Ubuntu
firefox package

MASTER firefox crashed [@vfprintf] ... -- libvlc.so.0

Bug #78725 reported by RichWolf
202
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GLibC
Fix Released
Medium
firefox (Ubuntu)
Invalid
High
Mozilla Bugs
glibc (Ubuntu)
Fix Released
Undecided
Unassigned
vlc (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

... closing webpage

Binary package hint: firefox

Here's the webpage: http://web.mac.com/a_thorkildsen/iWeb/www.andreasthorkildsen.com/Movies.html

Contains Quicktime clips. I have installed plugin VLC for firfox to play these types of files but have not been successful yet. This page just crashes since I added the plugins.

At first I thought it was the page I was going TO, but I found that it was going FROM or closing the page mentioned causes the crash. See attached crash file.

Possible test case (from bug #129080):
I reproduce the crash doing this:
- Open Firefox
- Go to http://www.apple.com/trailers
- Click on The Simpsons Movie trailer
- Select the trailer 2, medium
- Then, firefox crash.

See original description
Revision history for this message
RichWolf (rspeedyw) wrote :
RichWolf (rspeedyw)
description: updated
description: updated
RichWolf (rspeedyw)
description: updated
David Farning (dfarning)
Changed in firefox:
assignee: nobody → mozillateam
importance: Undecided → Medium
John Vivirito (gnomefreak)
Changed in firefox:
status: Unconfirmed → Needs Info
David Farning (dfarning)
Changed in firefox:
assignee: mozillateam → mozilla-bugs
Alexander Sack (asac)
description: updated
description: updated
Revision history for this message
RichWolf (rspeedyw) wrote : Re: [edgy] firefox crashes

This does seem related to the 6.10 distro and/or firefox version that is included. I have upgraded to 7.04(Feisty) and do not have the crash problem now, although I still can't get Quicktime files to play in the browser.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Stacktrace

Retrace done.

Extract from retraced stacktrace:
...
#0 vfprintf () from /lib/tls/i686/cmov/libc.so.6
#1 vasprintf () from /lib/tls/i686/cmov/libc.so.6
#2 __msg_Create () from /usr/lib/libvlc.so.0
#3 ?? ()
#4 ?? () from /usr/lib/libvlc.so.0
#5 ?? ()
#6 ?? ()
#7 ?? ()
#8 ?? ()
#9 _nl_default_default_domain ()
#10 ?? ()
#11 ?? () from /lib/tls/i686/cmov/libc.so.6
#12 ?? ()
...

Tagging as mt-confirm for further processing

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Thread Stacktrace

Retraced Thread Stacktrace

Changed in firefox:
status: Needs Info → Confirmed
importance: Medium → High
Revision history for this message
shroudednight (shroudednight) wrote :

After isolating the vlc plugin, my firefox continues to crashes to desktop when attempting to leave the page (either by trying to navigate away or closing the tab) linked to in the bug description.

Currently running KDE (K)Ubuntu 7.04

Firefox 2.0.0.3+1-0ubuntu2

VLC and VLC plugin shown to be version 0.8.6.release-0ubuntu4

Firefox is reporting the VLC plugin as follows:

    File name: libvlcplugin.so
    Version 0.8.6 Janus, copyright 1996-2006 The VideoLAN Team

Revision history for this message
Johan Walles (walles) wrote :

I'm guessing this bug won't be resolved until the retracer gets some love.

Bug 95504 deals with the problematic retrace.

Revision history for this message
Alexander Sack (asac) wrote :

we set this bug to invalid for firefox task until there is evidence that this is not a vlc issue. We will still catch duplicates though.

Changed in firefox:
status: Confirmed → Invalid
Hilario J. Montoliu (hjmf) (hmontoliu)
description: updated
Revision history for this message
In , Pierre Habouzit (madcoder) wrote :

in debian bug http://bugs.debian.org/443660 was reported a crash due to
dgettext in a multi-threaded context.

It was reported that when it crashes (as it seems to be a race, it's hard to)
a valgrind trace looks like that:

==3535== Thread 3:
==3535== Invalid read of size 4
==3535== at 0x4063F0B: _nl_find_msg (dcigettext.c:862)
==3535== by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535== by 0x4063972: dcgettext (dcgettext.c:53)
==3535== by 0x406399F: dgettext (dgettext.c:54)
==3535== by 0x80484DD: run (in /home/remi/a.out)
==3535== by 0x402D2D2: start_thread (pthread_create.c:296)
==3535== by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)
==3535== Address 0x418C91C is 0 bytes after a block of size 12 alloc'd
==3535== at 0x4024862: realloc (vg_replace_malloc.c:306)
==3535== by 0x4063FF1: _nl_find_msg (dcigettext.c:876)
==3535== by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535== by 0x4063972: dcgettext (dcgettext.c:53)
==3535== by 0x406399F: dgettext (dgettext.c:54)
==3535== by 0x80484DD: run (in /home/remi/a.out)
==3535== by 0x402D2D2: start_thread (pthread_create.c:296)
==3535== by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)

THe second block looks indeed fishy, as I seem to understand that the realloc
is perfomed on a shared data, without locking.

Revision history for this message
In , Drepper-fsp (drepper-fsp) wrote :

Should be fixed in cvs.

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10 beta?

Changed in vlc:
status: New → Incomplete
Revision history for this message
Johan Walles (walles) wrote :

Daniel,

this is an intermittent problem, and it is thus hard to tell whether it is fixed.

Getting a proper retrace would help very much in diagnosing the issue.

The stack trace produced by Ubuntu's retracing service is unfortunately broken. This was reported early 2007 (bug 95504), but has not yet been picked up by the retracer developers.

AFAICT, until bug 95504 gets some attention, this one will be un-resolved as well.

Revision history for this message
RichWolf (rspeedyw) wrote : Re: [Bug 78725] Re: MASTER firefox crashed [@vfprintf] ... -- libvlc.so.0

I'm using 8.04, Firefox 3.03 and don't have this problem anymore.

On Tue, Oct 7, 2008 at 10:07 PM, Daniel T Chen
>
> Is this symptom still reproducible in 8.10 beta?
>
>
>

Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

This is a well known gettext race condition, fixed in glibc 2.7. See also 92868.

This is not a VLC bug (neither Mozilla).

Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

This bug is real. But it belongs on libc...

Changed in vlc:
status: Incomplete → Confirmed
Rémi Denis-Courmont (rdenis)
Changed in vlc:
status: Confirmed → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in glibc:
status: Unknown → Fix Released
Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :

This is all because of races in older versions of glibc. Namely those two (now fixed) bugs are at fault:
http://sourceware.org/bugzilla/show_bug.cgi?id=5058 (a.k.a. http://bugs.debian.org/443660)
http://sourceware.org/bugzilla/show_bug.cgi?id=5443 (a.k.a. http://bugs.debian.org/456531)

In upstream glibc, those bugs are fixed with version 2.8. In Debian, 2.7-11 has the backported fixes. I have not been able to test on Ubuntu yet, but I assume this means the bug is in all versions before Intrepid.

Bug Watch Updater (bug-watch-updater)
Changed in glibc:
importance: Unknown → Medium
Thomas Hotz (thotz-deactivatedaccount)
Changed in glibc (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.