[CRASH]Segfault when loading http://www.w3c.org/Graphics/SVG

[hezzel]

DESCRIPTION :
I believe the title say all ...

SYSTEM INFORMATION :

• OS : GNU/Linux (gentoo amd64)
• Firefox Installation
[list]
• Ebuild : www-client/firefox-14.0.1
• USE flags enabled
  • alsa
  • dbus
  • ipc (Use inter-process communication between tabs and plugins)
  • jit
  • libnotify
  • minimal ( Prevent SQK and headers from being installed )
  • system-sqlite (Use system sqlite library with secure-delte enabled)
• USE flags disabled
  • bindist ( Disable official Firefox branding (icons, name) )
  • custom-cflags
  • custom-optimization
  • debug
  • gstreamer
  • pgo (profile guided optimization for GCC)
  • startup-notification
  • wifi
  [/s]
• LINGUAS : fr (Français Language Pack 14.0.1)

[/*]
[*]User-Agent : Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1[/*]
[*]NoScript : 2.5.2[/*][/list]

STEP TO REPRODUCE :

1. Create a new (empty) profile
2. Install NoScript
3. load http://www.w3c.org/Graphics/SVG : using link from another page, direct input into navigation bar, shell command ...

RESULT :
firefox process will segfault near the end of page load

EXPECTED RESULT :
no segfault - obviously

TEMPORARY WORKAROUND :
Disable / Uninstall NoScript. Putting w3c.org in NoScript's white list doesn't help.

[therube]

If you disable/uninstall NoScript & manually disable JavaScript in FF, does it do the same?

[hezzel]

No, it does load without any problem with or without Activate Javascript FF option

[therube]

OK, confirmed, I suppose.
I didn't "fault", I just vanished, just like that, gone.

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20120826 Firefox/16.0 SeaMonkey/2.13a2

[therube]

Actually I did get a crash, just didn't realize it:
https://crash-stats.mozilla.com/report/index/bp-ec363a2e-b834-4b85-bbc3-fd0452120826

[hezzel]

When the page is already in cache (it was previously successfully loaded), there's no more segfault.

STEP TO REPRODUCE :

1. Disable / Uninstall NoScript or start with fresh profile
2. load http://www.w3c.org/Graphics/SVG/
3. Enable or Install NoScript
4. Restart for completing installation
5. load http://www.w3c.org/Graphics/SVG/ (no segfault)
6. Clean FF cache
7. Restart
8. load http://www.w3c.org/Graphics/SVG/ (FF will segfault)

URLs that don't cause segfault :

• http://www.w3c.org/
• http://www.w3c.org/Graphics/
• http://www.w3c.org/Graphics/WebCGM
• http://www.w3c.org/Graphics/PNG/

[therube]

So long as it loads from cache, you're "OK".
But then if you do something like Allow w3c.org, when the page refreshes, it will crash again (so even from cache).

[hezzel]

This is actually the rendering of the page which cause segfault, so it only appends when FF try to "compute" what the page looks like. Allowing or disallowing www.w3c.org in NoScript's invalidate the cache because what's the page should look like has changed : the page is re-rendered.
What it's odd is that faulty part is in FF code: from therube crash report it seems to be a null pointer deref (EXCEPTION_ACCESS_VIOLATION_READ) , but problem only arises while NoScript is enabled (no addons should be allowed to trigger segfault like that IMHO).

[hezzel]

Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=785710

[therube]

(just a bump, Aurora still affected)