Bug 269231

Summary:	mozilla-firefox-3.0.10 buffer overflow at start time.
Product:	Gentoo Linux	Reporter:	Dominique Michel <dominique.c.michel>
Component:	Current packages	Assignee:	Mozilla Gentoo Team <mozilla>
Status:	RESOLVED NEEDINFO
Severity:	normal	CC:	Martin.Spoo, x11
Priority:	High
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	emerge --info xorg.conf Xorg.0.log

Description Dominique Michel 2009-05-10 10:38:29 UTC

:
firefox
No running windows found
*** buffer overflow detected ***: /usr/lib64/mozilla-firefox/firefox-bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f1dd8db4d67]
/lib/libc.so.6[0x7f1dd8db2b40]
/lib/libc.so.6[0x7f1dd8db322b]
/usr/lib64/mozilla-firefox/firefox-bin[0x4058cc]
/usr/lib64/mozilla-firefox/firefox-bin[0x40b324]
/usr/lib64/mozilla-firefox/firefox-bin[0x40755e]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f1dd8cee5c6]
/usr/lib64/mozilla-firefox/firefox-bin[0x403ca9]
======= Memory map: ========
00400000-00415000 r-xp 00000000 08:04 50810735                           /usr/lib64/mozilla-firefox/firefox-bin
00615000-00616000 r--p 00015000 08:04 50810735                           /usr/lib64/mozilla-firefox/firefox-bin
00616000-00617000 rw-p 00016000 08:04 50810735                           /usr/lib64/mozilla-firefox/firefox-bin
009b8000-009d9000 rw-p 009b8000 00:00 0                                  [heap]
7f1dd671b000-7f1dd6723000 r-xp 00000000 08:04 50168586                   /lib64/librt-2.9.so
7f1dd6723000-7f1dd6922000 ---p 00008000 08:04 50168586                   /lib64/librt-2.9.so
7f1dd6922000-7f1dd6923000 r--p 00007000 08:04 50168586                   /lib64/librt-2.9.so
7f1dd6923000-7f1dd6924000 rw-p 00008000 08:04 50168586                   /lib64/librt-2.9.so
7f1dd6924000-7f1dd694b000 r-xp 00000000 08:04 47613903                   /usr/lib64/libexpat.so.1.5.2
7f1dd694b000-7f1dd6b4b000 ---p 00027000 08:04 47613903                   /usr/lib64/libexpat.so.1.5.2
7f1dd6b4b000-7f1dd6b4d000 r--p 00027000 08:04 47613903                   /usr/lib64/libexpat.so.1.5.2
7f1dd6b4d000-7f1dd6b4e000 rw-p 00029000 08:04 47613903                   /usr/lib64/libexpat.so.1.5.2
7f1dd6b4e000-7f1dd6b63000 r-xp 00000000 08:04 47614096                   /lib64/libz.so.1.2.3
7f1dd6b63000-7f1dd6d62000 ---p 00015000 08:04 47614096                   /lib64/libz.so.1.2.3
7f1dd6d62000-7f1dd6d63000 r--p 00014000 08:04 47614096                   /lib64/libz.so.1.2.3
7f1dd6d63000-7f1dd6d64000 rw-p 00015000 08:04 47614096                   /lib64/libz.so.1.2.3
7f1dd6d64000-7f1dd6d69000 r-xp 00000000 08:04 47811276                   /usr/lib64/libXdmcp.so.6.0.0
7f1dd6d69000-7f1dd6f68000 ---p 00005000 08:04 47811276                   /usr/lib64/libXdmcp.so.6.0.0
7f1dd6f68000-7f1dd6f69000 r--p 00004000 08:04 47811276                   /usr/lib64/libXdmcp.so.6.0.0
7f1dd6f69000-7f1dd6f6a000 rw-p 00005000 08:04 47811276                   /usr/lib64/libXdmcp.so.6.0.0
7f1dd6f6a000-7f1dd6f6c000 r-xp 00000000 08:04 47811229                   /usr/lib64/libXau.so.6.0.0
7f1dd6f6c000-7f1dd716b000 ---p 00002000 08:04 47811229                   /usr/lib64/libXau.so.6.0.0
7f1dd716b000-7f1dd716c000 r--p 00001000 08:04 47811229                   /usr/lib64/libXau.so.6.0.0
7f1dd716c000-7f1dd716d000 rw-p 00002000 08:04 47811229                   /usr/lib64/libXau.so.6.0.0
7f1dd716d000-7f1dd7176000 r-xp 00000000 08:04 47812057                   /usr/lib64/libXrender.so.1.3.0
7f1dd7176000-7f1dd7375000 ---p 00009000 08:04 47812057                   /usr/lib64/libXrender.so.1.3.0
7f1dd7375000-7f1dd7376000 r--p 00008000 08:04 47812057                   /usr/lib64/libXrender.so.1.3.0
7f1dd7376000-7f1dd7377000 rw-p 00009000 08:04 47812057                   /usr/lib64/libXrender.so.1.3.0
7f1dd7377000-7f1dd739c000 r-xp 00000000 08:04 47729910                   /usr/lib64/libpng12.so.0.36.0
7f1dd739c000-7f1dd759b000 ---p 00025000 08:04 47729910                   /usr/lib64/libpng12.so.0.36.0
7f1dd759b000-7f1dd759c000 r--p 00024000 08:04 47729910                   /usr/lib64/libpng12.so.0.36.0
7f1dd759c000-7f1dd759d000 rw-p 00025000 08:04 47729910                   /usr/lib64/libpng12.so.0.36.0
7f1dd759d000-7f1dd75b3000 r-xp 00000000 08:04 48711792                   /usr/lib64/libdirect-1.2.so.0.7.0
7f1dd75b3000-7f1dd77b3000 ---p 00016000 08:04 48711792                   /usr/lib64/libdirect-1.2.so.0.7.0
7f1dd77b3000-7f1dd77b4000 r--p 00016000 08:04 48711792                   /usr/lib64/libdirect-1.2.so.0.7.0
7f1dd77b4000-7f1dd77b5000 rw-p 00017000 08:04 48711792                   /usr/lib64/libdirect-1.2.so.0.7.0
7f1dd77b5000-7f1dd77b6000 rw-p 7f1dd77b5000 00:00 0 
7f1dd77b6000-7f1dd77cb000 r-xp 00000000 08:04 48711396                   /usr/lib64/libfusion-1.2.so.0.7.0
7f1dd77cb000-7f1dd79ca000 ---p 00015000 08:04 48711396                   /usr/lib64/libfusion-1.2.so.0.7.0
7f1dd79ca000-7f1dd79cb000 r--p 00014000 08:04 48711396                   /usr/lib64/libfusion-1.2.so.0.7.0
7f1dd79cb000-7f1dd79cc000 rw-p 00015000 08:04 48711396                   /usr/lib64/libfusion-1.2.so.0.7.0
7f1dd79cc000-7f1dd7a49000 r-xp 00000000 08:04 48711168                   /usr/lib64/libdirectfb-1.2.so.0.7.0
7f1dd7a49000-7f1dd7c49000 ---p 0007d000 08:04 48711168                   /usr/lib64/libdirectfb-1.2.so.0.7.0
7f1dd7c49000-7f1dd7c4b000 r--p 0007d000 08:04 48711168                   /usr/lib64/libdirectfb-1.2.so.0.7.0
7f1dd7c4b000-7f1dd7c4d000 rw-p 0007f000 08:04 48711168                   /usr/lib64/libdirectfb-1.2.so.0.7.0
7f1dd7c4d000-7f1dd7c4e000 rw-p 7f1dd7c4d000 00:00 0 
7f1dd7c4e000-7f1dd7c91000 r-xp 00000000 08:04 47794579                   /usr/lib64/libpixman-1.so.0.14.0
7f1dd7c91000-7f1dd7e90000 ---p 00043000 08:04 47794579                   /usr/lib64/libpixman-1.so.0.14.0
7f1dd7e90000-7f1dd7e92000 r--p 00042000 08:04 47794579                   /usr/lib64/libpixman-1.so.0.14.0
7f1dd7e92000-7f1dd7e93000 rw-p 00044000 08:04 47794579                   /usr/lib64/libpixman-1.so.0.14.0
7f1dd7e93000-7f1dd7e98000 r-xp 00000000 08:04 46829500                   /usr/lib64/libXfixes.so.3.1.0
7f1dd7e98000-7f1dd8097000 ---p 00005000 08:04 46829500                   /usr/lib64/libXfixes.so.3.1.0
7f1dd8097000-7f1dd8098000 r--p 00004000 08:04 46829500                   /usr/lib64/libXfixes.so.3.1.0
7f1dd8098000-7f1dd8099000 rw-p 00005000 08:04 46829500                   /usr/lib64/libXfixes.so.3.1.0
7f1dd8099000-7f1dd809b000 r-xp 00000000 08:04 46829435                   /usr/lib64/libXdamage.so.1.1.0
7f1dd809b000-7f1dd829a000 ---p 00002000 08:04 46829435                   /usr/lib64/libXdamage.so.1.1.0
7f1dd829a000-7f1dd829b000 r--p 00001000 08:04 46829435                   /usr/lib64/libXdamage.so.1.1.0
7f1dd829b000-7f1dd829c000 rw-p 00002000 08:04 46829435                   /usr/lib64/libXdamage.so.1.1.0
7f1dd829c000-7f1dd82ad000 r-xp 00000000 08:04 47891950                   /usr/lib64/libXext.so.6.4.0
7f1dd82ad000-7f1dd84ac000 ---p 00011000 08:04 47891950                   /usr/lib64/libXext.so.6.4.0
7f1dd84ac000-7f1dd84ad000 r--p 00010000 08:04 47891950                   /usr/lib64/libXext.so.6.4.0
7f1dd84ad000-7f1dd84ae000 rw-p 00011000 08:04 47891950                   /usr/lib64/libXext.so.6.4.0
7f1dd84ae000-7f1dd84b0000 r-xp 00000000 08:04 46829471                   /usr/lib64/libXcomposite.so.1.0.0
7f1dd84b0000-7f1dd86af000 ---p 00002000 08:04 46829471                   /usr/lib64/libXcomposite.so.1.0.0
7f1dd86af000-7f1dd86b0000 r--p 00001000 08:04 46829471                   /usr/lib64/libXcomposite.so.1.0.0
7f1dd86b0000-7f1dd86b1000 rw-p 00002000 08:04 46829471                   /usr/lib64/libXcomposite.so.1.0.0
7f1dd86b1000-7f1dd86bb000 r-xp 00000000 08:04 47892456                   /usr/lib64/libXcursor.so.1.0.2
7f1dd86bb000-7f1dd88ba000 ---p 0000a000 08:04 47892456                   /usr/lib64/libXcursor.so.1.0.2
7f1dd88ba000-7f1dd88bb000 r--p 00009000 08:04 47892456                   /usr/lib64/libXcursor.so.1.0.2
7f1dd88bb000-7f1dd88bc000 rw-p 0000a000 08:04 47892456                   /usr/lib64/libXcursor.so.1.0.2
7f1dd88bc000-7f1dd88c4000 r-xp 00000000 08:04 47892399                   /usr/lib64/libXrandr.so.2.2.0
7f1dd88c4000-7f1dd8ac3000 ---p 00008000 08:04 47892399                   /usr/lib64/libXrandr.so.2.2.0
7f1dd8ac3000-7f1dd8ac4000 r--p 00007000 08:04 47892399                   /usr/lib64/libXrandr.so.2.2.0
7f1dd8ac4000-7f1dd8ac5000 rw-p 00008000 08:04 47892399                   /usr/lib64/libXrandr.so.2.2.0
7f1dd8ac5000-7f1dd8ace000 r-xp 00000000 08:04 47892151                   /usr/lib64/libXi.so.6.0.0
7f1/usr/libexec/mozilla-launcher: line 119: 26419 Abandon                 $(type -P aoss) "$mozbin" $xulparams "$@"
firefox-bin exited with non-zero status (134)


Reproducible: Always

Steps to Reproduce:
1. firefox
2.
3.

Actual Results:  
firefox crash immediately at start. No window is shown.

Expected Results:  
That firefox will run fine.

I don't think that this is a duplicate of show_bug.cgi?id=255470 because the error is not the same, but I am not sure of this. I will try later to downgrade nvidia-drivers.

Like aoss is into the error, I try it both with jackd and "jacklaunch firefox", and after stopping jackd and renaming my .asoundrc with "firefox". Same result.


[ebuild   R   ] x11-libs/cairo-1.8.6-r1  USE="X directfb opengl svg -cleartype -debug -doc -glitz -xcb"
[ebuild   R   ] x11-drivers/nvidia-drivers-180.51  USE="acpi gtk (multilib) -custom-cflags"

Comment 1 Dominique Michel 2009-05-10 10:42:53 UTC

Created attachment 190822 [details]
emerge --info

Comment 2 Dominique Michel 2009-05-10 10:49:34 UTC

Downgraded nvidia-drivers to 177.82 but it doesn't helped.

Comment 3 Marijn Schouten (RETIRED) gentoo-dev

2009-05-10 11:05:29 UTC

which firefox version?

Comment 4 Dominique Michel 2009-05-10 11:07:54 UTC

Ouch sorry. It is 3.0.10 that is crashing. After downgrading to 3.0.8, all is working fine.

Comment 5 Sebastian Luther (few) 2009-05-12 10:50:28 UTC

Please attach xorg.conf and Xorg.0.log.

Comment 6 Dominique Michel 2009-05-12 17:42:47 UTC

Created attachment 191054 [details]
xorg.conf

Comment 7 Dominique Michel 2009-05-12 17:43:45 UTC

Created attachment 191055 [details]
Xorg.0.log

Xorg.0.log

Comment 8 Dominique Michel 2009-05-12 17:52:55 UTC

I was trying firefox-2.0.0.19 and get exactly the same crash than with 3.0.10. So only 3.0.8 is working for me.

I was using 2.0.0.19 before the update to ~amd64 and it was with another xorg.conf file (with Option "AutoAddDevices" "False"). I made a backup of it, so I can try to run firefox with it if you want to.

Comment 9 Jory A. Pratt gentoo-dev

2010-07-29 00:56:07 UTC

If you can duplicate this with firefox-3.6.8 please feel free to reopen bug and update.