Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 231773 - Firefox segfault
Summary: Firefox segfault
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 6
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-11 15:40 UTC by Sam Varshavchik
Modified: 2018-04-11 18:28 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-04-12 11:17:09 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Mozilla Foundation 282933 None None None Never

Description Sam Varshavchik 2007-03-11 15:40:14 UTC
Description of problem:

Firefox bombs out with a segfault

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Open a SEP retirement plan with T Rowe Price
2. Sign up for online access
3. Log on to
4. In the account tab, click on the link for your retirement plan
Actual results:

Firefox crashes with a segfault

Expected results:

I get to ponder on my golden retirement years.

Additional info:

This is an x86_64-specific issue.  T Rowe Price uses flash.  There is no flash
plugin for x86_64.  On a different laptop, with flash installed firefox does not
crash.  Firefox has a history of crashing on sites with Flash, when the flash
plugin is not installed or available.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496257664 (LWP 3640)]
0x00002aaab6e9bcf2 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
(gdb) where
#0  0x00002aaab6e9bcf2 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#1  0x00002aaab6e9bd8c in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#2  0x00002aaaba8c30ce in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#3  0x00002aaaba8be665 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#4  0x00002aaaba8c1ee7 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#5  0x00002aaaba8bfda4 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#6  0x00002aaaaeca92bb in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#7  0x00002aaaaeca9499 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#8  0x00002aaaaec422ec in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#9  0x00002aaaaec425c3 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#10 0x000000351686128b in NS_AsyncCopy ()
   from /usr/lib64/firefox-
#11 0x0000003516872319 in PL_HandleEvent ()
---Type <return> to continue, or q <return> to quit---
   from /usr/lib64/firefox-
#12 0x000000351687252b in PL_ProcessPendingEvents ()
   from /usr/lib64/firefox-
#13 0x00000035168737cd in nsAutoMonitor::NewMonitor ()
   from /usr/lib64/firefox-
#14 0x00002aaaaf8be232 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#15 0x0000003087c2cf64 in g_main_context_dispatch ()
   from /lib64/
#16 0x0000003087c2fd9d in g_main_context_check () from /lib64/
#17 0x0000003087c300aa in g_main_loop_run () from /lib64/
#18 0x000000375bb2d023 in gtk_main () from /usr/lib64/
#19 0x00002aaaaf8be616 in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#20 0x00002aaab421b13a in __cxa_pure_virtual ()
   from /usr/lib64/firefox-
#21 0x0000000000408284 in __cxa_pure_virtual ()
#22 0x0000003a5a81da44 in __libc_start_main () from /lib64/
#23 0x0000000000403939 in __cxa_pure_virtual ()
#24 0x00007fff40ba3dd8 in ?? ()
#25 0x0000000000000000 in ?? ()

Comment 1 Matěj Cepl 2007-03-13 12:59:33 UTC
Reporter, I really cannot create an investment account just to triage a bug. So,
please, help me a little to understand better what's going on, please.

First of all, I am really not quite sure, that I understand what exactly the
problem is and whether it is site-specific or general problem with flash. Could
you go to the canonical Flash-testing site and
tell me what happens? When I do that here with RHEL5/x86_64 (no flash installed)
I get a blank rectangle in middle of the screen saying "Click here to download
plugin". When I click on it finder of plugins jumps up and says, that no plugin
is available. Is it the same for you or does you firefox crash?

Second, if that works for you (i.e., flash doesn't work but firefox doesn't
crash either), than could you try website mentioned in the upstream bug and and tell me whether
actually you bug is not a duplicate of the upstream one?

Thanks a lot for the cooperation

Comment 2 Sam Varshavchik 2007-03-13 23:23:29 UTC
I get the same results as you on, and this is not the
upstream bug.

The upstream bug is an X window error being reported on standard error.  I get a
full-blown segfault.  Completely different.

I tried to get something useful out of firefox-debuginfo, but given the
sophisticated nature of the firefox startup shell script wrapper, I could not
easily figure out how to make it run the debuginfo version of the firefox
binary. If I can have the instructions for starting the debuginfo version of
firefox-bin, together with the debuginfo version of all the component libraries,
then I can perhaps be able to obtain more information about the crash.

Comment 3 Christopher Aillon 2007-03-14 00:38:21 UTC
if you have both gdb and firefox-debuginfo installed, run `firefox -g`

Comment 4 Sam Varshavchik 2007-03-14 01:41:19 UTC
Nice trick.  

The segfault is caused by a null pointer derefence in nsObjectFrame.cpp, line
3098, which reads:


mContent->GetDocument() returns a NULL pointer -- BOOM!

Breakpoint 1, nsObjectFrame::PluginNotAvailable (this=0x2193cd0,
aMimeType=<value optimized out>) at nsObjectFrame.cpp:3096
(gdb) next
(gdb) p mContent
$1 = (nsIContent *) 0x21ce4c0
(gdb) p *mContent
$2 = {<nsISupports> = {_vptr.nsISupports = 0x2aaab343d0f0}, static
sTabFocusModel = 7, static sTabFocusModelAppliesToXUL = 0, mParentPtrBits =
(gdb) p mContent->GetDocument()
[Thread 1126189376 (LWP 6604) exited]
$3 = (class nsIDocument *) 0x0

Comment 5 Christopher Aillon 2007-03-14 05:00:33 UTC
Appears to be

Comment 6 Christopher Aillon 2007-03-14 15:06:40 UTC
Can you try this build:
to see if it helps.  It is the same as the current fc6 version but adds the
patch from the upstream bug.

Comment 7 Sam Varshavchik 2007-03-14 23:57:45 UTC
Yup -- the upstream patch completely fixes the bug.  Perfect.

Note You need to log in before you can comment on or make changes to this bug.