Package: iceweasel
Version: 2.0.0.13-0etch1
Severity: important
*** Please type your report below this line ***
=== What I did... ==============================================================
I created the "iceweasel-bug-svg-user" pristine profile.
I installed iceweasel-dbg package.
I disabled the plugins:
prompt$ ls -l ~/.mozilla/plugins /usr/lib/iceweasel/plugins
ls: /home/sylvain/.mozilla/plugins: No such file or directory
ls: /usr/lib/iceweasel/plugins: No such file or directory
I stopped the network interface.
MALLOC_CHECK_ and valgrind see no problems.
strace shows an interesting thing...
=== I can send more files ======================================================
I can send the SVG file (9 MiB, 2.9 MiB bzip'ped), if ever you distrust your
download despite of all the checksums I provided... :-)
I can send a core dump (187 MiB, bz2: 11 MiB).
I can send the strace files of all threads (tar.bz2: 274 KiB).
I didn't include these files because of their size.
If you want them, please tell me how can I send them to you.
=== Downloading the SVG file ===================================================
$ wget 'http://www.nojhan.net/geekscottes/strips/geekscottes_065.svg'
$ sum geekscottes_065.svg
02520 9167
$ md5sum geekscottes_065.svg
bc3f313309e668d0c8875a61285dfdcb geekscottes_065.svg
$ sha1sum geekscottes_065.svg
5e5e3d0148783bec52927350e369bf2d95d25ace geekscottes_065.svg
$ sha224sum geekscottes_065.svg
68d1bae41de1f0522e960db6537345cce564777e1a1b0d7e5578a21f geekscottes_065.svg
$ sha256sum geekscottes_065.svg
fffb35e026c51b7dc6410cbc5564b522c9ea1f5c30852e2197efd9eb03a42004
geekscottes_065.svg
$ sha384sum geekscottes_065.svg
6b13edb985a04ddec1ad473b699904598909d6025826d2609ada6333b4a4e5ad46effc676f1001133fc01003d8f466bf
geekscottes_065.svg
$ sha512sum geekscottes_065.svg
33ad24334e2a4549c7d9e70d41ca4b3fd9f229540c6b19d9ae6c30de2feebf08c8589f8af760acd36a8fe1f8524e2e36069951a0ff5a9db41954aff612145773
geekscottes_065.svg
=== Backtrace ==================================================================
prompt$ MOZ_NO_REMOTE=1 MOZ_DISABLE_PANGO=1 iceweasel -g -safe-mode
--sync -P "iceweasel-bug-svg-user" "file:///`pwd`/geekscottes_065.svg"
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db
library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) set pagination off
(gdb) run
Starting program: /usr/lib/iceweasel/firefox-bin -a
firefox--iceweasel-bug-svg-user -safe-mode --sync -P
iceweasel-bug-svg-user
file:////home/sylvain/iceweasel/03_without_plugin/geekscottes_065.svg
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1222547776 (LWP 8674)]
[New Thread -1229960272 (LWP 8677)]
[New Thread -1238352976 (LWP 8678)]
[New Thread -1247212624 (LWP 8679)]
[New Thread -1255605328 (LWP 8680)]
[New Thread -1263998032 (LWP 8681)]
[New Thread -1272390736 (LWP 8682)]
[New Thread -1283445840 (LWP 8683)]
[New Thread -1291838544 (LWP 8684)]
[Thread -1291838544 (LWP 8684) exited]
[New Thread -1300231248 (LWP 8685)]
[Thread -1300231248 (LWP 8685) exited]
[New Thread -1300231248 (LWP 8686)]
[New Thread -1291838544 (LWP 8687)]
[New Thread -1327625296 (LWP 8689)]
[New Thread -1336018000 (LWP 8691)]
Program received signal SIGPIPE, Broken pipe.
[Switching to Thread -1222547776 (LWP 8674)]
0xb7f40410 in ?? ()
(gdb) thread apply all bt full
Thread 14 (Thread -1336018000 (LWP 8691)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb05df398 in ?? ()
No symbol table info available.
#2 0x00000007 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 13 (Thread -1327625296 (LWP 8689)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb0de0418 in ?? ()
No symbol table info available.
#2 0x00000001 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 12 (Thread -1291838544 (LWP 8687)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb30013f8 in ?? ()
No symbol table info available.
#2 0x00000001 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 11 (Thread -1300231248 (LWP 8686)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb280038c in ?? ()
No symbol table info available.
#2 0x00000003 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 8 (Thread -1283445840 (LWP 8683)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb3802278 in ?? ()
No symbol table info available.
#2 0x00000003 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 7 (Thread -1272390736 (LWP 8682)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb428d3cc in ?? ()
No symbol table info available.
#2 0x0000105e in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 6 (Thread -1263998032 (LWP 8681)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb4a8e3cc in ?? ()
No symbol table info available.
#2 0x00001060 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 5 (Thread -1255605328 (LWP 8680)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb528f3cc in ?? ()
No symbol table info available.
#2 0x00001062 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 4 (Thread -1247212624 (LWP 8679)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb5a903cc in ?? ()
No symbol table info available.
#2 0x00001064 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 3 (Thread -1238352976 (LWP 8678)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb63033ac in ?? ()
No symbol table info available.
#2 0x00000263 in ?? ()
No symbol table info available.
#3 0x00000000 in ?? ()
No symbol table info available.
Thread 2 (Thread -1229960272 (LWP 8677)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xb6b04158 in ?? ()
No symbol table info available.
#2 0xffffffff in ?? ()
No symbol table info available.
#3 0x00000001 in ?? ()
No symbol table info available.
#4 0xb745a8f3 in poll () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#5 0xb7dd4d89 in PR_Poll (pds=0x8c70c28, npds=1, timeout=4294967295)
at ptio.c:3894
No locals.
#6 0x0816df27 in nsSocketTransportService::Poll (this=0x8c70740,
interval=0xb6b04408) at nsSocketTransportService2.cpp:361
pollList = (PRPollDesc *) 0x8c70c28
pollCount = 1
pollTimeout = 4294967295
ts = 892198087
rv = <value optimized out>
passedInterval = <value optimized out>
#7 0x0816e691 in nsSocketTransportService::Run (this=0x8c70740) at
nsSocketTransportService2.cpp:578
pollInterval = 8
n = 1
i = -1
active = 1
#8 0xb7e5b20b in nsThread::Main (arg=0x8c70ed8) at nsThread.cpp:118
No locals.
#9 0xb7dd8f9c in _pt_root (arg=0x8c70f58) at ptthread.c:220
No locals.
#10 0xb7d9b240 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#11 0xb746449e in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
Thread 1 (Thread -1222547776 (LWP 8674)):
#0 0xb7f40410 in ?? ()
No symbol table info available.
#1 0xbf9a36b8 in ?? ()
No symbol table info available.
#2 0x00000001 in ?? ()
No symbol table info available.
#3 0xbf9a3734 in ?? ()
No symbol table info available.
#4 0xb745cc3e in writev () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#5 0xb79796be in _X11TransGetMyAddr () from /usr/lib/libX11.so.6
No symbol table info available.
#6 0xb79792ff in _X11TransWritev () from /usr/lib/libX11.so.6
No symbol table info available.
#7 0xb797e9ee in _XSend () from /usr/lib/libX11.so.6
No symbol table info available.
#8 0xb736306c in XRenderCompositeTrapezoids () from /usr/lib/libXrender.so.1
No symbol table info available.
#9 0xb77f983a in cairo_xlib_surface_get_display () from /usr/lib/libcairo.so.2
No symbol table info available.
#10 0xb77dc962 in cairo_surface_reference () from /usr/lib/libcairo.so.2
No symbol table info available.
#11 0xb77dfa3d in cairo_surface_create_similar () from /usr/lib/libcairo.so.2
No symbol table info available.
#12 0xb77decdc in cairo_surface_create_similar () from /usr/lib/libcairo.so.2
No symbol table info available.
#13 0xb77df714 in cairo_surface_create_similar () from /usr/lib/libcairo.so.2
No symbol table info available.
#14 0xb77df970 in cairo_surface_create_similar () from /usr/lib/libcairo.so.2
No symbol table info available.
#15 0xb77dd3f3 in cairo_surface_reference () from /usr/lib/libcairo.so.2
No symbol table info available.
#16 0xb77d1814 in cairo_font_options_create () from /usr/lib/libcairo.so.2
No symbol table info available.
#17 0xb77ccf39 in cairo_fill_preserve () from /usr/lib/libcairo.so.2
No symbol table info available.
#18 0x0861e465 in nsSVGCairoPathGeometry::Render (this=0x9e51ab0,
canvas=0x9155e08) at nsSVGCairoPathGeometry.cpp:364
serverType = <value optimized out>
cairoCanvas = {<nsCOMPtr_base> = {mRawPtr = 0x9155e08}, <No
data fields>}
ctx = (cairo_t *) 0x9155e88
renderMode = 0
matrix = {xx = 0, yx = 0, xy = -0.025626182556152344, yy =
5.3419122736958414e-261, x0 = 1.2463662101187216e-266, y0 =
5.8306760165960734e-269}
rule = 0
shapeMode = 0
strokeType = 0
fillType = 1
strokeServerType = 0
bStroking = 0
fillServerType = 0
#19 0x085e1527 in nsSVGPathGeometryFrame::PaintSVG (this=0x9e5070c,
canvas=0x9155e08, [EMAIL PROTECTED]) at
nsSVGPathGeometryFrame.cpp:245
clip = (class nsSVGClipPathFrame *) 0x0
markable = <value optimized out>
#20 0x085cef45 in nsSVGGFrame::PaintSVG (this=0x9e5041c,
canvas=0x9155e08, [EMAIL PROTECTED]) at nsSVGGFrame.cpp:138
SVGFrame = (nsISVGChildFrame *) 0x9e50744
kid = (class nsIFrame *) 0x9e5070c
surface = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
display = (const nsStyleDisplay *) 0x94439b4
clip = (class nsSVGClipPathFrame *) 0x0
#21 0x085cef45 in nsSVGGFrame::PaintSVG (this=0x9e50140,
canvas=0x9155e08, [EMAIL PROTECTED]) at nsSVGGFrame.cpp:138
SVGFrame = (nsISVGChildFrame *) 0x9e50450
kid = (class nsIFrame *) 0x9e5041c
surface = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
display = (const nsStyleDisplay *) 0x94439b4
clip = (class nsSVGClipPathFrame *) 0x0
#22 0x085cef45 in nsSVGGFrame::PaintSVG (this=0x9e4fc2c,
canvas=0x9155e08, [EMAIL PROTECTED]) at nsSVGGFrame.cpp:138
SVGFrame = (nsISVGChildFrame *) 0x9e50174
kid = (class nsIFrame *) 0x9e50140
surface = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
display = (const nsStyleDisplay *) 0x94439b4
clip = (class nsSVGClipPathFrame *) 0x0
#23 0x085dc315 in nsSVGOuterSVGFrame::Paint (this=0x97a2474,
aPresContext=0x92fc530, [EMAIL PROTECTED],
[EMAIL PROTECTED], aWhichLayer=eFramePaintLayer_Overlay,
aFlags=0) at nsSVGOuterSVGFrame.cpp:862
SVGFrame = (class nsISVGChildFrame *) 0x9e4fc60
kid = (class nsIFrame *) 0x9e4fc2c
pxPerTwips = 21.8834305
x0 = <value optimized out>
y0 = <value optimized out>
dirtyRectPx = {x = 0, y = 0, width = 611, height = 171}
canvas = {<nsCOMPtr_base> = {mRawPtr = 0x9155e08}, <No data fields>}
#24 0x08338f7d in nsContainerFrame::PaintChild (this=0x9443564,
aPresContext=0x92fc530, [EMAIL PROTECTED],
[EMAIL PROTECTED], aFrame=0x97a2474,
aWhichLayer=eFramePaintLayer_Overlay, aFlags=0) at
nsContainerFrame.cpp:286
translate = {mCtx = 0x914ef10, mPushed = {mSavedX = 0, mSavedY = 0}}
kidRect = {x = 0, y = 0, width = 9150, height = 2550}
damageArea = {x = 0, y = 0, width = 9150, height = 2550}
overlap = <value optimized out>
#25 0x08338dff in nsContainerFrame::PaintChildren (this=0x9443564,
aPresContext=0x92fc530, [EMAIL PROTECTED],
[EMAIL PROTECTED], aWhichLayer=eFramePaintLayer_Overlay,
aFlags=0) at nsContainerFrame.cpp:231
kid = (class nsIFrame *) 0x97a2474
#26 0x0834ec2b in nsHTMLContainerFrame::Paint (this=0x9443564,
aPresContext=0x92fc530, [EMAIL PROTECTED],
[EMAIL PROTECTED], aWhichLayer=eFramePaintLayer_Overlay,
aFlags=0) at nsHTMLContainerFrame.cpp:83
No locals.
#27 0x0834f497 in CanvasFrame::Paint (this=0x9443564,
aPresContext=0x92fc530, [EMAIL PROTECTED],
[EMAIL PROTECTED], aWhichLayer=eFramePaintLayer_Overlay,
aFlags=0) at nsHTMLFrame.cpp:383
paintingSuppressed = 0
rv = <value optimized out>
#28 0x0831885c in PresShell::Paint (this=0x9484a88, aView=0x98ce0b8,
[EMAIL PROTECTED], [EMAIL PROTECTED]) at
nsPresShell.cpp:5963
setClipRect = 0
frame = <value optimized out>
rv = <value optimized out>
#29 0x0852f88d in nsView::Paint (this=0x98ce0b8, [EMAIL PROTECTED],
[EMAIL PROTECTED], aPaintFlags=0, [EMAIL PROTECTED]) at
nsView.cpp:319
observer = {<nsCOMPtr_base> = {mRawPtr = 0x9484b04}, <No data fields>}
#30 0x08530c30 in nsViewManager::RenderDisplayListElement
(this=0x949a218, element=0x9355198, aRC=0x914ef10) at
nsViewManager.cpp:1458
clipEmpty = 154489372
x = 0
y = <value optimized out>
drect = {x = 0, y = 0, width = 14910, height = 12255}
#31 0x08536818 in nsViewManager::RenderViews (this=0x949a218,
aRootView=0x96b3890, [EMAIL PROTECTED], [EMAIL PROTECTED],
aRCSurface=0x90aa118, [EMAIL PROTECTED]) at
nsViewManager.cpp:1373
RCs = {0x914ef10, 0x0}
i = 4
index = 6
fakeClipRect = {x = 0, y = 0, width = 0, height = 0}
anyRendered = 1
widget = (nsIWidget *) 0x98cdfc8
translucentWindow = 0
buffers = (BlendingBuffers *) 0x94dd700
filterStack = {<nsVoidArray> = {_vptr.nsVoidArray = 0x8baa808,
mImpl = 0xbf9a44a4}, mAutoBuf =
"\b\000\000\000\000\000\000\0001\003\000\000\000\000\000\000\020E\232��D\232��\035(\b\230DN\t\000\000\000\000\000\000\000"}
#32 0x085384b2 in nsViewManager::Refresh (this=0x949a218,
aView=0x96b3890, aContext=0x914ef10, aRegion=0x92f89a0,
aUpdateFlags=<value optimized out>) at nsViewManager.cpp:929
i = <value optimized out>
viewRect = {x = 0, y = 0, width = 14910, height = 12255}
damageRegion = {mRectCount = 1, mCurRect = 0x8bbf0cc,
mRectListHead = {<nsRegion::nsRectFast> = {<nsRect> = {x = 0, y = 0,
width = 0, height = 0}, <No data fields>}, prev = 0x8bbf0cc, next =
0x8bbf0cc}, mBoundRect = {<nsRect> = {x = 0, y = 0, width = 14910,
height = 12255}, <No data fields>}}
localcx = {<nsCOMPtr_base> = {mRawPtr = 0x914ef10}, <No data fields>}
ds = (class nsIDrawingSurface *) 0x90aa118
damageRect = {x = 0, y = 0, width = 14910, height = 12255}
widgetDamageRectInPixels = {x = 0, y = 0, width = 995, height = 818}
displayList = {<nsVoidArray> = {_vptr.nsVoidArray = 0x8baa808,
mImpl = 0xbf9a45a8}, mAutoBuf =
"\b\000\000\000\006\000\000\000�R5\t`R5\t\030R5\t�Q5\t\230Q5\tPQ5\t�E\232�\004
d�"}
displayArena = {first = {next = 0x9355140, base = 3214558736,
limit = 3214558736, avail = 3214558736}, current = 0x9355140,
arenasize = 1024, mask = 3}
anyTransparentPixels = 0
needBlending = <value optimized out>
#33 0x085392a8 in nsViewManager::DispatchEvent (this=0x949a218,
aEvent=0xbf9a47ec, aStatus=0xbf9a47a0) at nsViewManager.cpp:2051
rootVM = (nsViewManager *) 0x949a218
widget = <value optimized out>
translucentWindow = 0
didResize = 0
view = (class nsView *) 0x96b3890
region = {<nsCOMPtr_base> = {mRawPtr = 0x92f89a0}, <No data fields>}
#34 0x0852f586 in HandleEvent (aEvent=0xbf9a47ec) at nsView.cpp:171
result = nsEventStatus_eConsumeNoDefault
#35 0x082dc865 in nsCommonWidget::DispatchEvent (this=0x98cdfc8,
aEvent=0xbf9a47ec, [EMAIL PROTECTED]) at nsCommonWidget.cpp:219
No locals.
#36 0x082d5e7a in nsWindow::OnExposeEvent (this=0x98cdfc8,
aWidget=0x8f61a10, aEvent=0xbf9a4d90) at nsWindow.cpp:1465
rc = {<nsCOMPtr_base> = {mRawPtr = 0x914ef10}, <No data fields>}
updateRegion = {<nsCOMPtr_base> = {mRawPtr = 0x92f89a0}, <No
data fields>}
rects = (GdkRectangle *) 0x90a5b48
nrects = 1
event = {<nsGUIEvent> = {<nsEvent> = {eventStructType = 6
'\006', message = 130, point = {x = 0, y = 0}, refPoint = {x = 0, y =
0}, time = 0, flags = 0, internalAppFlags = 2, userType = 0x0}, widget
= 0x98cdfc8, nativeMsg = 0x0}, renderingContext = 0x914ef10, region =
0x92f89a0, rect = 0x0}
status = nsEventStatus_eIgnore
kRegionCID = {m0 = 3777450736, m1 = 61082, m2 = 4561, m3 =
"[EMAIL PROTECTED](�"}
#37 0x082d5efb in expose_event_cb (widget=0x8f61a10, event=0xbf9a4d90)
at nsWindow.cpp:3813
window = (nsWindow *) 0x1
#38 0xb7bda250 in _gtk_marshal_BOOLEAN__BOXED () from
/usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#39 0xb769598b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#40 0xb76a5f2d in g_signal_chain_from_overridden () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#41 0xb76a7208 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#42 0xb76a75d9 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#43 0xb7cc3f64 in gtk_widget_get_default_style () from
/usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#44 0xb7bd4efa in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#45 0xb7a58eb0 in gdk_window_is_viewable () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#46 0xb7a5905f in gdk_window_process_all_updates () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#47 0xb7a590e5 in gdk_window_process_all_updates () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#48 0xb76239b1 in g_source_is_destroyed () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#49 0xb7625731 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#50 0xb76287a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#51 0xb7628b67 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#52 0xb7bd5281 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#53 0x082dbe82 in nsAppShell::Run (this=0x8f731f0) at nsAppShell.cpp:139
No locals.
#54 0x0880f240 in nsAppStartup::Run (this=0x8f757c8) at nsAppStartup.cpp:151
rv = <value optimized out>
#55 0x0807d37a in XRE_main (argc=8, argv=0xbf9a53d4,
aAppData=0x8996f80) at nsAppRunner.cpp:2817
remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x90abe18}, <No
data fields>}
rv = 0
ar = <value optimized out>
i = <value optimized out>
dirProvider = {<nsIDirectoryServiceProvider2> =
{<nsIDirectoryServiceProvider> = {<nsISupports> = {_vptr.nsISupports =
0x8999088}, <No data fields>}, <No data fields>}, <nsIProfileStartup>
= {<nsISupports> = {_vptr.nsISupports = 0x89990ac}, <No data fields>},
mAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x8bc1280}, <No data fields>},
mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>},
mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x8bef1f8}, <No data
fields>}, mProfileLocalDir = {<nsCOMPtr_base> = {mRawPtr = 0x8bef1f8},
<No data fields>}, mProfileNotified = 1}
glib2 = (PRLibrary *) 0x8bc0a30
nativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x8bdd990}, <No data fields>}
canRun = 1
registryFile = {<nsCOMPtr_base> = {mRawPtr = 0x8bddef0}, <No
data fields>}
xremotearg = <value optimized out>
profileLock = {<nsCOMPtr_base> = {mRawPtr = 0x8bdeb50}, <No
data fields>}
startOffline = 0
profD = {<nsCOMPtr_base> = {mRawPtr = 0x8bef1f8}, <No data fields>}
profLD = {<nsCOMPtr_base> = {mRawPtr = 0x8bef1f8}, <No data fields>}
upgraded = <value optimized out>
version = {<nsFixedCString> = {<nsCString> = {<nsCSubstring> =
{<nsACString_internal> = {mVTable = 0xb7e8e048, mData = 0xbf9a50cc
"2.0.0.13_2008031100/1.8.1.13_2008031100", mLength = 39, mFlags =
65553}, <No data fields>}, <No data fields>}, mFixedCapacity = 63,
mFixedBuf = 0xbf9a50cc "2.0.0.13_2008031100/1.8.1.13_2008031100"},
mStorage = "2.0.0.13_2008031100/1.8.1.13_2008031100\000\000\000\000\000\016",
'\0' <repeats 18 times>}
osABI = {<nsCString> = {<nsCSubstring> =
{<nsACString_internal> = {mVTable = 0xb7e8e048, mData = 0x89977e0
"Linux_x86-gcc3", mLength = 14, mFlags = 1}, <No data fields>}, <No
data fields>}, <No data fields>}
versionOK = <value optimized out>
needsRestart = 0
appInitiatedRestart = <value optimized out>
rv = <value optimized out>
ar = <value optimized out>
arg = 0xbf9a63ec "iceweasel-bug-svg-user"
profileSvc = {<nsCOMPtr_base> = {mRawPtr = 0x9119bc0}, <No data fields>}
count = 47
useDefault = -1080405268
#56 0x08079f7b in main (argc=-1417709332, argv=0xfe46e4) at nsBrowserApp.cpp:62
No locals.
#57 0xb73adea8 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#58 0x08079ec1 in _start () at ../sysdeps/i386/elf/start.S:119
No locals.
(gdb) generate-core-file
Saved corefile core.8674
(gdb) cont
Continuing.
The application 'Gecko' lost its connection to the display :0.0;
most likely the X server was shut down or you killed/destroyed
the application.
Program exited with code 01.
(gdb) q
prompt$
=== valgrind ===================================================================
prompt$ MOZ_NO_REMOTE=1 MOZ_DISABLE_PANGO=1 valgrind
--log-file=ice.vgrind iceweasel -safe-mode --sync -P
"iceweasel-bug-svg-user" "file:///`pwd`/geekscottes_065.svg"
The application 'Gecko' lost its connection to the display :0.0;
most likely the X server was shut down or you killed/destroyed
the application.
prompt$ cat ice.vgrind.8800
==8800== Memcheck, a memory error detector.
==8800== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==8800== Using LibVEX rev 1658, a library for dynamic binary translation.
==8800== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==8800== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation
framework.
==8800== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==8800== For more details, rerun with: -v
==8800==
==8800== My PID = 8800, parent PID = 4146. Prog and args are:
==8800== iceweasel
==8800== -safe-mode
==8800== --sync
==8800== -P
==8800== iceweasel-bug-svg-user
==8800==
file:////home/sylvain/iceweasel/03_without_plugin/geekscottes_065.svg
==8800==
==8801==
==8801== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 15 from 1)
==8801== malloc/free: in use at exit: 0 bytes in 0 blocks.
==8801== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==8801== For counts of detected errors, rerun with: -v
==8801== All heap blocks were freed -- no leaks are possible.
prompt$
=== MALLOC_CHECK_ ==============================================================
prompt$ MOZ_NO_REMOTE=1 MOZ_DISABLE_PANGO=1 MALLOC_CHECK_=1 iceweasel
-safe-mode --sync -P "iceweasel-bug-svg-user"
"file:///`pwd`/geekscottes_065.svg"
malloc: using debugging hooks
malloc: using debugging hooks
The application 'Gecko' lost its connection to the display :0.0;
most likely the X server was shut down or you killed/destroyed
the application.
prompt$
=== strace =====================================================================
prompt$ mkdir st
prompt$ MOZ_NO_REMOTE=1 MOZ_DISABLE_PANGO=1 strace -ffo st/ice.strace
iceweasel -safe-mode --sync -P "iceweasel-bug-svg-user"
"file:///`pwd`/geekscottes_065.svg"
The application 'Gecko' lost its connection to the display :0.0;
most likely the X server was shut down or you killed/destroyed
the application.
prompt$ grep PIPE st/ice.strace*
st/ice.strace:rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
st/ice.strace:rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
st/ice.strace:rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
st/ice.strace:writev(3,
[{"\270\'4\0N\304\257\0bT4\0003)4\0\210)4\0\330E\260\0B\017"...,
16664292}], 1) = -1 EPIPE (Broken pipe)
st/ice.strace:--- SIGPIPE (Broken pipe) @ 0 (0) ---
prompt$ tail -20 st/ice.strace
read(3, "[EMAIL PROTECTED](\34\10\231"..., 32) = 32
write(3, "[EMAIL PROTECTED]", 20) = 20
read(3, "[EMAIL PROTECTED](\34\10\231"..., 32) = 32
write(3, "[EMAIL PROTECTED]", 24) = 24
read(3, "[EMAIL PROTECTED](\34\10\231"..., 32) = 32
writev(3, [{"[EMAIL PROTECTED]@[EMAIL PROTECTED]'\0\0\0"...,
28}, {"\f\3703\0\305\3723\0W\36\261\0\f\3703\0\37\2\261\0j\003"...,
16777160}], 2) = 112896
writev(3, [{"\270\'4\0N\304\257\0bT4\0003)4\0\210)4\0\330E\260\0B\017"...,
16664292}], 1) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) @ 0 (0) ---
write(2, "The application \'Gecko\' lost its"..., 145) = 145
writev(18, [{"GIOP\1\2\1\5\0\0\0\0", 12}], 1) = 12
close(18) = 0
writev(16, [{"GIOP\1\2\1\5\0\0\0\0", 12}], 1) = 12
close(16) = 0
close(15) = 0
close(14) = 0
unlink("/tmp/orbit-sylvain/linc-22de-0-1031f9d5aa3bc") = 0
close(17) = 0
unlink("/tmp/iceweasel-bug-svg/lock") = 0
munmap(0xb6d28000, 4096) = 0
exit_group(1) = ?
prompt$
The writev() just before the failing one tries to send a 2nd block of size
16777160...
But 16777160 = 2 ^ 24 - 56 ...
And 56 = 2 * 28 ... That is, twice the size of the 1st block...
Would this be related to the "integer-overflow vulnerabilities in malloc()
calls" fixed by libcairo2_1.2.4-4.1+etch1 ?
=== System Information =========================================================
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages iceweasel depends on:
ii debianutils 2.17 Miscellaneous utilities specific t
ii fontconfig 2.4.2-1.2 generic font configuration library
ii libatk1.0-0 1.12.4-3 The ATK accessibility toolkit
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libcairo2 1.2.4-4.1+etch1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.2.1-5+etch2 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.1-21 GCC support library
ii libglib2.0-0 2.12.4-2 The GLib library of C routines
ii libgtk2.0-0 2.8.20-7 The GTK+ graphical user interface
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libmyspell3c2 1:3.1-18 MySpell spellchecking library
ii libpango1.0-0 1.14.8-5 Layout and rendering of internatio
ii libpng12-0 1.2.15~beta5-1 PNG library - runtime
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxft2 2.1.8.2-8 FreeType-based font drawing librar
ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library
ii libxp6 1:1.0.0.xsf1-1 X Printing Extension (Xprint) clie
ii libxrender1 1:0.9.1-3 X Rendering Extension client libra
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii psmisc 22.3-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-13 compression library - runtime
iceweasel recommends no packages.
-- no debconf information
================================================================================
Regards,
Sylvain HITIER
--
Free hugs for free software fellows!
