660553 - crash when press insert key on a textarea

Status: RESOLVED WONTFIX

(Core :: Widget: Gtk, defect)

Description

[Rakeka]

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Build Identifier: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

When the insert key is pressed on a focused textarea (like the one in which I'm typing right now), firefox will crash or, if gtk was compiled with --enable-debug (the default on most linux distros), display some critical debug messages.

Reproducible: Always

Steps to Reproduce:
1.Just set keyboard focus to an textarea and press insert key (simple file with only <textarea></textarea> crashes too.)
2.
3.


Actual Results:  
Segmentation fault.


The bug is present in many versions including 3.6.8 until 3.6.13, and 4.0, 4.0.1.

GTK debug messages:

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_buffer_get_insert: assertion `GTK_IS_TEXT_BUFFER (buffer)' failed

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_buffer_get_iter_at_mark: assertion `GTK_IS_TEXT_MARK (mark)' failed

(firefox-bin:21050): Gtk-CRITICAL **: _gtk_text_layout_get_block_cursor: assertion `layout != NULL' failed

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_layout_get_cursor_locations: assertion `layout != NULL' failed

(firefox-bin:21050): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:21050): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_buffer_get_insert: assertion `GTK_IS_TEXT_BUFFER (buffer)' failed

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_buffer_get_iter_at_mark: assertion `GTK_IS_TEXT_MARK (mark)' failed

(firefox-bin:21050): Gtk-CRITICAL **: _gtk_text_layout_get_block_cursor: assertion `layout != NULL' failed

(firefox-bin:21050): Gtk-CRITICAL **: gtk_text_layout_get_cursor_locations: assertion `layout != NULL' failed

(firefox-bin:21050): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:21050): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

Comment 1

[Rakeka]

Attachment: Critical messages from gtk

Comment 2

[mjh563]

Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

I also see those messages on the console when I press the Insert key in a textarea. But Firefox doesn't crash.

(The Insert key doesn't actually seem to do anything though. I was expecting it to toggle between insert and overwrite mode.)

Comment 3

[:aceman]

Also get these messages per Ins-keypress:
(firefox-bin:11999): Gtk-CRITICAL **: _gtk_text_layout_get_block_cursor: assertion `layout != NULL' failed

(firefox-bin:11999): Gtk-CRITICAL **: IA__gtk_text_layout_get_cursor_locations: assertion `layout != NULL' failed

(firefox-bin:11999): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:11999): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:11999): Gtk-CRITICAL **: _gtk_text_layout_get_block_cursor: assertion `layout != NULL' failed

(firefox-bin:11999): Gtk-CRITICAL **: IA__gtk_text_layout_get_cursor_locations: assertion `layout != NULL' failed

(firefox-bin:11999): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

(firefox-bin:11999): Gdk-CRITICAL **: gdk_window_invalidate_rect_full: assertion `GDK_IS_WINDOW (window)' failed

However, no crash on FF4 and FF7.0a1. I am on 32bit system and FF. Original report is on 64bit. Can anybody check there?

Comment 4

[George Carstoiu]

Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110619 Firefox/7.0a1

WFM on latest trunk.

Did you get your copy of Firefox from www.mozilla.com or did you compile it yourself?

Also did you try this on a clean profile?
http://support.mozilla.com/en-US/kb/Managing-profiles

Comment 5

[Rakeka]

Yes, I've tried a new profile (rm -rf ~/.mozilla), and, the www.mozilla.com build too.

Compiled 5.0 today, same problem.

Comment 6

[Rakeka]

Still crashing on 5.0.1.

Comment 7

[George Carstoiu]

Mozilla/5.0 (X11; Linux i686; rv:8.0a1) Gecko/20110718 Firefox/8.0a1

Can you please copy and paste the content of the about:buildconfig page?

Also what distro of linux are you using with what twitches you've made to it (Gnome 3, KDE, Compiz, Metacity etc)?

Thanks!

Comment 8

[Rakeka]

It's not a distro, build or configuration problem. All distros (ubuntu, debian, slackware, my distro), all gtk versions, all firefox versions (at least from 3.6.8 to 5.0.1), even the mozilla.com build, presented the same problems.

touch test.html;
echo "<textarea></textarea>" > test.html;
firefox test.html;
set keyboard focus to the textarea;
press insert;

or simply open firefox in a terminal and press insert on any textarea (this one in which I'm typing right now is an example);

If you switch to the terminal, you will see CRITICAL messages from GTK assertion failures. I thought that these messages would be sufficient to make it clear. When the GTK is compiled with "--enable-debug" (default on most distros), these assertions prevents the function from access the NULL pointer passed to it, and consequently, prevents the crash, but it does not mean that there is no problem somewhere in the program. With "--enable-debug=no" (my case) the program simply crashes (Segmentation fault) because gtk does not verify the sanity of data passed to him.

Comment 9

[:aceman]

OK, can you find a distro that has GTK debugging disabled?

Or is it possible to disable the debugging on other distros?

Comment 10

[Rakeka]

To disable debug you need to recompile GTK with option "--enable-debug=no". There is no need to install on /usr, just by install on your home and using LD_LIBRARY_PATH can reproduce the crash. I've made that on debian and slackware and the results are the same.

Comment 11

[:aceman]

Do you get a crash ID when FF crashes? See in about:crashes and paste it here.

Comment 12

[Rakeka]

My and debian firefox were not compiled with crashreporter.

The slackware says on crash:

Firefox had a problem and crashed. We'll try to restore your tabs and windows when it restarts.

Unfortunately the crash reporter is unable to submit a crash report.

Details: The application did not leave a crash dump file.

Comment 13

[:aceman]

(In reply to comment #10)
> To disable debug you need to recompile GTK with option "--enable-debug=no".
> There is no need to install on /usr, just by install on your home and using
> LD_LIBRARY_PATH can reproduce the crash. I've made that on debian and
> slackware and the results are the same.

OK, what dependencies are necessary to compile it on Slackware? I could try it.
What is the exact GTK version you are using?

Comment 14

[Thomas Ahlblom]

Mozilla/5.0 (X11; Linux x86_64; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
bp-f7032818-3bda-42ff-a5bf-982c92110725
[@ libgtk-x11-2.0.so.0.2400.5@0x19d731 ] 

Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0
bp-e1b2cfb0-8a88-4498-905e-e69aa2110725
[@ libgtk-x11-2.0.so.0.2400.5@0x19d731 ]

Mozilla/5.0 (X11; Linux x86_64; rv:7.0a2) Gecko/20110724 Firefox/7.0a2
bp-1bda05f6-4e05-4531-a80a-80bee2110725
[@ libgtk-x11-2.0.so.0.2400.5@0x19d731 ] 

Mozilla/5.0 (X11; Linux x86_64; rv:8.0a1) Gecko/20110725 Firefox/8.0a1
bp-262063e1-0086-4907-9fe6-0cc5a2110725
[@ libgtk-x11-2.0.so.0.2400.5@0x19d731 ]

Comment 15

[:aceman]

So you reproduced it?

Comment 16

[Thomas Ahlblom]

(In reply to comment #15)
> So you reproduced it?

Yes, I reproduced it. Forgot to write that.

Comment 17

[:aceman]

Thanks, marking. Also, so far it was only seen on 64bit linux, marking that.

Comment 18

[Thomas Ahlblom]

I've been too lazy to also build ia32-libs-gtk with --enable-debug=no (the source is 472 M on Debian and the configuration looks different), but considering the Gtk-CRITICAL output I guess the problem exists in the i686 world as well.

Looking for Gtk-CRITICAL output I get the following regression range:

WFM:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8a4) Gecko/20040907 Firefox/0.9.1+

Reproduced:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8a4) Gecko/20040908 Firefox/0.9.1+

Those builds are actually i686, but the User Agent string was built differently 7 years ago.

Comment 19

[:aceman]

Yes, I have confirmed the GTK error messages also on pure 32bit system. But this seems to be a memory access problem (touching a nonexistent or NULL object), it may behave differently on 32 and 64bit.

Comment 20

[Rakeka]

(In reply to comment #13)
> (In reply to comment #10)
> > To disable debug you need to recompile GTK with option "--enable-debug=no".
> > There is no need to install on /usr, just by install on your home and using
> > LD_LIBRARY_PATH can reproduce the crash. I've made that on debian and
> > slackware and the results are the same.
> 
> OK, what dependencies are necessary to compile it on Slackware? I could try
> it.
> What is the exact GTK version you are using?

Versions of gtk were the same ones that came in distros (2.20.1 on debian squeeze and 2.18.9 on slackware 13.1), I'm currently using 2.24.4 on mine. Slackware already have all needed dependencies to build it. On debian you will need build-essential and {libpng,libjpeg,libtiff,xorg,atk,pango,cairo,glib}-dev (maybe more...).

(In reply to comment #17)
> Thanks, marking. Also, so far it was only seen on 64bit linux, marking that.

It happens on pure 32bit too, my slackware is pure 32bit.

Comment 21

[Thomas Ahlblom]

I used GTK 2.24.5-3 built from Debian source while reproducing in comment 14.

Considering last part of comment 20 I will modify the Hardware of this bug.

Comment 22

[Sylvestre Ledru [:Sylvestre]]

Closing because no crash reported since 12 weeks.