Bug#620277: libqt: segfault with iceweasel
Package: libqtcore4
Version: 4:4.7.2-3
Severity: important
File: libqt
Hello.
After upgrading my system, Iceweasel will crash in many cases, including when:
- displaying the HTTP authentication dialog
- opening the "file save" dialog
- started with "-safe-mode" or "-ProfileManager"
Installing various -dbg packages and running iceweasel --debugger yields the
following gdb session:
GNU gdb (GDB) 7.2-debian
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/iceweasel/firefox-bin...(no debugging symbols
found)...done.
(gdb) r -safe-mode
Starting program: /usr/lib/iceweasel/firefox-bin -safe-mode
[Thread debugging using libthread_db enabled]
[New Thread 0xb21ffb70 (LWP 6868)]
[New Thread 0xb19feb70 (LWP 6869)]
[New Thread 0xb11fdb70 (LWP 6870)]
[New Thread 0xb02ffb70 (LWP 6871)]
[Thread 0xb19feb70 (LWP 6869) exited]
[Thread 0xb02ffb70 (LWP 6871) exited]
[Thread 0xb11fdb70 (LWP 6870) exited]
[Thread 0xb21ffb70 (LWP 6868) exited]
process 6865 is executing new program: /usr/lib/xulrunner-1.9.1/xulrunner-stub
[Thread debugging using libthread_db enabled]
[New Thread 0xb21ffb70 (LWP 6873)]
[New Thread 0xb19feb70 (LWP 6874)]
[New Thread 0xb11fdb70 (LWP 6875)]
[New Thread 0xb02ffb70 (LWP 6876)]
[New Thread 0xaf8ffb70 (LWP 6877)]
[Thread 0xb02ffb70 (LWP 6876) exited]
Program received signal SIGSEGV, Segmentation fault.
0xb4e632aa in _mm_set_epi16 (destPixels=0xb0701c0c, srcPixels=0xbfff21bc,
length=1, const_alpha=28) at /usr/lib/gcc/i486-linux-
gnu/4.5.2/include/emmintrin.h:594
warning: Source file is more recent than executable.
594 __q0, __q1, __q2, __q3, __q4, __q5, __q6, __q7 };
(gdb) l
589 extern __inline __m128i __attribute__((__gnu_inline__,
__always_inline__, __artificial__))
590 _mm_set_epi16 (short __q7, short __q6, short __q5, short __q4,
591 short __q3, short __q2, short __q1, short __q0)
592 {
593 return __extension__ (__m128i)(__v8hi){
594 __q0, __q1, __q2, __q3, __q4, __q5, __q6, __q7 };
595 }
596
597 extern __inline __m128i __attribute__((__gnu_inline__,
__always_inline__, __artificial__))
598 _mm_set_epi8 (char __q15, char __q14, char __q13, char __q12,
(gdb) bt
#0 0xb4e632aa in _mm_set_epi16 (destPixels=0xb0701c0c, srcPixels=0xbfff21bc,
length=1, const_alpha=28) at /usr/lib/gcc/i486-linux-
gnu/4.5.2/include/emmintrin.h:594
#1 _mm_set1_epi16 (destPixels=0xb0701c0c, srcPixels=0xbfff21bc, length=1,
const_alpha=28) at /usr/lib/gcc/i486-linux-gnu/4.5.2/include/emmintrin.h:632
#2 comp_func_SourceOver_sse2 (destPixels=0xb0701c0c, srcPixels=0xbfff21bc,
length=1, const_alpha=28) at painting/qdrawhelper_sse2.cpp:158
#3 0xb507c522 in process (count=58, spans=0xbfff48f4, data=0xb0702230,
handler=...) at painting/qdrawhelper.cpp:3709
#4 handleSpans<BlendSrcGeneric<(SpanMethod)0> > (count=58, spans=0xbfff48f4,
data=0xb0702230, handler=...) at painting/qdrawhelper.cpp:3655
#5 0xb507533b in blend_src_generic<(SpanMethod)0> (count=58, spans=0xbfff48f4,
userData=0xb0702230) at painting/qdrawhelper.cpp:3727
#6 0xb50754a9 in qt_gradient_quint32 (count=58, spans=0xbfff48f4,
userData=0xb0702230) at painting/qdrawhelper.cpp:7083
#7 0xb50813bd in gray_convert_glyph (worker=0xbfff44e0) at
painting/qgrayraster.c:1767
#8 0xb5049994 in QRasterPaintEnginePrivate::rasterize (this=0xaf9c4800,
outline=0xb03f5ea4, callback=0xb5075470 <qt_gradient_quint32(int, QSpan const*,
void*)>,
userData=0xb0702230) at painting/qpaintengine_raster.cpp:4240
#9 0xb50569eb in QRasterPaintEngine::fill (this=0xb052ab00, path=...,
brush=...) at painting/qpaintengine_raster.cpp:1869
#10 0xb4fbd106 in QPaintEngineEx::draw (this=0xb052ab00, path=...) at
painting/qpaintengineex.cpp:597
#11 0xb4fbfcc5 in QPaintEngineEx::drawPath (this=0xb052ab00, path=...) at
painting/qpaintengineex.cpp:846
#12 0xb4fd049f in QPainter::drawPath (this=0xbfff5b90, path=...) at
painting/qpainter.cpp:3381
#13 0xb4fce245 in QPainterPrivate::draw_helper (this=0xaf931c10,
originalPath=..., op=QPainterPrivate::StrokeAndFillDraw) at
painting/qpainter.cpp:471
#14 0xb4fcf8f0 in QPainter::drawEllipse (this=0xbfff5de0, r=...) at
painting/qpainter.cpp:4266
#15 0xb3d81d79 in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#16 0xb3d838fc in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#17 0xb3db9c78 in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#18 0xb3dca27d in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#19 0xb3dca8cd in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#20 0xb3dbb90a in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#21 0xb46c159d in KStyle::drawPrimitive(QStyle::PrimitiveElement, QStyleOption
const*, QPainter*, QWidget const*) const () from /usr/lib/libkdeui.so.5
#22 0xb3dbbf57 in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#23 0xb46bccb4 in KStyle::drawControl(QStyle::ControlElement, QStyleOption
const*, QPainter*, QWidget const*) const () from /usr/lib/libkdeui.so.5
#24 0xb3dc4c25 in ?? () from /usr/lib/kde4/plugins/styles/oxygen.so
#25 0xb5a8e50a in ?? () from /usr/lib/gtk-2.0/2.10.0/engines/libqt4engine.so
#26 0xb5a876c6 in ?? () from /usr/lib/gtk-2.0/2.10.0/engines/libqt4engine.so
#27 0xb5a84af6 in ?? () from /usr/lib/gtk-2.0/2.10.0/engines/libqt4engine.so
#28 0xb653c041 in gtk_paint_check () from /usr/lib/libgtk-x11-2.0.so.0
#29 0xb7787379 in moz_gtk_toggle_paint (widget=MOZ_GTK_CHECKBUTTON,
drawable=0xb052a780, rect=0xbfff73e4, cliprect=0xbfff73d4, state=0xbfff7a24,
flags=0,
direction=GTK_TEXT_DIR_LTR) at
.../../../../widget/src/gtk2/gtk2drawing.c:1020
#30 moz_gtk_widget_paint (widget=MOZ_GTK_CHECKBUTTON, drawable=0xb052a780,
rect=0xbfff73e4, cliprect=0xbfff73d4, state=0xbfff7a24, flags=0,
direction=GTK_TEXT_DIR_LTR)
at ../../../../widget/src/gtk2/gtk2drawing.c:3050
#31 0xb77a3f53 in ThemeRenderer::NativeDraw (this=0xbfff7a20,
drawable=0xb052a780, offsetX=12, offsetY=62, clipRects=0xbfff7514,
numClipRects=0)
at ../../../../widget/src/gtk2/nsNativeThemeGTK.cpp:648
#32 0xb788bdcb in NativeRendering (closure=0xbfff79ac, surface=0xb7b6ed40,
offset_x=12, offset_y=62, rectangles=0xbfff7514, num_rects=0)
at ../../../../gfx/thebes/src/gfxGdkNativeRenderer.cpp:67
#33 0xb7874162 in _draw_with_xlib_direct (cr=<value optimized out>,
default_display=0xb7b88000,
callback=0xb788bd60 <NativeRendering(void*, cairo_surface_t*, short, short,
GdkRectangle*, unsigned int)>, closure=0xbfff79ac, bounds_width=29,
bounds_height=29,
capabilities=CAIRO_GDK_DRAWING_SUPPORTS_OFFSET) at
.../../../../gfx/thebes/src/cairo-xlib-utils.c:309
#34 0xb787436a in cairo_draw_with_gdk (cr=0xb6c467f4, callback=0xb788bd60
<NativeRendering(void*, cairo_surface_t*, short, short, GdkRectangle*, unsigned
int)>,
closure=0xbfff79ac, width=29, height=29,
is_opaque=CAIRO_GDK_DRAWING_TRANSPARENT,
capabilities=CAIRO_GDK_DRAWING_SUPPORTS_OFFSET, result=0x0)
at ../../../../gfx/thebes/src/cairo-xlib-utils.c:529
#35 0xb788be9a in gfxGdkNativeRenderer::Draw (this=0xbfff7a20, ctx=0xaf98f790,
width=29, height=29, flags=2, output=0x0)
at ../../../../gfx/thebes/src/gfxGdkNativeRenderer.cpp:110
#36 0xb77a52f2 in nsNativeThemeGTK::DrawWidgetBackground (this=0xaf91a000,
aContext=0xb032eb00, aFrame=0xaf9d5f04, aWidgetType=3 '\003', aRect=...,
aDirtyRect=...)
---Type <return> to continue, or q <return> to quit---
at ../../../../widget/src/gtk2/nsNativeThemeGTK.cpp:784
#37 0xb7205196 in nsCSSRendering::PaintBackgroundWithSC
(aPresContext=0xaf90f800, aRenderingContext=..., aForFrame=0xaf9d5f04,
aDirtyRect=..., aBorderArea=..., aColor=...,
aBorder=..., aFlags=0, aBGClipRect=0x0) at
.../../../layout/base/nsCSSRendering.cpp:1380
#38 0xb7205ce6 in nsCSSRendering::PaintBackground (aPresContext=0xaf90f800,
aRenderingContext=..., aForFrame=0xaf9d5f04, aDirtyRect=..., aBorderArea=...,
aFlags=0,
aBGClipRect=0x0) at ../../../layout/base/nsCSSRendering.cpp:1310
#39 0xb720dbd2 in nsDisplayBackground::Paint (this=0xaf9c3864,
aBuilder=0xbfff7ed4, aCtx=0xb032eb00, aDirtyRect=...) at
.../../../layout/base/nsDisplayList.cpp:598
#40 0xb720e389 in nsDisplayList::Paint (this=0xbfff817c, aBuilder=0xbfff7ed4,
aCtx=0xb032eb00, aDirtyRect=...) at ../../../layout/base/nsDisplayList.cpp:313
#41 0xb721cab2 in nsLayoutUtils::PaintFrame (aRenderingContext=0xb032eb00,
aFrame=0xaf98a580, aDirtyRegion=..., aBackground=4292796384)
at ../../../layout/base/nsLayoutUtils.cpp:1114
#42 0xb7224e03 in PresShell::Paint (this=0xaf911400, aView=0xaf95d400,
aRenderingContext=0xb032eb00, aDirtyRegion=...) at
.../../../layout/base/nsPresShell.cpp:5777
#43 0xb746687a in nsViewManager::RenderViews (this=0xaf95d3a0,
aView=0xaf95d400, aRC=..., aRegion=...) at
.../../../view/src/nsViewManager.cpp:648
#44 0xb746840a in nsViewManager::Refresh (this=0xaf95d3a0, aView=0xaf95d400,
aContext=0xb032eb00, aRegion=0xb032ea80, aUpdateFlags=1)
at ../../../view/src/nsViewManager.cpp:512
#45 0xb746882b in nsViewManager::DispatchEvent (this=0xaf95d3a0,
aEvent=0xbfff84f8, aStatus=0xbfff8480) at
.../../../view/src/nsViewManager.cpp:1153
#46 0xb74642f0 in HandleEvent (aEvent=0xbfff84f8) at
.../../../view/src/nsView.cpp:168
#47 0xb778947f in nsWindow::DispatchEvent (this=0xb03ea300, aEvent=0xbfff84f8,
aStatus=@0xbfff85f4) at ../../../../widget/src/gtk2/nsWindow.cpp:583
#48 0xb7792228 in nsWindow::OnExposeEvent (this=0xb03ea300, aWidget=0xb032d920,
aEvent=0xbfff8a40) at ../../../../widget/src/gtk2/nsWindow.cpp:2464
#49 0xb779252d in expose_event_cb (widget=0xb032d920, event=0xbfff8a40) at
.../../../../widget/src/gtk2/nsWindow.cpp:5391
#50 0xb64a8974 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#51 0xb68a49f2 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#52 0xb68b7988 in ?? () from /usr/lib/libgobject-2.0.so.0
#53 0xb68c017b in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#54 0xb68c05a2 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#55 0xb65dd576 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#56 0xb64a70f2 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#57 0xb62f0371 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#58 0xb6322904 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#59 0xb62eb25b in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#60 0xb62ed227 in gdk_window_process_all_updates () from
/usr/lib/libgdk-x11-2.0.so.0
#61 0xb62ed2ab in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#62 0xb62c9378 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#63 0xb67f7a41 in ?? () from /lib/libglib-2.0.so.0
#64 0xb67fc252 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#65 0xb67fca30 in ?? () from /lib/libglib-2.0.so.0
#66 0xb67fcce4 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#67 0xb7793e7c in nsAppShell::ProcessNextNativeEvent (this=0xb06b0fb0,
mayWait=1) at ../../../../widget/src/gtk2/nsAppShell.cpp:147
#68 0xb77a5cf8 in nsBaseAppShell::DoProcessNextNativeEvent (this=0xb06b0fb0,
mayWait=1) at ../../../../widget/src/xpwidgets/nsBaseAppShell.cpp:151
#69 0xb77a5e00 in nsBaseAppShell::OnProcessNextEvent (this=0xb06b0fb0,
thr=0xb4bfe6f0, mayWait=1, recursionDepth=0) at
.../../../../widget/src/xpwidgets/nsBaseAppShell.cpp:296
#70 0xb784892f in nsThread::ProcessNextEvent (this=0xb4bfe6f0, mayWait=1,
result=0xbfff8e00) at ../../../xpcom/threads/nsThread.cpp:508
#71 0xb781bb72 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=1) at nsThreadUtils.cpp:250
#72 0xb7676c38 in nsXULWindow::ShowModal (this=0xb06a1af0) at
.../../../../xpfe/appshell/src/nsXULWindow.cpp:415
#73 0xb76737c9 in nsContentTreeOwner::ShowAsModal (this=0xb0325640) at
.../../../../xpfe/appshell/src/nsContentTreeOwner.cpp:528
#74 0xb7656554 in nsWindowWatcher::OpenWindowJSInternal (this=0xb0524310,
aParent=0x0, aUrl=0xb033e220 "chrome://browser/content/safeMode.xul",
aName=0xb057c508 "_blank",
aFeatures=0xb033e250 "chrome,centerscreen,modal,resizable=no", aDialog=0,
argv=0x0, aCalledFromJS=0, _retval=0xbfff93b8)
at
.../../../../../embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1027
#75 0xb7656931 in nsWindowWatcher::OpenWindow (this=0xb0524310, aParent=0x0,
aUrl=0xb033e220 "chrome://browser/content/safeMode.xul", aName=0xb057c508
"_blank",
aFeatures=0xb033e250 "chrome,centerscreen,modal,resizable=no",
aArguments=0x0, _retval=0xbfff93b8)
---Type <return> to continue, or q <return> to quit---
at
.../../../../../embedding/components/windowwatcher/src/nsWindowWatcher.cpp:424
#76 0xb7854717 in NS_InvokeByIndex_P () from /usr/lib/xulrunner-1.9.1/libxul.so
#77 0xb70ce31f in XPCWrappedNative::CallMethod (ccx=...,
mode=XPCWrappedNative::CALL_METHOD) at
.../../../../../js/src/xpconnect/src/xpcwrappednative.cpp:2456
#78 0xb70d3866 in XPC_WN_CallMethod (cx=0xb2885400, obj=0xb0330a20, argc=5,
argv=0xb4b24ad4, vp=0xbfff95d8)
at ../../../../../js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
#79 0xb6dc3ca5 in js_Invoke (cx=0xb2885400, argc=5, vp=0xb4b24acc, flags=2) at
.../../../js/src/jsinterp.cpp:1386
#80 0xb6db60de in js_Interpret (cx=0xb2885400) at
.../../../js/src/jsinterp.cpp:5181
#81 0xb6dc3cb8 in js_Invoke (cx=0xb2885400, argc=3, vp=0xb4b24a20, flags=0) at
.../../../js/src/jsinterp.cpp:1394
#82 0xb70cb98d in nsXPCWrappedJSClass::CallMethod (this=0xb07b14c0,
wrapper=0xb0529680, methodIndex=3, info=0xb2254240, nativeParams=0xbfff9abc)
at ../../../../../js/src/xpconnect/src/xpcwrappedjsclass.cpp:1745
#83 0xb70c70b3 in nsXPCWrappedJS::CallMethod (this=0xb0529680, methodIndex=3,
info=0xb2254240, params=0xbfff9abc) at
.../../../../../js/src/xpconnect/src/xpcwrappedjs.cpp:569
#84 0xb785520a in PrepareAndDispatch (methodIndex=<value optimized out>,
self=0xb4b06b10, args=<value optimized out>)
at
.../../../../../../../xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp:95
#85 0xb782591a in nsObserverList::NotifyObservers (this=0xb06dd8b4,
aSubject=0x0, aTopic=0xb78b5742 "final-ui-startup", someData=0x0)
at ../../../xpcom/ds/nsObserverList.cpp:130
#86 0xb782607e in nsObserverService::NotifyObservers (this=0xb4b18fd0,
aSubject=0x0, aTopic=0xb78b5742 "final-ui-startup", someData=0x0)
at ../../../xpcom/ds/nsObserverService.cpp:181
#87 0xb70a5913 in XRE_main (argc=2, argv=0xbffff2f4, aAppData=0xb7b03900) at
.../../../toolkit/xre/nsAppRunner.cpp:3301
#88 0x08049dbc in main (argc=2, argv=0xbffff2f4) at
.../../../xulrunner/stub/nsXULStub.cpp:503
Manually downgrading to libqtcore4_4.6.3-4_i386 and libqtgui4_4.6.3-4_i386.deb
makes Iceweasel work perfectly, which is why I assigned to libqt.
More information can be provided if needed.
-- System Information:
Debian Release: wheezy/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.38-2-686-bigmem (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libqtcore4 depends on:
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.0-2 GCC support library
ii libglib2.0-0 2.28.4-1 The GLib library of C routines
ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libqtcore4 recommends no packages.
libqtcore4 suggests no packages.
-- no debconf information
Reply to: