Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 281695 - www-client/mozilla-firefox-3.5.2-r1 with dev-db/sqlite-3.6.17: SIGSEGV adding Bookmark
Summary: www-client/mozilla-firefox-3.5.2-r1 with dev-db/sqlite-3.6.17: SIGSEGV adding...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Mozilla Gentoo Team
URL:
Whiteboard:
Keywords: Tracker
Depends on:
Blocks:
 
Reported: 2009-08-16 17:59 UTC by Martin von Gagern
Modified: 2009-12-13 18:06 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
backtrace (bt1.txt,29.31 KB, text/plain)
2009-08-17 10:56 UTC, Martin von Gagern
Details
bookmarks-KO.json (bookmarks-KO.json,1.62 KB, text/plain)
2009-08-17 21:25 UTC, TGL
Details
bookmarks-OK.json (bookmarks-OK.json,1.62 KB, text/plain)
2009-08-17 21:25 UTC, TGL
Details
enable/disable system sqlite support via USE flag (firefox-xulrunner-sqlite.diff,3.39 KB, text/plain)
2009-09-16 01:33 UTC, Jory A. Pratt
Details
diff against current xulrunner in tree. (xulrunner.diff,1.94 KB, text/plain)
2009-09-16 01:42 UTC, Jory A. Pratt
Details
patch against in tree ebuild (firefox.diff,3.96 KB, text/plain)
2009-09-16 01:44 UTC, Jory A. Pratt
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin von Gagern 2009-08-16 17:59:00 UTC
When expanding the folder list in the dialog to add a keyword search, FF crashes.

Reproducible: Always

Steps to Reproduce:
1. Visit a page with a search form, e.g. http://bugs.gentoo.org/
2. Right click on the search text field, "Add a Keyword for this Search"
3. Press the arrow button to expand the folder list

Actual Results:  
Program received signal SIGSEGV, Segmentation fault.


Expected Results:  
Dropdown widget replaced by a tree widget showing the tree of all my bookmark folders.

#0  0x453da5ec in sqlite3BtreeGetMeta at sqlite3.c:43941
#1  0x4542a070 in sqlite3VdbeExec at sqlite3.c:53728
#2  0x45419727 in sqlite3_step at sqlite3.c:49503
#3  0x46f18357 in mozStorageStatement::ExecuteStep
    at mozStorageStatement.cpp:568
#4  0x46f4686c in nsNavBookmarks::ResultNodeForContainer
    at nsNavBookmarks.cpp:2404
#5  0x46f46b8f in nsNavBookmarks::QueryFolderChildren
    at nsNavBookmarks.cpp:2491

Can't reproduce this on a different profile, so it might be that the sqlite db backing the bookmarks store is somehow broken. Managing bookmarks works all right, though.

I won't upload my bookmarks database, but if you have anything you want me to try out, in order to investigate this, just ask me to.

Portage 2.2_rc38 (default/linux/x86/2008.0/desktop, gcc-4.3.4, glibc-2.10.1-r0, 2.6.30-gentoo-r4 i686)
=================================================================
System uname: Linux-2.6.30-gentoo-r4-i686-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-gentoo-2.0.1
Timestamp of tree: Sat, 15 Aug 2009 22:45:01 +0000
distcc 3.1 i686-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p28
dev-java/java-config: 2.1.8-r1
dev-lang/python:     2.6.2-r1, 3.1
dev-python/pycrypto: 2.0.1-r8
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.6.4-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    1.9
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/4.2/env /usr/kde/4.2/share/config /usr/kde/4.2/shutdown /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=prescott -O2 -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests ccache collision-protect distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://mirror.switch.ch/ftp/mirror/gentoo/"
LANG="de_DE.utf8"
LDFLAGS="-Wl,-O1"
LINGUAS="en de en_US en_GB"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/generated /usr/portage/local/mvg /usr/portage/local/mvg-java /usr/portage/local/sunrise-enabled /usr/portage/local/bugfix /usr/portage/local/bump /usr/portage/local/layman/kerberos /usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa apache2 arts audiofile avahi bash-completion bcmath berkdb branding bzip2 c++ cairo cdparanoia cdr chroot cli cracklib crypt css cups curl dba dbus dhcp doc dri dts dv dvd dvdr eds emacs emboss encode escreen esd evo exif fam fastcgi ffmpeg fftw flac flatfile fortran ftp gcc-libffi gd gdbm gif gimp gnutls gphoto2 gpm graphviz gs gstreamer gtk hal hbci iconv idn imagemagick ipv6 isdnlog iso14755 ithreads jabber jack java jpeg jpeg2k kde kdeprefix kerberos kpathsea ladspa latex lcms ldap leim libnotify lirc lm_sensors logrotate lzo mad maildir mhash mikmod mime mjpeg mmx mng mozxmlterm mp3 mp4 mpeg mpeg2 mplayer mudflap mysql ncurses network nls nptl nptlonly nsplugin odbc ofx ogg openexr opengl openmp pam pango pcre pdf perl php plotutils png postgres povray ppds pppd procmail python qt3 qt3support qt4 quicktime rdesktop readline recode reflection sasl scanner sdl session smime sndfile snmp sockets socks5 sox speex spell spl sqlite sse sse2 ssl startup-notification subversion svg sysfs tcl tcpd threads thunderbird tiff tokenizer transcode translator truetype type1 unicode usb userlocales v4l v4l2 vhosts vorbis win32codecs wmf x264 x86 xanim xcb xcomposite xine xinerama xinetd xml xorg xprint xscreensaver xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias                  authn_anon authn_dbm authn_default authn_file authz_dbm                  authz_default authz_groupfile authz_host authz_owner                  authz_user autoindex cache dav dav_fs dav_lock deflate dir                  disk_cache env expires ext_filter filter headers include                  info log_config logio mem_cache mime mime_magic negotiation                  proxy proxy_connect proxy_ftp proxy_http rewrite setenvif                  speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="prefork" ELIBC="glibc" FRITZCAPI_CARDS="fcpci" INPUT_DEVICES="evdev joystick keyboard mouse wacom" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de en_US en_GB" LIRC_DEVICES="hauppauge" MISDN_CARDS="avmfritz" USERLAND="GNU" VIDEO_CARDS="nvidia intel fbdev v4l vesa vga"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Martin von Gagern 2009-08-16 18:02:05 UTC
Doesn't happen with firefox-bin. Probably because they ship their own version of sqlite3.
Comment 2 Martin von Gagern 2009-08-17 08:37:14 UTC
The file sqlite3.c is a concatenation of various individual C files. The lines from the backtrace correspond to these individual files:
#0 btree.c:7053 sqlite3BtreeGetMeta
#1 vdbe.c:2831  sqlite3VdbeExec
#2 vdbapi.c:344 sqlite3Step 
#2 vdbapi.c:403 sqlite3_step

Frame #2 corresponds to sqlite3Step invoked from sqlite3_step, which is inlined by the compiler and thus doesn't give a separate stack frame.

The actual segmentation fault happens in this line here:
  *pMeta = get4byte(&pBt->pPage1->aData[36 + idx*4]);
where pPage1 is NULL.

This can already be checked at the frame of sqlite3_step:
(gdb) p v->db->aDb[1].pBt->pBt->pPage1
$1 = (MemPage *) 0x0

There is an assertion a few lines before, but it doesn't seem to be activated during compilation:
  assert( pBt->pPage1 );

The operation sqlite3VdbeExec tries to execute is this:
OP_VerifyCookie (P1 = 1, P2 = 20)
Which, as far as I understand things, means "Verify that the database for temporary tables is currently using revision 20 of its schema."
Comment 3 Martin von Gagern 2009-08-17 09:12:59 UTC
When I compile sqlite with USE=debug, it fails erlier with a failed assertion:
firefox: sqlite3.c:40175: btreeCursor: Assertion `p->inTrans>0' failed.

The corresponding code from btree.c:3287 looks like this:

  /* Assert that the caller has opened the required transaction. */
  assert( p->inTrans>TRANS_NONE );
  assert( wrFlag==0 || p->inTrans==TRANS_WRITE );
  assert( pBt->pPage1 && pBt->pPage1->aData );

#4  0xb7b772cd in btreeCursor (p=0xb508a788, iTable=2, wrFlag=0, pKeyInfo=0x0, 
    pCur=0xa620fa00) at sqlite3.c:40175
#5  0xb7b7747c in sqlite3BtreeCursor (p=0xb508a788, iTable=2, wrFlag=0, 
    pKeyInfo=0x0, pCur=0xa620fa00) at sqlite3.c:40212
#6  0xb7b95afc in sqlite3VdbeExec (p=0xb52e69e8) at sqlite3.c:53863
#7  0xb7b8d5a9 in sqlite3Step (p=0xb52e69e8) at sqlite3.c:49503
#8  0xb7b8d805 in sqlite3_step (pStmt=0xb52e69e8) at sqlite3.c:49562
#9  0x46f18357 in mozStorageStatement::ExecuteStep
    at mozStorageStatement.cpp:568
#10 0x46f46aad in nsNavBookmarks::QueryFolderChildren
    at nsNavBookmarks.cpp:2457
#11 0x46f3d3a6 in nsNavHistoryFolderResultNode::FillChildren (
    this=<value optimized out>) at nsNavHistoryResult.cpp:3239

This frame #11 seems to correspond to frame #6 of my original report, which I had not copied along:
#6  0x46f3d3a6 in nsNavHistoryFolderResultNode::FillChildren
    at nsNavHistoryResult.cpp:3239
So that I assume this is a place where things were yet all right, and below that, something goes wrong, presumably in QueryFolderChildren.

In VdbeExec this is OP_OpenRead (P1 = 11, P2 = 2, P3 = 1, P4 = (INT32)10, P5 = 0) to open a read-only cursor.

Sadly, even with the debug code enabled, things only fail in my main profile, not in other profiles, so I still know no way to reproduce this without uploading my bookmarks, which I won't.
Comment 4 Martin von Gagern 2009-08-17 09:49:55 UTC
I added breakpoints to these three methods:
mozStorageConnection::BeginTransactionAs  (mozStorageConnection.cpp:521)
mozStorageConnection::CommitTransaction   (mozStorageConnection.cpp:546)
mozStorageConnection::RollbackTransaction (mozStorageConnection.cpp:558)

With these in place, I found that opening the "Add Keyword" dialog started and committed two transactions, but expanding the list didn't even start one.

Assuming that any request has to belong to a started connection, this would indeed indicate a bug in Firefox. The comment above the failed assertion from comment #3 seems to indicate this assumption, but I'm less than sure that this holds for the level of abstraction I'm investigating in the mozilla source code, and the fact that it works for other profiles indicates otherwise.

The two transactions I observed were facilitated by a mozStorageTransaction object, one in nsAnnotationService::SetAnnotationStringInternal from nsAnnotationService.cpp:307 and the other in nsNavBookmarks::InsertBookmark from nsNavBookmarks.cpp:1015.
See also http://mxr.mozilla.org/firefox/search?string=mozStorageTransaction

So maybe some function in the call stack of this issue, most probably nsNavHistoryFolderResultNode::FillChildren, should start and commit a transaction?
Comment 5 Martin von Gagern 2009-08-17 10:56:50 UTC
Created attachment 201521 [details]
backtrace

This is the full backtrace of the original incident, so you can see the call stack on the mozilla side.
Comment 6 Martin von Gagern 2009-08-17 11:48:13 UTC
I added a breakpoint to btreeEndTransaction, the function where the inTrans member that causes the assertion to fail gets set. I printed a backtrace for every hit, and can now give you this comparison between the penultimate btreeEndTransaction and the failed assertion.

Breakpoint 3, btreeEndTransaction (p=0xb4fd3a48) at sqlite3.c:39854
39854	  BtShared *pBt = p->pBt;
(gdb) bt 25
#0  btreeEndTransaction (p=0xb4fd3a48) at sqlite3.c:39854
#1  0xb7c76bb4 in sqlite3BtreeCommitPhaseTwo (p=0xb4fd3a48) at sqlite3.c:39927
#2  0xb7c8a0c7 in vdbeCommit (db=0xb7d6a128, p=0xb53e1d68) at sqlite3.c:47823
#3  0xb7c8a9c2 in sqlite3VdbeHalt (p=0xb53e1d68) at sqlite3.c:48185
#4  0xb7c8acb5 in sqlite3VdbeReset (p=0xb53e1d68) at sqlite3.c:48304
#5  0xb7c8c8c9 in sqlite3_reset (pStmt=0xb53e1d68) at sqlite3.c:49237
#6  0x46f18668 in mozStorageStatement::Reset (this=<value optimized out>)
    at mozStorageStatement.cpp:450
#7  0x4690a281 in ~mozStorageStatementScoper (this=<value optimized out>)
    at ../../../../dist/include/storage/mozStorageHelper.h:170
#8  0x46f469ae in nsNavBookmarks::ResultNodeForContainer (this=0xb53efa00,
    aID=1609, aOptions=0xab0484c0, aNode=0xbfb1b678) at nsNavBookmarks.cpp:2438
#9  0x46f46b8f in nsNavBookmarks::QueryFolderChildren (this=0xb53efa00,
    aFolderId=884, aOptions=0xab0484c0, aChildren=0xab00ce9c)
    at nsNavBookmarks.cpp:2491
(gdb) c
firefox: sqlite3.c:40175: btreeCursor: Assertion `p->inTrans>0' failed.

Program received signal SIGABRT, Aborted.
0xffffe424 in __kernel_vsyscall ()
(gdb) bt 25
#0  0xffffe424 in __kernel_vsyscall ()
#1  0x45a9d980 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x45a9f1c8 in abort () at abort.c:88
#3  0x45a96a5e in __assert_fail (assertion=<value optimized out>,
    file=<value optimized out>, line=<value optimized out>,
    function=<value optimized out>) at assert.c:78
#4  0xb7c772cd in btreeCursor (p=0xb4fd3a48, iTable=2, wrFlag=0, pKeyInfo=0x0,
    pCur=0xaf5141a0) at sqlite3.c:40175
#5  0xb7c7747c in sqlite3BtreeCursor (p=0xb4fd3a48, iTable=2, wrFlag=0,
    pKeyInfo=0x0, pCur=0xaf5141a0) at sqlite3.c:40212
#6  0xb7c95afc in sqlite3VdbeExec (p=0xb53e19e8) at sqlite3.c:53863
#7  0xb7c8d5a9 in sqlite3Step (p=0xb53e19e8) at sqlite3.c:49503
#8  0xb7c8d805 in sqlite3_step (pStmt=0xb53e19e8) at sqlite3.c:49562
#9  0x46f18357 in mozStorageStatement::ExecuteStep (this=<value optimized out>,
    _retval=<value optimized out>) at mozStorageStatement.cpp:568
#10 0x46f46aad in nsNavBookmarks::QueryFolderChildren (this=0xb53efa00,
    aFolderId=884, aOptions=0xab0484c0, aChildren=0xab00ce9c)
    at nsNavBookmarks.cpp:2457

So somehow one scoped transaction is ended by the mozStorageStatementScoper destructor but gets called later again.

By the way, while the issue seems well reproducable with my profile, the number of breakpoint hits until the assertion fails seems to vary between runs.
Comment 7 Nirbheek Chauhan (RETIRED) gentoo-dev 2009-08-17 12:30:32 UTC
This seems identical to bug 278798 -- please add current and further information and insight to that bug. If this is a different bug, feel free to reopen it.

Thanks :)

*** This bug has been marked as a duplicate of bug 278798 ***
Comment 8 Martin von Gagern 2009-08-17 14:10:14 UTC
(In reply to comment #7)
> This seems identical to bug 278798 -- please add current and further
> information and insight to that bug. If this is a different bug, feel free to
> reopen it.

Different bug, I bleieve. Bug #278798 comment #2 mentions an unaligned ebx as the cause of the SIGSEGV, whereas I have a NULL pointer here. Furthermore, bug #278798 comment #3 indicates that compiling sqlite with less optimization did solve that issue. I have neither -ftree-vectorize nor -O3 in my CFLAGS normally, and have compiled sqlite with -O0 to produce better debug output for this issue here, and I can still reproduce it. Reopening.
Comment 9 TGL 2009-08-17 18:13:00 UTC
I have this bug here too.  I had started to collect some gdb backtraces too, but i don't think it would add anything to paste them here (same stack and same null pointer on pBt->pPage1).

I'm not using the -ftree-vectorize flag, and I'm compiling with -02, so i agree it's not a dup of bug #278798.

Some additional infos:
 - for me, the segfault doesn't happen as soon as i press the arrow button, like you've described, but rather one click later, when i press "Choose..." to choose a directory.
 - i am on amd64, not x86 (see my "emerge --info" below).
 - mozilla-firefox is 3.5.2 and sqlite is 3.5.17, but the bug is not completely new (i've tested mozilla-firefox 3.5.0 and sqlite 3.5.16). 
 - as for GCC, I'm now with 4.4.1 (and my system is completely recompiled), but i've first seen this bug when I was with 4.3.4.
 - with a fresh empty profile, i don't reproduce the bug.  But importing a JSON backup of my bookmarks is enough to trigger it again, with nothing else changed (no extension, and default preferences).  And then, if I delete almost all the bookmarks and keep just one or two folders, the bug doesn't show up anymore.  I have yet to understand if the trigger is some particular bookmarks, or their number, or the number of folders.  I will try to find time for doing some dichotomy over my bookmarks to see if anything obvious shows up.


Portage 2.2_rc38 (default/linux/amd64/2008.0, gcc-4.4.1, glibc-2.10.1-r0, 2.6.30-gentoo-r5-1 x86_64)
=================================================================
System uname: Linux-2.6.30-gentoo-r5-1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_E8500_@_3.16GHz-with-gentoo-2.0.1
Timestamp of tree: Sun, 16 Aug 2009 21:45:02 +0000
app-shells/bash:     4.0_p28
dev-java/java-config: 2.1.8-r1
dev-lang/python:     2.6.2-r1, 3.1
dev-util/cmake:      2.6.4-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    2.0
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.7.9-r1, 1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64 ~amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -ggdb -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=core2 -O2 -ggdb -pipe"
DISTDIR="/var/portage/distfiles"
FEATURES="assume-digests buildpkg distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-logs unmerge-orphans userfetch usersync"
GENTOO_MIRRORS="http://mirror.ovh.net/gentoo-distfiles/ ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ ftp://ftp.first-world.info/ "
LANG="fr_FR.UTF-8"
LDFLAGS="-Wl,-O1,--hash-style=gnu,--sort-common -Wl,--as-needed"
LINGUAS="en_US en fr_FR fr"
MAKEOPTS="-j3"
PKGDIR="/var/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/portage/tree"
PORTDIR_OVERLAY="/var/portage/overlays/tgl /var/portage/overlays/bugzilla /var/portage/layman/sunrise /var/portage/layman/nx /var/portage/layman/xwing /var/portage/layman/java-overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi akonadi alsa amd64 apache2 bash-completion berkdb branding bzip2 cairo cdda cddb cdparanoia cdr cli consolekit cracklib crypt cups cvs dbus dga dri dts dv dvd dvdr encode exif fam ffmpeg flac fontconfig fuse gdbm gif gimp git glib gnome gnome-keyring gnutls gpm graphviz gstreamer gtk hal iconv id3tag ieee1394 imagemagick imap isdnlog java java5 java6 jpeg jpeg2k latex lcms libnotify lua mad matroska mikmod mmx mng mp3 mpeg mudflap multilib musepack musicbrainz nautilus ncurses network nls nntp nptl nptlonly ogg opengl openmp pam pango pch pcre pdf pg-intdatetime plasma plotutils png policykit pppd python qt3support qt4 raw readline reflection sasl sdl semantic-desktop session sndfile spell spl sse sse2 ssl startup-notification subversion svg sysfs taglib tcpd theora threads tiff truetype unicode usb v4l2 vim-syntax vorbis wavpack wma wmf x264 xattr xcb xcomposite xface xinerama xml xmp xorg xosd xpm xulrunner xv xvid xvmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US en fr_FR fr" SANE_BACKENDS="epson" USERLAND="GNU" VIDEO_CARDS="i810 intel"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 TGL 2009-08-17 18:16:33 UTC
(In reply to comment #9)
> Some additional infos:
>  - for me, the segfault doesn't happen as soon as i press the arrow button,
> like you've described, but rather one click later, when i press "Choose..." to
> choose a directory.

Oops, sorry, i had read your description too fast: for me, it's with the "Bookmark this page" dialog that the bug happen (and then drop down list, and click on "Choose...").  I will try your steps asap and report back.
Comment 11 TGL 2009-08-17 18:19:39 UTC
(In reply to comment #10)
>  I will try your steps asap and report back.

Yep, it "works"  too, but again it's when I click on "Choose..." that i get the segfault.  The drop down list is similar, so it's not too surprising that we get the bug in both dialogs.

Comment 12 TGL 2009-08-17 21:24:45 UTC
I've found the minimal condition for this bug to happen: it's enough to have a bookmark beetween two folders.  You can test it by importing the attached bookmarks-KO.json on a fresh new profile.  At the contrary, th bookmarks-OK.json, which is in a different order (both folders first, then the bookmark) works fine.
Comment 13 TGL 2009-08-17 21:25:16 UTC
Created attachment 201555 [details]
bookmarks-KO.json
Comment 14 TGL 2009-08-17 21:25:37 UTC
Created attachment 201557 [details]
bookmarks-OK.json
Comment 15 Markus Rathgeb 2009-08-27 09:57:22 UTC
To do a "Sort by Name" works for me, but that is only a workaround.

Is there a "Sort by Name (recursive)" somewhere?
Comment 16 Jory A. Pratt gentoo-dev 2009-08-30 15:04:23 UTC
I have drop'd system sqlite support until we can sort the issue out.
Comment 17 Jory A. Pratt gentoo-dev 2009-09-16 01:33:08 UTC
Created attachment 204270 [details]
enable/disable system sqlite support via USE flag

You might have issues with appling to firefox-3.5.3. If you do you will need apply by hand or wait for me to move changes from overlay to main tree.
Comment 18 Jory A. Pratt gentoo-dev 2009-09-16 01:42:36 UTC
Created attachment 204271 [details]
diff against current xulrunner in tree.

Sorry for xulrunner missing from first patch. If you all want a straight firefox patch against tree from overlay I will provide it. It does remove iceweasel support.
Comment 19 Jory A. Pratt gentoo-dev 2009-09-16 01:44:53 UTC
Created attachment 204273 [details]
patch against in tree ebuild

Here is the patch for firefox that is already in tree. Make it easier for you all to test.
Comment 20 Jory A. Pratt gentoo-dev 2009-10-25 16:44:04 UTC
For those with sqlite issues please disable sqlite useflag on firefox-3.5.3-r1 and report your findings.
Comment 21 Alexandre Rostovtsev (RETIRED) gentoo-dev 2009-11-04 07:57:32 UTC
(In reply to comment #20)
> For those with sqlite issues please disable sqlite useflag on firefox-3.5.3-r1
> and report your findings.

Disabling the sqlite useflag fixes the crash for mozilla-firefox-3.5.4
Comment 22 Shawn Rutledge 2009-12-05 22:18:34 UTC
Upgrading to sqlite-3.6.20-r1 fixed it for me.  So I hope the best version which has the fix will be unmasked soon.
Comment 23 Peter Fox 2009-12-12 23:06:36 UTC
I saw this problem with mozilla-firefox-3.5.4, xulrunner-1.9.1.4 and sqlite-3.6.19 on x86 all built with gcc-4.3.4. Upgrading sqlite to 3.6.21 fixed it for me.
Comment 24 TGL 2009-12-12 23:45:35 UTC
(In reply to comment #23)
> I saw this problem with mozilla-firefox-3.5.4, xulrunner-1.9.1.4 and
> sqlite-3.6.19 on x86 all built with gcc-4.3.4. Upgrading sqlite to 3.6.21 fixed
> it for me.
> 

Same here on amd64.  I think this bug could be closed after raising the sqlite version in xulrunner and firefox dependencies.
Comment 25 Nirbheek Chauhan (RETIRED) gentoo-dev 2009-12-13 05:47:29 UTC
(In reply to comment #24)
> Same here on amd64.  I think this bug could be closed after raising the sqlite
> version in xulrunner and firefox dependencies.
> 

Agreed; Jory's fts3 patch + "sqlite" USE-flag to control external sqlite usage => bug solved.

Dep upped without a revbump
Comment 26 Jory A. Pratt gentoo-dev 2009-12-13 17:25:57 UTC
We need to ensure that fts3 useflag is enabled if building with system sqlite, will fix in a day or so.
Comment 27 Nirbheek Chauhan (RETIRED) gentoo-dev 2009-12-13 18:06:26 UTC
USE=fts3 dep added, closing...