Bug#622726: iceweasel: segfault when adding a comment on a ReviewBoard review
Tzafrir Cohen
tzafrir at cohens.org.il
Thu Apr 14 08:41:51 UTC 2011
Package: iceweasel
Version: 4.0-3
Severity: normal
*** Please type your report below this line ***
ReviewBoard is a web-based code review tool. Its homepage can be found
at http://ReviewBoard.org/ .
To reproduce:
Instructions here are with the instance of ReviewBoard at
http://reviews.reviewboard.org/ . The issue was originally tested at a
different instance. You may install your own instance (See also
http://bugs.debian.org/590775 if you actually want to do that).
1. Create an account if you don't have one.
2. Browse http://reviews.reviewboard.org/r/ ("All Review Requests").
Login if you're not already logged on.
3. Select one active report from the top of the list. Find a blue
"add comment" link and press it.
This triggers a crash here.
Backtrace:
#0 nsBulletFrame::GetListItemText (this=0x0, aListStyle=..., result=...)
at ../../../layout/generic/nsBulletFrame.cpp:1255
#1 0x00007ffff4d619b1 in nsBlockFrame::GetBulletText (this=0x7fffcc1188d0,
aText=...) at ../../../layout/generic/nsBlockFrame.cpp:6633
#2 0x00007ffff547a4a2 in nsHTMLListBulletAccessible::AppendTextTo (
this=<value optimized out>, aText=..., aStartOffset=0, aLength=4294967295)
at ../../../../accessible/src/html/nsHTMLTextAccessible.cpp:400
#3 0x00007ffff545f8f4 in nsAccUtils::TextLength (aAccessible=0x7fffcba4ae00)
at ../../../../accessible/src/base/nsAccUtils.cpp:650
#4 0x00007ffff547db73 in nsHyperTextAccessible::GetChildOffset (
this=0x7fffca167a80, aChildIndex=2, aInvalidateAfter=<value optimized out>)
at ../../../../accessible/src/html/nsHyperTextAccessible.cpp:2221
#5 0x00007ffff5453118 in NotificationController::CreateTextChangeEventFor (
this=<value optimized out>, aEvent=0x7fffccfbf6f0)
at ../../../../accessible/src/base/NotificationController.cpp:563
#6 0x00007ffff54533ab in NotificationController::QueueEvent (
this=0x7fffc9f89600, aEvent=0x7fffccfbf6f0)
at ../../../../accessible/src/base/NotificationController.cpp:138
#7 0x00007ffff545940a in nsDocAccessible::FireDelayedAccessibleEvent (
this=<value optimized out>, aEvent=<value optimized out>)
at ../../../../accessible/src/base/nsDocAccessible.cpp:1688
#8 0x00007ffff545b866 in nsDocAccessible::UpdateTreeInternal (
this=0x7fffd052e850, aStartNode=<value optimized out>, aEndNode=0x0,
aIsInsert=0) at ../../../../accessible/src/base/nsDocAccessible.cpp:1904
#9 0x00007ffff545b95f in nsDocAccessible::UpdateTree (this=0x7fffd052e850,
aContainer=0x7fffca167a80, aChildNode=<value optimized out>, aIsInsert=0)
at ../../../../accessible/src/base/nsDocAccessible.cpp:1806
#10 0x00007ffff4d12ec5 in nsCSSFrameConstructor::ContentRemoved (
this=0x7fffe0188800, aContainer=0x7fffcb83d0f0, aChild=0x7fffcb83d8d0,
aOldNextSibling=0x0,
aFlags=nsCSSFrameConstructor::REMOVE_FOR_RECONSTRUCTION,
aDidReconstruct=0x7fffffff4c08)
at ../../../layout/base/nsCSSFrameConstructor.cpp:7488
#11 0x00007ffff4d119b8 in nsCSSFrameConstructor::RecreateFramesForContent (
this=0x7fffe0188800, aContent=0x7fffcb83d8d0, aAsyncInsert=1)
at ../../../layout/base/nsCSSFrameConstructor.cpp:9160
#12 0x00007ffff4d11dcf in nsCSSFrameConstructor::WipeContainingBlock (
this=0x7fffe0188800, aState=..., aContainingBlock=0x7fffc7d0c2c8,
aFrame=0x7fffc7d2f1b0, aItems=<value optimized out>, aIsAppend=0,
aPrevSibling=0x0) at ../../../layout/base/nsCSSFrameConstructor.cpp:11276
#13 0x00007ffff4d11328 in nsCSSFrameConstructor::ContentRangeInserted (
this=0x7fffe0188800, aContainer=0x7fffc799c930,
aStartChild=0x7fffca05ba60, aEndChild=0x7fffcb83e7b0,
aFrameState=0x7fff00000000, aAllowLazyConstruction=0)
at ../../../layout/base/nsCSSFrameConstructor.cpp:7178
#14 0x00007ffff4d119f9 in nsCSSFrameConstructor::RecreateFramesForContent (
this=0x7fffe0188800, aContent=0x7fffca05ba60, aAsyncInsert=0)
at ../../../layout/base/nsCSSFrameConstructor.cpp:9170
#15 0x00007ffff4d11fe4 in nsCSSFrameConstructor::ProcessRestyledFrames (
this=0x7fffe0188800, aChangeList=...)
at ../../../layout/base/nsCSSFrameConstructor.cpp:8012
#16 0x00007ffff4d12376 in nsCSSFrameConstructor::RestyleElement (
this=0x7fffe0188800, aElement=<value optimized out>,
aPrimaryFrame=0x7fffd01b4820, aMinHint=<value optimized out>,
aRestyleTracker=<value optimized out>,
aRestyleDescendants=<value optimized out>)
at ../../../layout/base/nsCSSFrameConstructor.cpp:8098
#17 0x00007ffff4d05538 in mozilla::css::RestyleTracker::ProcessOneRestyle (
this=<value optimized out>, aElement=<value optimized out>,
aRestyleHint=<value optimized out>, aChangeHint=<value optimized out>)
at ../../../layout/base/RestyleTracker.cpp:156
#18 0x00007ffff4d05362 in mozilla::css::RestyleTracker::ProcessRestyles (
this=0x7fffe0188898) at ../../../layout/base/RestyleTracker.cpp:240
#19 0x00007ffff4d122b4 in nsCSSFrameConstructor::ProcessPendingRestyles (
this=0x7fffe0188800)
at ../../../layout/base/nsCSSFrameConstructor.cpp:11667
#20 0x00007ffff4d48606 in PresShell::FlushPendingNotifications (
this=0x7fffe0188400, aType=Flush_Layout)
at ../../../layout/base/nsPresShell.cpp:4885
#21 0x00007ffff4e7c172 in nsDocument::FlushPendingNotifications (
this=0x7fffcce4a000, aType=Flush_Layout)
at ../../../../content/base/src/nsDocument.cpp:6476
#22 0x00007ffff4e95a94 in nsGenericElement::GetPrimaryFrame (
this=0x7fffcb83d940, aType=<value optimized out>)
at ../../../../content/base/src/nsGenericElement.cpp:3790
#23 0x00007ffff4e95b38 in nsGenericElement::GetStyledFrame (
this=<value optimized out>)
at ../../../../content/base/src/nsGenericElement.cpp:1551
#24 0x00007ffff4f17ead in nsGenericHTMLElement::GetOffsetRect (
this=0x7fffcb83d940, aRect=..., aOffsetParent=0x7fffffff6130)
at ../../../../../content/html/content/src/nsGenericHTMLElement.cpp:512
#25 0x00007ffff4f167b8 in nsGenericHTMLElement::GetOffsetWidth (
this=0x7fffcb83d940, aOffsetWidth=0x7fffffff619c)
at ../../../../../content/html/content/src/nsGenericHTMLElement.cpp:643
#26 0x00007ffff523aadd in nsIDOMNSHTMLElement_GetOffsetWidth (
cx=0x7fffd04cf800, obj=<value optimized out>, id=140736975270528,
vp=0x7fffffff66e0) at dom_quickstubs.cpp:20762
#27 0x00007ffff667dc8b in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#28 0x00007ffff664ecd1 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#29 0x00007ffff66593e5 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#30 0x00007ffff665b262 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#31 0x00007ffff6625619 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#32 0x00007ffff664cabb in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#33 0x00007ffff66593e5 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#34 0x00007ffff665b262 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#35 0x00007ffff6625619 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#36 0x00007ffff680e7d3 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#37 0x00007ffff680edfc in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#38 0x00007fffe02075f7 in ?? ()
#39 0x00007fffe1913b90 in ?? ()
#40 0x00007fffe2bfe2d0 in ?? ()
#41 0x00007fffffff719f in ?? ()
#42 0x00007fffffff7970 in ?? ()
#43 0x00007fffffff71d0 in ?? ()
#44 0x00007fffe2bfe400 in ?? ()
#45 0x00007fffe17769f4 in ?? ()
#46 0x00007fffe2bfe360 in ?? ()
#47 0x00007fffd04cf800 in ?? ()
#48 0x00007fffe2ca81f8 in ?? ()
#49 0x00007fffe2bfe2e0 in ?? ()
#50 0x00007fffd04cf800 in ?? ()
#51 0x00007fffca4b3200 in ?? ()
#52 0x00007ffff6ac9e00 in ?? () from /usr/lib/xulrunner-2.0/libmozjs.so
#53 0x000000000000ffff in ?? ()
-- Package-specific info:
-- Plugins information
Name: DivX® Web Player
Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Package: totem-mozilla
Status: enabled
Name: QuickTime Plug-in 7.6.6
Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Package: totem-mozilla
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/gnash/libgnashplugin.so
Package: browser-plugin-gnash
Status: enabled
Name: Skype Buttons for Kopete
Location: /usr/lib/mozilla/plugins/skypebuttons.so
Package: kopete
Status: enabled
Name: VLC Multimedia Plugin (compatible Totem 2.30.2)
Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Package: totem-mozilla
Status: enabled
Name: Windows Media Player Plug-in 10 (compatible; Totem)
Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Package: totem-mozilla
Status: enabled
-- Addons package information
ii browser-plugin 0.8.9-1 GNU Shockwave Flash (SWF) player - Plugin fo
ii kopete 4:4.4.5-2 instant messaging and chat application
ii totem-mozilla 2.30.2-6 Totem Mozilla plugin
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iceweasel depends on:
ii debianutils 3.4.4 Miscellaneous utilities specific t
ii fontconfig 2.8.0-2.1 generic font configuration library
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libglib2.0-0 2.28.4-1 The GLib library of C routines
ii libgtk2.0-0 2.24.3-1~sid1 The GTK+ graphical user interface
ii libnspr4-0d 4.8.7-2 NetScape Portable Runtime Library
ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3
ii procps 1:3.2.8-10 /proc file system utilities
ii xulrunner-2.0 2.0-3 XUL + XPCOM application runner
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii libgssapi-krb5-2 1.9+dfsg-1 MIT Kerberos runtime libraries - k
pn mozplugger <none> (no description available)
ii ttf-lyx 2.0.0~rc1-1 TrueType versions of some TeX font
pn ttf-mathematica4.1 <none> (no description available)
ii xfonts-mathml 4 Type1 Symbol font for MathML
pn xprint <none> (no description available)
Versions of packages xulrunner-2.0 depends on:
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.32.0-3 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libcairo2 1.10.2-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.4.6-1 simple interprocess messaging syst
ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event notification
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.4-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.6.0-2 GCC support library
ii libglib2.0-0 2.28.4-1 The GLib library of C routines
ii libgtk2.0-0 2.24.3-1~sid1 The GTK+ graphical user interface
ii libhunspell-1.2- 1.2.14-4 spell checker and morphological an
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libmozjs4d 2.0-3 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 4.8.7-2 NetScape Portable Runtime Library
ii libnss3-1d 3.12.9.with.ckbi.1.82-1 Network Security Service libraries
ii libpango1.0-0 1.28.3-6 Layout and rendering of internatio
ii libpixman-1-0 0.21.4-2 pixel-manipulation library for X a
ii libreadline6 6.1-3 GNU readline and history libraries
ii libsqlite3-0 3.7.5-1 SQLite 3 shared library
ii libstartup-notif 0.10-1 library for program launch feedbac
ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3
ii libvpx0 0.9.6-1 VP8 video codec (shared library)
ii libx11-6 2:1.4.2-1 X11 client-side library
ii libxext6 2:1.2.0-2 X11 miscellaneous extension librar
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.1.1-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages xulrunner-2.0 suggests:
ii libcanberra0 0.24-1 a simple abstract interface for pl
ii libdbus-glib-1-2 0.92-1 simple interprocess messaging syst
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgnomeui-0 2.24.3-1 The GNOME libraries (User Interfac
ii libgnomevfs2-0 1:2.24.4-1 GNOME Virtual File System (runtime
ii libnotify1 [libnotify1-gtk2.1 0.5.0-2 sends desktop notifications to a n
-- no debconf information
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the pkg-mozilla-maintainers
mailing list