I commented on the MP, but I'll copy that here too: "I'm not sure this is going to fix it. From looking at the crash reports, the issue just looks like a classic use-after-free rather than an issue with gobject type casts. In unity_webapps_available_application_get_application_domain, it's most likely the dereferencing of |app| which triggers it ( ((UnityWebappsAvailableApplicationClass *)(((GTypeInstance *)app)->g_class))->get_application_domain(app) )"
In fact, it looks like the bug is here: http://bazaar.launchpad.net/~webapps/libunity- webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps- application-repository.c#L347 unity_webapps_local_url_index_load_applications (index); app = unity_webapps_local_url_index_get_application_by_name (index, name); g_hash_table_replace (data->repository->priv->applications_by_name, g_strdup (name), app); <--- } ... |app| is stored without a reference, so next time a webapp is installed, this app is destroyed when it is replaced here: http://bazaar.launchpad.net/~webapps/libunity- webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps- application-collector.c#L217 app_name = unity_webapps_application_manifest_get_package_name (manifest); app = (UnityWebappsLocalAvailableApplication *) unity_webapps_local_available_application_new (manifest); g_hash_table_replace (collector->priv->found_applications, g_strdup (app_name), g_object_ref (app)); out: if (manifest != NULL) { g_object_unref (G_OBJECT (manifest)); } if (app != NULL) { g_object_unref (G_OBJECT (app)); } return ret; -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libunity-webapps in Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] Status in The Mozilla Firefox Browser: Confirmed Status in WebApps: libunity: In Progress Status in “libunity-webapps” package in Ubuntu: New Bug description: This has increased in frequency a lot since yesterday: https://crash-stats.mozilla.com/report/index/ea964fd9-9aca- 41f8-a1b1-f9ca12121018 Some comments: "Tried to use gmail integration with ubuntu 12.10 and firefox crashed" "opening a google calendar invite link from thunderbird" "I just opened facebook" "I click on view document in the gmail. What different: may be because I installed gmail plugin." Crashing thread: 0 libunity-webapps-repository.so.0.0.0 unity_webapps_available_application_get_application_domain unity-webapps-available-application.c:65 1 libxul.so libxul.so@0x15cc717 2 libxul.so ffi_call ffi64.c:485 3 libxul.so js::ctypes::FunctionType::Call CTypes.cpp:5576 4 libxul.so js::InvokeKernel jscntxtinlines.h:382 5 libxul.so js::Invoke jsinterp.h:119 6 libxul.so js::IndirectProxyHandler::call jsproxy.cpp:442 7 libxul.so js::DirectWrapper::call jswrapper.cpp:383 8 libxul.so js::CrossCompartmentWrapper::call jswrapper.cpp:777 9 libxul.so proxy_Call jsproxy.cpp:1143 10 libxul.so js::InvokeKernel jscntxtinlines.h:382 11 libxul.so js::Interpret jsinterp.cpp:2442 12 libxul.so js::RunScript jsinterp.cpp:301 13 libxul.so js::InvokeKernel jsinterp.cpp:355 14 libxul.so js::Invoke jsinterp.h:119 15 libxul.so js::IndirectProxyHandler::call jsproxy.cpp:442 16 libxul.so js::DirectWrapper::call jswrapper.cpp:383 17 libxul.so js::CrossCompartmentWrapper::call jswrapper.cpp:777 18 libxul.so proxy_Call jsproxy.cpp:1143 19 libxul.so js::InvokeKernel jscntxtinlines.h:382 20 libxul.so js::Interpret jsinterp.cpp:2442 21 libxul.so js::RunScript jsinterp.cpp:301 22 libxul.so js::InvokeKernel jsinterp.cpp:355 23 libxul.so js_fun_apply jsinterp.h:119 24 libxul.so js::InvokeKernel jscntxtinlines.h:382 25 libxul.so js::Interpret jsinterp.cpp:2442 26 libxul.so js::RunScript jsinterp.cpp:301 27 libxul.so js::InvokeKernel jsinterp.cpp:355 28 libxul.so array_forEach jsinterp.h:119 29 libxul.so js::InvokeKernel jscntxtinlines.h:382 30 libxul.so js::Interpret jsinterp.cpp:2442 31 libxul.so js::RunScript jsinterp.cpp:301 32 libxul.so js::InvokeKernel jsinterp.cpp:355 33 libxul.so js_fun_apply jsinterp.h:119 34 libxul.so js::InvokeKernel jscntxtinlines.h:382 35 libxul.so js::Interpret jsinterp.cpp:2442 36 libxul.so js::RunScript jsinterp.cpp:301 37 libxul.so js::InvokeKernel jsinterp.cpp:355 38 libxul.so js::Invoke jsinterp.h:119 39 libxul.so JS_CallFunctionValue jsapi.cpp:5604 40 libxul.so nsXPCWrappedJSClass::CallMethod XPCWrappedJSClass.cpp:1436 41 libxul.so nsXPCWrappedJS::CallMethod XPCWrappedJS.cpp:580 42 libxul.so PrepareAndDispatch xptcstubs_x86_64_linux.cpp:121 43 libxul.so libxul.so@0x10c1d02 44 libxul.so nsDocLoader::FireOnLocationChange nsDocLoader.cpp:1391 45 libxul.so nsDocShell::CreateContentViewer nsDocShell.cpp:7698 46 libxul.so nsDSURIContentListener::DoContent nsDSURIContentListener.cpp:119 47 libxul.so nsDocumentOpenInfo::TryContentListener nsURILoader.cpp:678 48 libxul.so nsDocumentOpenInfo::DispatchContent nsURILoader.cpp:375 49 libxul.so nsDocumentOpenInfo::OnStartRequest nsURILoader.cpp:263 50 libxul.so mozilla::net::nsHttpChannel::CallOnStartRequest nsHttpChannel.cpp:964 51 libxul.so mozilla::net::nsHttpChannel::ContinueProcessNormal nsHttpChannel.cpp:1462 52 libxul.so mozilla::net::nsHttpChannel::ProcessNormal nsHttpChannel.cpp:1397 53 libxul.so mozilla::net::nsHttpChannel::ProcessResponse nsHttpChannel.cpp:1310 54 libxul.so mozilla::net::nsHttpChannel::OnStartRequest nsHttpChannel.cpp:4787 55 libxul.so nsInputStreamPump::OnStateStart nsInputStreamPump.cpp:416 56 libxul.so nsInputStreamPump::OnInputStreamReady nsInputStreamPump.cpp:367 57 libxul.so nsInputStreamReadyEvent::Run nsStreamUtils.cpp:82 58 libxul.so nsThread::ProcessNextEvent nsThread.cpp:624 59 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:217 60 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:116 61 libxul.so MessageLoop::Run message_loop.cc:201 62 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:163 63 libxul.so nsAppStartup::Run nsAppStartup.cpp:257 64 libxul.so XREMain::XRE_mainRun nsAppRunner.cpp:3794 65 libxul.so XREMain::XRE_main nsAppRunner.cpp:3871 66 libxul.so XRE_main nsAppRunner.cpp:3947 67 firefox main nsBrowserApp.cpp:160 68 libc-2.15.so libc-2.15.so@0x2176c 69 libstdc++.so.6.0.17 libstdc++.so.6.0.17@0x2ed5df 70 firefox firefox@0x25ef 71 firefox firefox@0x294f 72 icon-theme.cache icon-theme.cache@0x2c65fff 73 ld-2.15.so ld-2.15.so@0xf3ee To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
