On So, 2014-11-16 at 16:20 -0800, James Galizio wrote: > On Sun, 16 Nov 2014 13:04:27 +0100 Yves-Alexis Perez <[email protected]> > wrote: > > On dim., 2014-11-16 at 10:48 +0100, Sebastian Dröge wrote: > > > On Sa, 2014-11-15 at 12:01 -0800, James Galizio wrote: > > > > Also; just ran iceweasel through the terminal and recreated the steps > to > > > > the crash. Terminal output below. > > > > [...] > > > > Segmentation fault > > > > > > > > That last line makes me believe that this isn't fixed yet; and in any > case, > > > > having the browser crash is still a bug, no? > > > > > > [Also CC'ing Yves-Alexis who reported the other bug] > > > > > > Definitely, yes. The patch from the other bug is applied, which is > > > supposed to be the fix for the CVE though. Unfortunately the only > > > reference to the fix that I can find is in the Debian bug report as the > > > Mozilla Bugzilla Bug is still non-public. Maybe there are more related > > > changes that were forgotten? > > > > > > Do you know anything about that? :) > > > > > > Also you you get a backtrace of the segfault to see where exactly it > > > comes from? > > > > And are you sure packages for that âcrunchbang GNU/Linuxâ are really > > identical to the Debian ones? > > -- > > Yves-Alexis > > Crunchbang has a separate repo for Crunchbang specific packages; but shares > the vast majority of its packages (>99%, including all major system > libraries) with debian mainline. It uses the official debian repos. When I > said I was using the latest version of iceweasel from the experimental > branch, I meant it. > > Also; apologies for not recording the error through gdb. Here's the log > that should have been posted; I have a longer version of it if need be, but > this seems to be the portion that is relevant to the current issue. > [...]
Are you using libvpx 1.3.0-3 from Debian too or is it a Crunchbang specific package? The backtrace is relatively useless unfortunately, the memory corruption has happened before that already. Can you reproduce the problem when running in valgrind? Please don't forget to install valgrind-dbg and also relevant other debug packages, then set G_SLICE=always-malloc in the environment and run valgrind with --track-origins=yes and --trace-children=yes and paste the log here.
signature.asc
Description: This is a digitally signed message part
