Bug List: (1 of 2) First Last Prev Next   Show last search results
Bug 1039755 - Firefox crashes when cancelling the file selection dialog
Summary: Firefox crashes when cancelling the file selection dialog
Status: RESOLVED DUPLICATE of bug 1015998
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Firefox (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: E-mail List
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-18 14:58 UTC by Andreas Schneider
Modified: 2017-05-18 15:14 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-05-18 14:58:28 UTC 
Firefox crashes when you want to upload a file and in the file selection dialog you press cancel. This is Firefox on KDE

(gdb) bt full
#0  0x00007fa3815c8201 in nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) (this=this@entry=0x7fa3637dc508, aNewPtr=aNewPtr@entry=0x0)
    at /usr/src/debug/obj/dist/include/nsCOMPtr.h:334
        oldPtr = 0xe5e5e5e5e5e5e5e5
#1  0x00007fa3829b8251 in nsCOMPtr<nsIFilePickerShownCallback>::operator=(decltype(nullptr)) (this=0x7fa3637dc508) at /usr/src/debug/obj/dist/include/nsCOMPtr.h:600
        result = 1
        title = 
              {<nsCString> = {<nsACString_internal> = {mData = 0x55d4676b0001 <arena_run_tree_remove+498> "I\211J\bL\211\020H\211\002H\213H\bH\203\341\376H\211\nH\213H\b\203\341\001H\t\321H\211H\bH\213J\bI\211ʃ\341\001I\203\342\376I\v\nH\211J\bI\211\022H\213H\b\203\341\001L\t\321H\211H\bH\203J\b\001H\211\004$H\211\342\353\034H\213\bI9\310t2L\213Q\bA\366\302\001\017\204\213", mLength = 24, mFlags = 0, static kMaxCapacity = <optimized out>}, <No data fields>}, <No data fields>}
        parent_widget = <optimized out>
        accept_button = <optimized out>
        buttonLabel = 
            {<nsAutoCString> = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fa3815c0685 <nsACString_internal::Equals(nsACString_internal const&) const+23> "\205\300\017\224\300Z\303\061\300\303USH\203\354\070\213N\bdH\213\004%(", mLength = 1359145464, mFlags = 32766, static kMaxCapacity = <optimized out>}, <No data fields>}, mFixedCapacity = 1359145512, mFixedBuf = 0x2 <error: Cannot access memory at address 0x2>}, mStorage = "(Akg\324U\000\000\250\326\372b\243\177\000\000\270\000\000\000\000\000\000\000\200S\276\203\243\177\000\000\000\000\000\000\000\000\000\000\200S\276\203\243\177\000\000p\352\002Q\376\177\000\000\001\000\000\000\000\000\000"}, <No data fields>}
        file_chooser = <optimized out>
        window = <optimized out>
        defaultName = 
            {<nsAutoCString> = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fa381627ebe <NS_TableDrivenQI(void*, nsID const&, void**, QITableEntry const*)+58> "H\211]", mLength = 184, mFlags = 0, static kMaxCapacity = <optimized out>}, <No data fields>}, mFixedCapacity = 1735082280, mFixedBuf = 0x7fa383be5380 <nsIFile::COMTypeInfo<nsIFile, void>::kIID> "J\210\246/e\256*A\235L\316n4TK\241"}, mStorage = "\270\000\000\000\000\000\000\000@\352\002Q\376\177\000\000\300\307}c\243\177\000\000H\352\002Q\376\177\000\000\276~b\201\243\177\000\000\001\000\000\000\000\000\000\000H\352\002Q\376\177\000\000\300\307}c\243\177\000"}, <No data fields>}
        defaultPath = {<nsCOMPtr_base> = {mRawPtr = 0x7fa3815c29ab <nsACString_internal::Assign(char const*, unsigned int, mozilla::fallible_t const&)+221>}, <No data fields>}
#2  0x00007fa3829b8251 in nsFilePicker::Open(nsIFilePickerShownCallback*) (this=0x7fa3637dc4c0, aCallback=0x7fa3652b4f00) at /usr/src/debug/mozilla/widget/gtk/nsFilePicker.cpp:391
        result = 1
        title = 
              {<nsCString> = {<nsACString_internal> = {mData = 0x55d4676b0001 <arena_run_tree_remove+498> "I\211J\bL\211\020H\211\002H\213H\bH\203\341\376H\211\nH\213H\b\203\341\001H\t\321H\211H\bH\213J\bI\211ʃ\341\001I\203\342\376I\v\nH\211J\bI\211\022H\213H\b\203\341\001L\t\321H\211H\bH\203J\b\001H\211\004$H\211\342\353\034H\213\bI9\310t2L\213Q\bA\366\302\001\017\204\213", mLength = 24, mFlags = 0, static kMaxCapacity = <optimized out>}, <No data fields>}, <No data fields>}
        parent_widget = <optimized out>
        accept_button = <optimized out>
        buttonLabel = 
            {<nsAutoCString> = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fa3815c0685 <nsACString_internal::Equals(nsACString_internal const&) const+23> "\205\300\017\224\300Z\303\061\300\303USH\203\354\070\213N\bdH\213\004%(", mLength = 1359145464, mFlags = 32766, static kMaxCapacity = <optimized out>}, <No data fields>}, mFixedCapacity = 1359145512, mFixedBuf = 0x2 <error: Cannot access memory at address 0x2>}, mStorage = "(Akg\324U\000\000\250\326\372b\243\177\000\000\270\000\000\000\000\000\000\000\200S\276\203\243\177\000\000\000\000\000\000\000\000\000\000\200S\276\203\243\177\000\000p\352\002Q\376\177\000\000\001\000\000\000\000\000\000"}, <No data fields>}
        file_chooser = <optimized out>
        window = <optimized out>
        defaultName = 
            {<nsAutoCString> = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fa381627ebe <NS_TableDrivenQI(void*, nsID const&, void**, QITableEntry const*)+58> "H\211]", mLength = 184, mFlags = 0, static kMaxCapacity = <optimized out>}, <No data fields>}, mFixedCapacity = 1735082280, mFixedBuf = 0x7fa383be5380 <nsIFile::COMTypeInfo<nsIFile, void>::kIID> "J\210\246/e\256*A\235L\316n4TK\241"}, mStorage = "\270\000\000\000\000\000\000\000@\352\002Q\376\177\000\000\300\307}c\243\177\000\000H\352\002Q\376\177\000\000\276~b\201\243\177\000\000\001\000\000\000\000\000\000\000H\352\002Q\376\177\000\000\300\307}c\243\177\000"}, <No data fields>}
        defaultPath = {<nsCOMPtr_base> = {mRawPtr = 0x7fa3815c29ab <nsACString_internal::Assign(char const*, unsigned int, mozilla::fallible_t const&)+221>}, <No data fields>}
        iter__ = {iter_ = {mSegment = 0, mData = 0x7fa327b23820 "\340'焣\177", mDataEnd = 0x7fa327b23820 "\340'焣\177"}}
        defaultFile = {<nsAString_internal> = {mData = 0x7fa383be82fc <gNullChar> u"", mLength = 0, mFlags = 1, static kMaxCapacity = 1179403647}, <No data fields>}
        defaultExtension = {<nsAString_internal> = {mData = 0x7fa383be82fc <gNullChar> u"", mLength = 0, mFlags = 1, static kMaxCapacity = 1179403647}, <No data fields>}
        displayDirectory = 
            {<nsAString_internal> = {mData = 0x7fa364567888 u"/home/asn/workspace/website/ig-klettern/Photos/Haken", mLength = 52, mFlags = 5, static kMaxCapacity = 1179403647}, <No data fields>}
        okButtonLabel = {<nsAString_internal> = {mData = 0x7fa383be82fc <gNullChar> u"", mLength = 0, mFlags = 1, static kMaxCapacity = 1179403647}, <No data fields>}
        selectedType = 0
Python Exception <type 'exceptions.RuntimeError'> maximum recursion depth exceeded: 
        filters = 
            {<nsTArray_Impl<nsString, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fa362fad680}, <nsTArray_TypedBase<nsString, nsTArray_Impl<nsString, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsString, nsTArray_Impl<nsString, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
Python Exception <type 'exceptions.RuntimeError'> maximum recursion depth exceeded: 
        filterNames = 
            {<nsTArray_Impl<nsString, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fa362fad6a0}, <nsTArray_TypedBase<nsString, nsTArray_Impl<nsString, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsString, nsTArray_Impl<nsString, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
        sampler_raii98 = {mHandle = 0x7fa38f5f4000}
        addToRecentDocs = true
#5  0x00007fa381a7bc98 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) (this=0x7fa3287f5000, msg__=...)
    at /usr/src/debug/obj/ipc/ipdl/PContentParent.cpp:3052
        routed__ = <optimized out>
#6  0x00007fa3818f5257 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) (this=0x7fa3287f50a8, aMsg=...)
    at /usr/src/debug/mozilla/ipc/glue/MessageChannel.cpp:1743
        nestedLevel = 1
        rv = <optimized out>
#7  0x00007fa3818fcf5e in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (this=this@entry=0x7fa3287f50a8, aMsg=aMsg@entry=<unknown type in /usr/lib/debug/usr/lib64/firefox/libxul.so.debug, CU 0x1df50e7, DIE 0x1e1a636>) at /usr/src/debug/mozilla/ipc/glue/MessageChannel.cpp:1681
        nojsapi = {mIsSome = true, mStorage = {u = {mBytes = "\000\000\000\000\000\000\000\000\003\000\000\000dΞ\243\300\360\002Q\376\177\000", mDummy = 0}}}
        reply = {mRawPtr = 0x0}
#8  0x00007fa3818fe354 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) (this=0x7fa3287f50a8, aTask=...)
    at /usr/src/debug/mozilla/ipc/glue/MessageChannel.cpp:1572
#9  0x00007fa3818fe4ef in mozilla::ipc::MessageChannel::MessageTask::Run() (this=0x7fa363d42d00) at /usr/src/debug/mozilla/ipc/glue/MessageChannel.cpp:1597
        lock = {mMonitor = 0x7fa328874100}
#10 0x00007fa38160f5c8 in nsThread::ProcessNextEvent(bool, bool*) (this=0x7fa37bd02260, aMayWait=<optimized out>, aResult=0x7ffe5102f127)
    at /usr/src/debug/mozilla/xpcom/threads/nsThread.cpp:1216
        reallyWait = <optimized out>
        noJSAPI = {mIsSome = true, mStorage = {u = {mBytes = "\000\000\000\000\000\000\000\000\003\000\000\000\243\177\000\000\000\000\000\000\000\000\000", mDummy = 0}}}
        callScriptObserver = true
        obs = {<nsCOMPtr_base> = {mRawPtr = 0x7fa36d928148}, <No data fields>}
        rv = nsresult::NS_OK
#11 0x00007fa38162b6d1 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=<optimized out>, aMayWait=<optimized out>) at /usr/src/debug/mozilla/xpcom/glue/nsThreadUtils.cpp:361
        val = true
#12 0x00007fa3818f14a6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (this=0x7fa37d973c40, aDelegate=0x7fa38f5a3690)
    at /usr/src/debug/mozilla/ipc/glue/MessagePump.cpp:96
        thisThread = 0x7fa37bd02260
#13 0x00007fa3818dbf54 in MessageLoop::RunHandler() (this=<optimized out>) at /usr/src/debug/mozilla/ipc/chromium/src/base/message_loop.cc:225
        save_state = {<MessageLoop::RunState> = {run_depth = 1, quit_received = false}, loop_ = 0x7fa38f5a3690, previous_state_ = 0x0}
#14 0x00007fa3818dbf54 in MessageLoop::Run() (this=<optimized out>) at /usr/src/debug/mozilla/ipc/chromium/src/base/message_loop.cc:205
        save_state = {<MessageLoop::RunState> = {run_depth = 1, quit_received = false}, loop_ = 0x7fa38f5a3690, previous_state_ = 0x0}
#15 0x00007fa382981360 in nsBaseAppShell::Run() (this=0x7fa36d928140) at /usr/src/debug/mozilla/widget/nsBaseAppShell.cpp:156
        thread = 0x7fa37bd02260
#16 0x00007fa382fda5a6 in nsAppStartup::Run() (this=0x7fa36d92e0b0) at /usr/src/debug/mozilla/toolkit/components/startup/nsAppStartup.cpp:283
        rv = <optimized out>
        retval = <optimized out>
#17 0x00007fa38302bd76 in XREMain::XRE_mainRun() (this=this@entry=0x7ffe5102f3d0) at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4488
        rv = nsresult::NS_OK
        prefs = {<nsCOMPtr_base> = {mRawPtr = 0x7fa37bdf8d40}, <No data fields>}
        appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x7fa36d92e0b0}, <No data fields>}
        userAgentLocale = {<nsACString_internal> = {mData = 0x7fa3690a1c38 "en-US", mLength = 5, mFlags = 5, static kMaxCapacity = <optimized out>}, <No data fields>}
        cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0x7fa369240300}, <No data fields>}
        workingDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fa367f33440}, <No data fields>}
        sandboxInfo = 
            {mFlags = (mozilla::SandboxInfo::kHasSeccompBPF | mozilla::SandboxInfo::kEnabledForMedia | mozilla::SandboxInfo::kHasSeccompTSync | mozilla::SandboxInfo::kHasUserNamespaces | mozilla::SandboxInfo::kHasPrivilegedUserNamespaces), static sSingleton = {mFlags = (mozilla::SandboxInfo::kHasSeccompBPF | mozilla::SandboxInfo::kEnabledForMedia | mozilla::SandboxInfo::kHasSeccompTSync | mozilla::SandboxInfo::kHasUserNamespaces | mozilla::SandboxInfo::kHasPrivilegedUserNamespaces), static sSingleton = <same as static member of an already seen type>}}
        flagsString = 
          {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7ffe5102f2d8 "117", mLength = 3, mFlags = 65553, static kMaxCapacity = <optimized out>}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x7ffe5102f2d8 "117"}, mStorage = "117\000\000Ξ\243\032\000\000\000\000\000\000\000|\237_\201\243\177\000\000\032\000\000\000\000\000\000\000(Akg\324U\000\000\060\000\000\000\000\000\000\000\000\177\317.dΞ\243\000\a\003Q\376\177\000"}
#18 0x00007fa38302c055 in XREMain::XRE_main(int, char**, nsXREAppData const*) (this=this@entry=0x7ffe5102f3d0, argc=argc@entry=1, argv=argv@entry=0x7ffe510307e8, aAppData=aAppData@entry=0x7ffe5102f608) at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4621
        aLocal = 0 '\000'
        sampler_raii4560 = {mHandle = 0x7fa38f5f4000}
        rv = <optimized out>
        binFile = {<nsCOMPtr_base> = {mRawPtr = 0x7fa38f565d80}, <No data fields>}
        exit = false
        result = <optimized out>
        appInitiatedRestart = false
#19 0x00007fa38302c2cc in XRE_main(int, char**, nsXREAppData const*, uint32_t) (argc=1, argv=0x7ffe510307e8, aAppData=0x7ffe5102f608, aFlags=<optimized out>)
    at /usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:4712
Comment 1 Wolfgang Rosenauer 2017-05-18 15:04:53 UTC 
You missed to mention the Firefox version installed.

-------------------------------------------------------------------
Mon May  8 08:28:17 UTC 2017 - wr@rosenauer.org

- update to Firefox 52.1.1
  MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)
- switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)


I guess this is a duplicate for bug 1015998?
Comment 2 Andreas Schneider 2017-05-18 15:12:56 UTC 
MozillaFirefox-debuginfo-52.1.0-1.1.x86_64 is the version currently in Tumbleweed.

The version you mention is not available yet.
Comment 3 Andreas Schneider 2017-05-18 15:14:09 UTC 
Closing as duplicate. Thanks.

*** This bug has been marked as a duplicate of bug 1015998 ***
Bug List: (1 of 2) First Last Prev Next   Show last search results