notfound 833532 1:45.2.0-2~deb7u1
notfound 833532 1:45.2.0-2
severity 833532 serious
retitle 833532 icedove crashs if calendar-google-provider is installed
retitle 833591 calendar-google-provider causes crash of icedove
thanks
Hello Bastian, hello Andreas,
Dear reporters,
On Sun, Aug 07, 2016 at 03:28:39PM +0200, Bastian Venthur wrote:
> Package: icedove
> Version: 1:45.2.0-2+b1
>
> Hi,
>
> I can confirm this bug. Temporarily disabling the iceowl extension
> solves the problem.
iceowl-extension isn't the real problem.
I was able to reproduce the issue here. The crash is happen if
calendar-google-provider is installed and the last Icedove version from
unstable (1:45.2.0-2+b1) is getting used.
I got a backtrace that shows a null pointer issue in the JIT compiler
part.
> Thread 1 "icedove-bin" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff3e007a1 in js::jit::SnapshotIterator::numAllocations
> (this=0x7fffffff6790) at ./mozilla/js/src/jit/JitFrames.cpp:2159
> 2159 ./mozilla/js/src/jit/JitFrames.cpp: No such file or directory.
> (gdb) thread apply all bt
>
> Thread 68 (Thread 0x7fffbd9fe700 (LWP 31823)):
> #0 0x00007ffff7bc909f in pthread_cond_wait@@GLIBC_2.3.2 () from
> /lib/x86_64-linux-gnu/libpthread.so.0
> #1 0x00007ffff5ea2d70 in PR_WaitCondVar () from
> /usr/lib/x86_64-linux-gnu/libnspr4.so
> ...
> Thread 1 (Thread 0x7ffff7fce740 (LWP 31752)):
> #0 0x00007ffff3e007a1 in js::jit::SnapshotIterator::numAllocations
> (this=0x7fffffff6790) at ./mozilla/js/src/jit/JitFrames.cpp:2159
> #1 js::jit::IonFrameStackDepthOp::IonFrameStackDepthOp (frame=...,
> this=<optimized out>) at ./mozilla/js/src/jit/JitFrames.cpp:421
> #2 js::jit::TryNoteIterIon::TryNoteIterIon (frame=..., cx=0x7fffdc21c400,
> this=0x7fffffff6750) at ./mozilla/js/src/jit
The value 'frame' that's given to IonFrameStackDepthOp() is empty and
points nothere.
It looks like the GCC 6 is optimizing more pointers out, packages with
GCC 5 compiled are working.
> 412 class IonFrameStackDepthOp
> 413 {
> 414 uint32_t depth_;
> 415
> 416 public:
> 417 explicit IonFrameStackDepthOp(const InlineFrameIterator& frame) {
> 418 uint32_t base = NumArgAndLocalSlots(frame);
> 419 SnapshotIterator si = frame.snapshotIterator();
> 420 MOZ_ASSERT(si.numAllocations() >= base);
> 421 depth_ = si.numAllocations() - base;
> 422 }
> 423
> 424 uint32_t operator()() { return depth_; }
> 425 };
As we already added some additional CFLAGS/CXXFLAGS [1] to the build due
some gcc-6 restrictions we need probably more additional CFLAGS/CXXFLAGS
here. We have to investigate more.
[1]
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/?id=83bdcdf69ddd9cf965d82044dbf05d9d9c36b849
Regards
Carsten
