https://bugzilla.novell.com/show_bug.cgi?id=758408
https://bugzilla.novell.com/show_bug.cgi?id=758408#c25
--- Comment #25 from Marcus Meissner 2012-05-16 14:04:15 UTC ---
my findings currently:
#0 0xb57e08f0 in real_save_png (pixbuf=0xad55f1c0, keys=0xbfffbc3c,
values=0xb5ed4391, error=0xb3195700, to_callback=0, f=0x2,
save_func=0xbfffbe1c, user_data=0xbfffbd2c) at io-png.c:912
#1 0xb5ebbd6b in g_closure_invoke (closure=0xb3195700, return_value=0x0,
n_param_values=2, param_values=0xbfffbe1c, invocation_hint=0xbfffbd2c) at
gclosure.c:490
#2 0xb5ecce9d in signal_emit_unlocked_R (node=0xb7b70850, detail=0,
instance=0xb7b45150, emission_return=0x0, instance_and_params=0xbfffbe1c) at
gsignal.c:2440
#3 0xb5ece3a7 in g_signal_emit_valist (instance=0xb7b45150, signal_id=2,
detail=0, var_args=0xbfffc060 "\364/\237\267@\300", ) at gsignal.c:2199
#4 0xb5ece575 in g_signal_emit (instance=0xb7b45150, signal_id=2, detail=0) at
gsignal.c:2243
#5 0xb5a8d6c6 in IA__gdk_display_close (display=0xb7b45150) at
gdkdisplay.c:185
#6 0xb673182e in MOZ_gdk_display_close (display=0xb7b45150) at
/usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:2525
#7 0xb67339ad in XRE_main (argc=1, argv=0xbfffe684, aAppData=0xbfffe684) at
/usr/src/debug/mozilla/toolkit/xre/nsAppRunner.cpp:3617
#8 0x08049a32 in do_main (argc=-1073748348, argv=0xbfffe52c) at
/usr/src/debug/mozilla/browser/app/nsBrowserApp.cpp:198
#9 main (argc=-1073748348, argv=0xbfffe52c) at
/usr/src/debug/mozilla/browser/app/nsBrowserApp.cpp:281
(gdb) x /x $esp
0xbfffbbdc: 0xb5ec9179
(gdb) x /i 0xb5ec9179
0xb5ec9179 : mov -0xc(%ebp),%ebx
(gdb) x /10i 0xb5ec9179-20
0xb5ec9165 : adc $0x89,%al
0xb5ec9167 : inc %esp
0xb5ec9168 : and $0x8,%al
0xb5ec916a : mov 0x18(%edx),%eax
0xb5ec916d : mov %eax,0x4(%esp)
0xb5ec9171 : mov -0x10(%ebp),%eax
0xb5ec9174 : mov %eax,(%esp)
0xb5ec9177 : call *%esi
0xb5ec9179 : mov -0xc(%ebp),%ebx
<<<<<<<<<<<<<<<<<<<<< we are here
0xb5ec917c : mov -0x8(%ebp),%esi
(gdb) list *0xb5ec9179
0xb5ec9179 is in g_cclosure_marshal_VOID__BOOLEAN (gmarshal.c:114).
109 callback = (GMarshalFunc_VOID__BOOLEAN) (marshal_data ? marshal_data
: cc->callback);
110
111 callback (data1,
112 g_marshal_value_peek_boolean (param_values + 1),
113 data2);
114 }
115
(gdb) down
#1 0xb5ebbd6b in g_closure_invoke (closure=0xb3195700, return_value=0x0,
n_param_values=2, param_vaparam_values=0xbfffbe1c, invocation_hint=0xbfffbd2c)
at gclosure.c:490
490 marshal (closure,
(gdb) print ((GCClosure*)closure)->callback
$10 = (gpointer) 0xb57e08f0
(gdb) x /i ((GCClosure*)closure)->callback
0xb57e08f0 : lock mov %eax,(%esp)
So the closure cleanup code jumps directly into the middle of the png
plugin code, expecting some other code to be there. Either the previous
closure was not called correctly, or some other parts of the cleanup
did not work.
It is not clear what closure this is to me :(
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.