Hitting escape key (for example) on hardened www-client/mozilla-firefox-3.0.5 crashes firefox. This happens for me even after deleting ~/.mozilla. Reproducible: Always Actual Results: gdb /usr/lib/mozilla-firefox/bin/firefox-bin ... Program received signal SIGSEGV, Segmentation fault. ... (gdb) where #0 0x77ccc777 in ?? () from /usr/lib/mozilla-firefox/libxul.so #1 0x779f7af9 in ~nsCOMPtr_base (this=0x77fa0000) at nsCOMPtr.cpp:81 #2 0x77490e7c in nsXBLWindowKeyHandler::WalkHandlersAndExecute (this=0x73df2fa0, aKeyEvent=0x6e75a440, aEventType=0x73cf26c4, aHandler=0x7fddf0c8, aCharCode=0, aIgnoreShiftKey=0) at nsXBLWindowKeyHandler.cpp:252 #3 0x77491086 in nsXBLWindowKeyHandler::WalkHandlersInternal (this=0x73df2fa0, aKeyEvent=0x6e75a440, aEventType=0x73cf26c4, aHandler=0x6f82c360) at nsXBLWindowKeyHandler.cpp:489 #4 0x774911ef in nsXBLWindowKeyHandler::WalkHandlers (this=0x73df2fa0, aKeyEvent=0x6e75a440, aEventType=0x73cf26c4) at nsXBLWindowKeyHandler.cpp:354 #5 0x774914bc in nsXBLWindowKeyHandler::KeyPress (this=0x73df2fa0, aEvent=0x7fddf0dc) at ../../../dist/include/xpcom/nsCOMPtr.h:861 #6 0x77358c09 in nsEventListenerManager::HandleEvent (this=0x72932940, aPresContext=0x71da8ec0, aEvent=0x7fddf9c0, aDOMEvent=0x7fddf58c, aCurrentTarget=0x72913400, aFlags=514, aEventStatus=0x7fddf590) at nsEventListenerManager.cpp:184 #7 0x7737a222 in nsEventTargetChainItem::HandleEvent (this=0x6e661980, aVisitor=@0x7fddf584, aFlags=514) at ../../../dist/include/xpcom/nsCOMPtr.h:867 #8 0x7737a3f9 in nsEventTargetChainItem::HandleEventTargetChain (this=0x6e6619c0, aVisitor=@0x7fddf584, aFlags=518, aCallback=0x7fddf674) at nsEventDispatcher.cpp:291 #9 0x7737a4b6 in nsEventTargetChainItem::HandleEventTargetChain (this=0x6e6619c0, aVisitor=@0x7fddf584, aFlags=518, aCallback=0x7fddf674) at nsEventDispatcher.cpp:319 #10 0x7737aa20 in nsEventDispatcher::Dispatch (aTarget=0x6e6619c0, aPresContext=0x71da8ec0, aEvent=0x7fddf9c0, aDOMEvent=0x0, aEventStatus=0x7fddf7a0, aCallback=0x7fddf674) at nsEventDispatcher.cpp:480 #11 0x771552f3 in PresShell::HandleEventInternal (this=0x73ddbc00, aEvent=0x7fddf9c0, aView=0x6fb2a520, aStatus=0x7fddf7a0) at ../../dist/include/xpcom/nsCOMPtr.h:861 #12 0x7715c238 in PresShell::HandleEvent (this=0x73ddbc00, aView=0x6fb2a520, aEvent=0x7fddf9c0, aEventStatus=0x7fddf7a0) at nsPresShell.cpp:5729 #13 0x774bd73c in nsViewManager::HandleEvent (this=0x6fb2a4c0, aView=0x6fb2a520, aEvent=0x7fddf9c0, aCaptured=0) at ../../dist/include/xpcom/nsCOMPtr.h:867 #14 0x774bdf45 in nsViewManager::DispatchEvent (this=0x6fb2a4c0, aEvent=0x7fddf9c0, aStatus=0x7fddf8bc) at ../../dist/include/gfx/nsPoint.h:48 #15 0x774b68a7 in HandleEvent (aEvent=0x7fddf9c0) at nsView.h:126 #16 0x7792e90d in nsCommonWidget::DispatchEvent (this=0x729c99a0, aEvent=0x7fddf9c0, aStatus=@0x7fddf95c) at nsCommonWidget.cpp:158 #17 0x7792b242 in nsWindow::OnKeyPressEvent (this=0x729c99a0, aWidget=0x7512b000, aEvent=0x7595f458) at nsWindow.cpp:2506 #18 0x7792b691 in key_press_event_cb (widget=0x7512b000, event=0x7595f458) at ../../../dist/include/xpcom/nsAutoPtr.h:1082 #19 0x769f704d in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #20 0x7512b000 in ?? () #21 0x7595f458 in ?? () #22 0x00000000 in ?? () Portage 2.1.6.4 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, 2.6.27-gentoo-r7 i686) ================================================================= System uname: Linux-2.6.27-gentoo-r7-i686-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_5600+-with-glibc2.3.2 Timestamp of tree: Sat, 03 Jan 2009 21:45:02 +0000 ccache version 2.4 [disabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7-r1, 2.1.6-r1 dev-lang/python: 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.4.6-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r2 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer -msse3" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirror.usu.edu/mirrors/gentoo/ http://gentoo.mirrors.tds.net/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://gentoo.chem.wisc.edu/gentoo/ ftp://mirror.datapipe.net/gentoo ftp://mirror.usu.edu/mirrors/gentoo/" LDFLAGS="" LINGUAS="en en_US en_GB hu" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="3dnow X a52 aac aalib alsa apache2 arts audiofile bash-completion berkdb bzip2 cairo caps cgraph cracklib crypt cups curl dbus dga doc dri dvd dvdr dvdread encode esd examples exif expat fam ffmpeg fftw flac gd gdbm gif gmp gnutls gphoto2 gpm gtk gtk2 hal hardened iconv ieee1394 imagemagick imap imlib ipv6 jack java jbig jpeg jpeg2k kde lcms libcaca libedit lm_sensors mad mbox midi mmap mmx mng motif mp3 mpeg mysql ncurses nls nptl nptlonly nsplugin offensive ogg opengl oss pam pdf perl php pic png pulseaudio python quicktime readline ruby sasl sdl skey slang snmp speex spell sse sse2 ssl svg tcpd tetex theora threads tiff truetype unicode urandom usb v4l vcd vorbis win32codecs wmf x86 xft xml xorg xpm xv xvid zlib" ALSA_CARDS="emu10k1 emu10k1x" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon directory adc65 agfa_cl20 aox barbie casio_qv clicksmart310 digigr8 digita dimagev dimera3500 enigma13 fuji gsmart300 hp215 iclick jamcam jd11 kodak_dc120 kodak_dc210 kodak_dc240 kodak_dc3200 kodak_ez200 konica konica_qm150 largan lg_gsm mars mustek panasonic_coolshot panasonic_dc1000 panasonic_dc1580 panasonic_l859 pccam300 pccam600 polaroid_pdc320 polaroid_pdc640 polaroid_pdc700 ptp2 ricoh ricoh_g3 samsung sierra sipix_blink sipix_blink2 sipix_web2 smal sonix sony_dscf1 sony_dscf55 soundvision spca50x sq905 stv0674 stv0680 sx330z template toshiba_pdrm11" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB hu" USERLAND="GNU" VIDEO_CARDS="radeon i810 nv vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
How is your keyboard configured? HAL, xorg.conf ...? And can you create a new working profile with the firefox profile manager (firefox -ProfileManager).
I'm running kde-3.5.9 and hal-0.5.11-r1 (hald as is, no configuration changes from default), and from /etc/X11/xorg.conf: Section "InputDevice" Identifier "Keyboard0" Driver "kbd" Option "CoreKeyboard" Option "XkbModel" "pc105" Option "XkbOptions" "grp:toggle,grp_led:scroll" Option "XkbVariant" ",winkeys" EndSection
And I can successfully create a new profile, but it also crashes on keyboard input.
Today I switched to the default/linux/x86/2008.0 profile. Keeping the rest of my configuration the same, the bug went away after I did an emerge --newuse --update world and recompiled firefox. So this is perhaps a gcc-3.4.6 bug?
I have exactly the same problem on two machines. After pressing a key like Ctrl-F or Ctrl+T, firefox crashes immediately. This happens also after deleting ~/.mozilla and when starting firefox in safe-mode. I compiled firefox using i686-pc-linux-gnu-3.4.6-hardened, i686-pc-linux-gnu-3.4.6 and i686-pc-linux-gnu-4.1.2. The bad behaviour remains. Portage 2.1.6.4 (default/linux/x86/2008.0/desktop, gcc-3.4.6-hardened, glibc-2.6.1-r0, 2.6.23-gentoo-r6 i686) ================================================================= System uname: Linux-2.6.23-gentoo-r6-i686-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_3800+-with-glibc2.3.2 Timestamp of tree: Mon, 12 Jan 2009 22:05:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.6-r1 dev-lang/python: 2.4.4-r13, 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.2 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=k8 -msse3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=k8 -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo http://gentoo.osuosl.org/" LANG="de_DE@euro" LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X Xaw3d a52 aac aalib accessibility acl acpi aim alsa apache2 apm arts audiofile avi bash-completion bcmath berkdb bluetooth branding bzip2 cairo calendar caps cdb cdparanoia cdr cli cracklib crypt cscope cups curl curlwrappers dbm dbus dga dio directfb doc dri dv dvb dvd dvdr dvdread eds emacs emboss encode esd ethereal evo examples exif fam fastcgi fbcon ffmpeg fftw firefox flac flash flatfile foomaticdb fortran freetds ftp gd gdbm geoip gif ginac glut gmp gnome gnutls gphoto2 gpm gps gstreamer gtk gtk2 guile hal hardened hardenedphp howl icc iconv icq ieee1394 imagemagick imap imlib innodb iodbc ipv6 isdnlog jabber jack java javascript joystick jpeg kde kdeenablefinal kerberos krb4 ladcca lcms ldap leim lesstif libcaca libg++ libgda libnotify libwww lirc lm_sensors mad maildir matroska mcal mcve memlimit mhash midi mikmod milter mime ming mmap mmx mng mono motif mozilla mp3 mpeg mpi msession msn mudflap mule mysql mysqli nas ncurses netcdf nls nocd nptl nptlonly nsplugin offensive ofx ogg openal opengl openmp osc oscar oss pam pcntl pcre pda pdf perl pfpro php plotutils png portaudio posix ppds pppd python qt qt3 qt3support qt4 quicktime radius readline recode reflection ruby samba sasl scanner sdl session sharedext sharedmem shorten simplexml skey slang slp smartcard sndfile snmp soap sockets socks5 sox speex spell spl sqlite sse sse2 ssl startup-notification svg svga sysfs tcltk tcpd tetex theora threads tidy tiff tokenizer truetype unicode usb v4l vcd vhosts videos vorbis wddx win32codecs wmf wxwindows x86 xface xine xml xml2 xmlrpc xorg xpm xprint xsl xulrunner xv xvid yahoo yaz zeo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
The problem is fixed after reemerging net-libs/xulrunner-1.9.0.5 using i686-pc-linux-gnu-3.4.6. Note that if it is compiled with i686-pc-linux-gnu-3.4.6-hardened the issue remains.
I also have the same problem on hardened x86. Hitting any keyboard accelerator combination (Esc, Ctrl+N, Ctrl+T, etc...) causes firefox to segfault. Non-accelerator keystrokes ('a', 'b', etc.) are interpreted as typeahead find or regular input and do not cause any segfault. This seems to be caused by fstack-protector. Re-building with the same profile and a fno-stack-protector-all CFLAG fixes the problem for me.
Created attachment 178598 [details, diff] Patch on mozilla-firefox-3.0.5.ebuild I used to fix the problem. Patch on mozilla-firefox-3.0.5.ebuild I used to fix the problem. The append-flags actually used to be in firefox-2* ebuilds.
I can confirm that building with the i686-pc-linux-gnu-3.4.6-hardenednossp specs fixes this issue. The above ebuild patch does effectively the same thing, although it needs to be applied to the xulrunner ebuild as well.
I haven't had this issue or been able to reproduce it, but I have SSP turned off for C++ code. Please try adding "-fno-stack-protector -fno-stack-protector-all" to CXXFLAGS and report back. If we can leave the stack-protector in place for the plain C portions that would be cool.
> Please try adding "-fno-stack-protector -fno-stack-protector-all" to CXXFLAGS ...and then recompile xulrunner/mozilla-firefox Just noting what might not be obvious for any newish users.
Created attachment 178854 [details, diff] Patch do disable SSP for C++ code in xulrunner and firefox ebuilds This is a new patch, with input from comments #9 and #10 . I can now use keyboard shortcuts and as a bonus, text relocations (see bug #253737) are gone.
I can confirm that adding "-fno-stack-protector -fno-stack-protector-all" to CXXFLAGS fixes the issue for me.
The patch in comment #12 fixes the segfaults (and the TEXTRELs in bug #253737) for me as well.
Fixed in cvs, wait an hour and emerge --sync. Thanks for reporting and testing.
