Bug 17093 - Opening web site with swfdec crashes firefox3
Summary: Opening web site with swfdec crashes firefox3
Status: RESOLVED DUPLICATE of bug 16717
Alias: None
Product: swfdec
Classification: Unclassified
Component: plugin (show other bugs)
Version: 0.7.x
Hardware: Other All
: medium critical
Assignee: swfdec ml
QA Contact: swfdec ml
Depends on:
Reported: 2008-08-12 08:13 UTC by Sergio Rafael Lemke
Modified: 2008-08-16 09:52 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Sergio Rafael Lemke 2008-08-12 08:13:27 UTC
Everytime i try to access some determined websites firefox3 crashes, this site has some flash animations and i am not really sure that swfdec is causing the crash but the steps to reproduce are really easy to get a final conclusion about this issue:

Open www.real.com.br with firefox3 using swfdec, firefox will crash. Confirmed on x32 and x64 systems using Mandriva Linux.
Comment 1 Riccardo Magliocchetti 2008-08-12 09:00:35 UTC
Reproduced here:

The program 'firefox-bin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadMatch (invalid parameter attributes)'.
  (Details: serial 40107 error_code 8 request_code 155 minor_code 4)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

It looks like mozilla 304370 [1] (and others, query 'badmatch') which has a similar behaviour with adobe flash 7 or 9; they are claimed as flash bugs and not mozilla ones.
They also have a different error_code, request_code and minor_code. Not that i know what they mean though :)

Following the advice given on console should help. Sergio if you are willing to do that would be great :)

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=304370
Comment 2 Pekka Lampila 2008-08-13 05:20:01 UTC
I can reproduce this too, here is the backtrace (with --sync):

#0  IA__g_logv (log_domain=0x7fd909213c73 "Gdk", log_level=G_LOG_LEVEL_ERROR, format=0x7fd909231067 "%s", args1=0x7fff176c6960)
    at /build/buildd/glib2.0-2.17.6/glib/gmessages.c:503
#1  0x00007fd90a404fd3 in IA__g_log (log_domain=0x7fd90e8dfa00 "", log_level=0, format=0x2db0600 "ZZZ\231YYY\231�\001")
    at /build/buildd/glib2.0-2.17.6/glib/gmessages.c:517
#2  0x00007fd9091fbde2 in gdk_x_error (display=<value optimized out>, error=<value optimized out>) at /build/buildd/gtk+2.0-2.13.6/gdk/x11/gdkmain-x11.c:641
#3  0x00007fd909ef1864 in _XError (dpy=0x645e60, rep=0x2db00f0) at ../../src/XlibInt.c:2912
#4  0x00007fd909ef92df in process_responses (dpy=0x645e60, wait_for_first_event=0, current_error=0x7fff176c6c38, current_request=59899)
    at ../../src/xcb_io.c:138
#5  0x00007fd909ef968a in _XReply (dpy=0x645e60, rep=0x7fff176c6c80, extra=0, discard=1) at ../../src/xcb_io.c:370
#6  0x00007fd909eed0c3 in XSync (dpy=0x645e60, discard=0) at ../../src/Sync.c:48
#7  0x00007fd909eed27b in _XSyncFunction (dpy=0x7fd90e8dfa00) at ../../src/Synchro.c:37
#8  0x00007fd909ef9a3b in _XIDHandler (dpy=0x645e60) at ../../src/xcb_io.c:275
#9  0x00007fd90a1bbf77 in XRenderCreatePicture (dpy=0x645e60, drawable=18877711, format=0x7b9080, valuemask=0, attributes=0x0) at ../../src/Picture.c:99
#10 0x00007fd90b448025 in _cairo_xlib_surface_ensure_dst_picture (surface=0x2dafcc0) at cairo-xlib-surface.c:845
#11 0x00007fd90b449874 in _cairo_xlib_surface_fill_rectangles (abstract_surface=0x2dafcc0, op=CAIRO_OPERATOR_OVER, color=<value optimized out>,
    rects=0x7fff176c76e0, num_rects=1) at cairo-xlib-surface.c:1864
#12 0x00007fd90b420685 in _cairo_surface_fill_rectangles (surface=0x7fd90e8dfa00, op=CAIRO_OPERATOR_OVER, color=0x2db00b8, rects=0x7fff176c76e0,
    num_rects=47909392) at cairo-surface.c:1440
#13 0x00007fd90b420891 in _cairo_surface_fill_region (surface=0x2dafcc0, op=CAIRO_OPERATOR_OVER, color=0x2db00b8, region=0x7fff176c80f0)
    at cairo-surface.c:1391
#14 0x00007fd90b42306f in _clip_and_composite_trapezoids (src=0x2db0050, op=CAIRO_OPERATOR_OVER, dst=0x2dafcc0, traps=0x7fff176c8190, clip=0x2daff40,
    antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface-fallback.c:617
#15 0x00007fd90b423390 in _cairo_surface_fallback_fill (surface=0x2dafcc0, op=CAIRO_OPERATOR_OVER, source=0x2db0050, path=0x2db0400,
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface-fallback.c:904
#16 0x00007fd90b41febe in _cairo_surface_fill (surface=0x2dafcc0, op=CAIRO_OPERATOR_OVER, source=<value optimized out>, path=0x2db0400,
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface.c:1666
#17 0x00007fd90b40db6c in _cairo_gstate_fill (gstate=0x2dafea0, path=0x2db0400) at cairo-gstate.c:982
#18 0x00007fd90b407420 in *INT_cairo_fill_preserve (cr=0x2db0220) at cairo.c:2188
#19 0x00007fd90b407439 in cairo_fill (cr=0x7fd90e8dfa00) at cairo.c:2164
#20 0x00007fd8f7dfba46 in swfmoz_player_render (player=0x2b69800, cr=0x2db0220, region=<value optimized out>) at swfmoz_player.c:816
#21 0x00007fd8f7df8cfd in plugin_x11_handle_event (mozplay=0x2b69800, event=0x7fff176c8520) at plugin_x11.c:57
#22 0x00007fd8f7df7f83 in plugin_handle_event (instance=0x205ad40, eventp=0x7fff176c8520) at plugin.c:412
#23 0x00007fd90d31bcfc in ns4xPluginInstance::HandleEvent (this=0x205ad10, event=0x7fff176c8520, handled=0x7fff176c851c) at ns4xPluginInstance.cpp:1312
#24 0x00007fd90ceeb8cf in nsPluginInstanceOwner::Renderer::NativeDraw (this=0x7fff176c8a00, dpy=0x645e60, drawable=18877711, visual=0x7fd90e8dfa60,
    offsetX=<value optimized out>, offsetY=<value optimized out>, clipRects=0x7fff176c86b0, numClipRects=0) at nsObjectFrame.cpp:4155
#25 0x00007fd90d4ff9ea in NativeRendering (closure=0x7fff176c89a0, dpy=0x0, drawable=47908352, visual=0x7fd90e8dfa60, offset_x=<value optimized out>,
    offset_y=<value optimized out>, rectangles=0x7fff176c86b0, num_rects=0) at gfxXlibNativeRenderer.cpp:59
#26 0x00007fd90d4f2ae7 in _draw_with_xlib_direct (cr=<value optimized out>, default_display=0x645e60, callback=0x7fd90d4ff9c0 <NativeRendering>,
    closure=0x7fff176c89a0, bounds_width=<value optimized out>, bounds_height=40, capabilities=<value optimized out>) at cairo-xlib-utils.c:312
#27 0x00007fd90d4f2d55 in cairo_draw_with_xlib (cr=0x2930890, callback=0x7fd90d4ff9c0 <NativeRendering>, closure=0x7fff176c89a0, dpy=0x645e60, width=170,
    height=40, is_opaque=CAIRO_XLIB_DRAWING_OPAQUE, capabilities=27, result=0x0) at cairo-xlib-utils.c:537
#28 0x00007fd90d4ffad0 in gfxXlibNativeRenderer::Draw (this=0x7fd90e8dfa58, dpy=0x645e60, ctx=0x2b94ff0, width=170, height=40, flags=0, output=0x0)
    at gfxXlibNativeRenderer.cpp:101
#29 0x00007fd90ceed34e in nsPluginInstanceOwner::Paint (this=0x295ae40, aRenderingContext=@0x2ba6f40, aDirtyRect=@0x7fff176c8ad0) at nsObjectFrame.cpp:4076
#30 0x00007fd90ceed39a in nsObjectFrame::PaintPlugin (this=0x26b3d28, aRenderingContext=@0x2ba6f40, aDirtyRect=@0x7fff176c8ad0) at nsObjectFrame.cpp:1400
#31 0x00007fd90ceed423 in PaintPlugin (aFrame=0x26b3d28, aCtx=0x2ba6f40, aDirtyRect=@0x7fff176c8be0, aPt={x = 392989488, y = 32767}) at nsObjectFrame.cpp:1096
#32 0x00007fd90cedcf28 in nsDisplayGeneric::Paint (this=0x2bb8148, aBuilder=<value optimized out>, aCtx=0x2ba6f40, aDirtyRect=@0x7fff176c8be0)
    at ./../base/nsDisplayList.h:862
#33 0x00007fd90ce969f0 in nsDisplayList::Paint (this=<value optimized out>, aBuilder=0x7fff176c8e50, aCtx=0x2ba6f40, aDirtyRect=@0x7fff176c8be0)
    at nsDisplayList.cpp:296
Comment 3 Benjamin Otte 2008-08-16 03:54:39 UTC
Is this a duplicate of bug 16717 maybe?
As in: Does the patch in that bug fix this crasher?
Comment 4 Riccardo Magliocchetti 2008-08-16 05:06:57 UTC
(In reply to comment #3)
> Is this a duplicate of bug 16717 maybe?
> As in: Does the patch in that bug fix this crasher?

Good catch, it does fix the crash here. Sergio Rafael, Pekka can you confirm too?

Comment 5 Riccardo Magliocchetti 2008-08-16 09:52:52 UTC
The patch works for Pekka too, closing as dup.

*** This bug has been marked as a duplicate of bug 16717 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.