Ubuntu
firefox-3.5 package

Bug #449744
Comment #0

Comment 0 for bug 449744

Revision history for this message

In Mozilla Bugzilla #510040, Marti (intgr) wrote on 2009-08-12:

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2

64-bit Firefox 3.5.2 crashes after installing the Chromebug extension, even if you don't specify -chromebug from the command line. This is the culprit.

Reproducible: Always

Steps to Reproduce:
1. Install the Chromebug extension (chromebug-1.5.0a2.xpi) on a 64-bit browser from http://getfirebug.com/releases/chromebug/
2. Restart Firefox.
3. Witness segfault

Actual Results:
*snip*
#4 <signal handler called>
#5 0x00007fd59348d208 in js_GetOpcode (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.h:325
#6 0x00007fd593490357 in js_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.cpp:1808
#7 0x00007fd5933bca9f in JS_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsdbgapi.cpp:956
#8 0x00007fd591e3f4d7 in jsd_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsd_scpt.c:523
#9 0x00007fd591e3a001 in JSD_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsdebug.c:337
^--- PC is a 32-bit integer value, truncated :(
#10 0x00007fd591e44f1f in jsds_FilterHook (jsdc=0x7fd57e211380, state=0x7fd57d792780) at jsd_xpc.cpp:400
^--- jsds_FilterHook extracts PC from the struct again
#11 0x00007fd591e45c64 in jsds_ExecutionHookProc (jsdc=0x7fd57e211380, jsdthreadstate=0x7fd57d792780, type=1, callerdata=0x1,
    rval=0x7fffbad23a08) at jsd_xpc.cpp:680
#12 0x00007fd591e3d3b3 in jsd_CallExecutionHook (jsdc=0x7fd57e211380, cx=0x7fd5831fcc00, type=1,
    hook=0x7fd591e45903 <jsds_ExecutionHookProc>, hookData=0x1, rval=0x7fffbad23a08) at jsd_hook.c:177
^--- PC gets stored in a structure
#13 0x00007fd591e3fc91 in jsd_TrapHandler (cx=0x7fd5831fcc00, script=0x7fd57d794000, pc=0x7fd57d7952b0 "S", rval=0x7fffbad23a08,
    closure=0x7fd57d769a01) at jsd_scpt.c:758
*snip*

^--- PC is a 64-bit value, intact

Workaround: remove Chromebug extension by brute force.
% rm -rf ~/.mozilla/firefox/*/<email address hidden>/

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2

64-bit Firefox 3.5.2 crashes after installing the Chromebug extension, even if you don't specify -chromebug from the command line. This is the culprit.

Reproducible: Always

Steps to Reproduce:
1. Install the Chromebug extension (chromebug-1.5.0a2.xpi) on a 64-bit browser from http://getfirebug.com/releases/chromebug/
2. Restart Firefox.
3. Witness segfault

Actual Results:  
*snip*
#4  <signal handler called>
#5  0x00007fd59348d208 in js_GetOpcode (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.h:325
#6  0x00007fd593490357 in js_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.cpp:1808
#7  0x00007fd5933bca9f in JS_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsdbgapi.cpp:956
#8  0x00007fd591e3f4d7 in jsd_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsd_scpt.c:523
#9  0x00007fd591e3a001 in JSD_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsdebug.c:337
^--- PC is a 32-bit integer value, truncated :(
#10 0x00007fd591e44f1f in jsds_FilterHook (jsdc=0x7fd57e211380, state=0x7fd57d792780) at jsd_xpc.cpp:400
^--- jsds_FilterHook extracts PC from the struct again
#11 0x00007fd591e45c64 in jsds_ExecutionHookProc (jsdc=0x7fd57e211380, jsdthreadstate=0x7fd57d792780, type=1, callerdata=0x1, 
    rval=0x7fffbad23a08) at jsd_xpc.cpp:680
#12 0x00007fd591e3d3b3 in jsd_CallExecutionHook (jsdc=0x7fd57e211380, cx=0x7fd5831fcc00, type=1, 
    hook=0x7fd591e45903 <jsds_ExecutionHookProc>, hookData=0x1, rval=0x7fffbad23a08) at jsd_hook.c:177
^--- PC gets stored in a structure
#13 0x00007fd591e3fc91 in jsd_TrapHandler (cx=0x7fd5831fcc00, script=0x7fd57d794000, pc=0x7fd57d7952b0 "S", rval=0x7fffbad23a08, 
    closure=0x7fd57d769a01) at jsd_scpt.c:758
*snip*

^--- PC is a 64-bit value, intact

Workaround: remove Chromebug extension by brute force.
% rm -rf ~/.mozilla/firefox/*/extensions/chromebug@johnjbarton.com/

Ubuntufirefox-3.5 package

Comment 0 for bug 449744

Ubuntu
firefox-3.5 package