I'll try the "tryserver build" tommorow...
> once it's stored in the profile that this module should be loaded What does this mean? Do you mean the Firefox profile? If so, what do you put in the Firefox profile to load the PKCS#11 module?
Maybe :kaie can provide some additional details about how NSS and PSM handle loading of PKCS#11 modules and how that might relate to the crashing in this bug.
IIRC, the information which security modules are to be loaded is stored in a seaprate file named "secmod.db", so what I meant to say is that once the information about the module is stored in secmod.db, I get those crashes, while things work if I start with the standard secmod.db. Anyway, the tryserver build seems to work fine, one thing I noticed when running under valgrind is that memory seems to be allocated via "new[]" in gfxTextRun::AllocateStorage(void const*&, unsigned int, unsigned int), but freed via "free" in gfxTextRun::~gfxTextRun(). AFAIK, that's bad at least in theory. Anyway, that build is working for me...
http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/src/gfxFont.cpp?mark=2300,2374#2300 afaict it's a matched pair. If it isn't, please file a bug w/ stacks.
Thanks for the information, Stefan Neis. I don't yet know how it's happening, but it's pretty clear that this bug's crashes are triggered by my patch for bug 509130 (from the traces in comment #10, and the fact that my patch for bug 533001 makes the crashes go away).
Assignee: nobody → smichaud
Status: UNCONFIRMED → ASSIGNED
Depends on: 533001
Ever confirmed: true
So what does this mean in practicem in view of your comments to bug 533001? [ But I hope that (if no unfixable problems are discovered) we can get it into FF 3.6.1. ] The bug is probably going to be fixed in the next release? Or is it already too late for this and I should rather hope for the one after that?
there won't be a 3.6.1 ;-), and 3.6.2 is freezing today iiuc
(In reply to comment #24) > Anyway, the tryserver build seems to work fine, one thing I noticed when > running under valgrind is that memory seems to be allocated via "new[]" in > gfxTextRun::AllocateStorage(void const*&, unsigned int, unsigned int), but > freed via "free" in gfxTextRun::~gfxTextRun(). AFAIK, that's bad at least in > theory. (In reply to comment #25) > http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/src/gfxFont.cpp?mark=2300,2374#2300 > afaict it's a matched pair. If it isn't, please file a bug w/ stacks. FYI, Jesse filed bug 551279 that appears to cover this valgrind complaint.
This should be fixed by my patch for bug 533001, which landed on the trunk on 2010-04-05 and which just landed on the 1.9.2 branch (and so will appear in FF 3.6.5).
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
status1.9.2: --- → .5-fixed
Resolution: --- → FIXED
Crash Signature: [@ objc_msgSend]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: