Closed
Bug 526848
Opened 15 years ago
Closed 15 years ago
Firefox 3.5.4, 3.5.5, 3.6b1 solaris x86 contrib builds crash on pages with font info
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: aaron, Assigned: ginnchen+exoracle)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
4.95 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.1) Gecko/20090625 Firefox/3.5 Build Identifier: ftp://ftp.mozilla.org/pub/firefox/releases/3.5.5/contrib/solaris_tarball/firefox-3.5.5.en-US.solaris-10-fcs-i386.tar.bz2 I have been using Firefox 3.5 and tried to upgrade to 3.5.4. It more or less works unless I try to browse a page with embedded fonts. If I visit any page that tries to download a font for use in the page, firefox crashes with a stack as below. The xterm shows some error messages which are also below. Seems the reason it was not crashing in 3.5 might have been due to bug 505678 which was fixed in 3.5.3. ** Pango:ERROR:pangofc-fontmap.c:1592:pango_fc_font_description_from_pattern: assertion failed: (res == FcResultMatch) ./run-mozilla.sh: line 131: 17440 Abort "$prog" ${1+"$@"} gmem.c:136: failed to allocate 12 bytes current thread: t@1 [1] __lwp_kill(0x1, 0x6), at 0xfed95f85 [2] _thr_kill(0x1, 0x6), at 0xfed92dfe [3] raise(0x6), at 0xfed411cb [4] abort(0xfc28e820, 0xfc1c8b4f, 0x27, 0x670000e6, 0x2e6d656d, 0x33313a63), at 0xfed21580 =>[5] g_logv(log_domain = 0xfc273f30 "GLib", log_level = G_LOG_LEVEL_ERROR, format = 0xfc273f38 "%s: failed to allocate %u bytes", args1 = 0x803a5dc), line 497 in "gmessages.c" [6] g_log(log_domain = 0xfc273f30 "GLib", log_level = G_LOG_LEVEL_ERROR, format = 0xfc273f38 "%s: failed to allocate %u bytes", ... = 0xfc29c26c, ...), line 517 in "gmessages.c" [7] g_malloc(n_bytes = 12U), line 136 in "gmem.c" [8] g_slice_alloc(mem_size = 12U), line 824 in "gslice.c" [9] g_string_sized_new(dfl_size = 2U), line 378 in "gstring.c" [10] g_string_new(init = (nil)), line 404 in "gstring.c" [11] g_log_default_handler(log_domain = 0xfc273f30 "GLib", log_level = 6, message = 0xf4587820 "gmem.c:136: failed to allocate 16 bytes", unused_data = (nil)), line 898 in "gmessages.c" [12] g_logv(log_domain = 0xfc273f30 "GLib", log_level = G_LOG_LEVEL_ERROR, format = 0xfc273f38 "%s: failed to allocate %u bytes", args1 = 0x803ab78), line 474 in "gmessages.c" [13] g_log(log_domain = 0xfc273f30 "GLib", log_level = G_LOG_LEVEL_ERROR, format = 0xfc273f38 "%s: failed to allocate %u bytes", ... = 0xfc29c26c, ...), line 517 in "gmessages.c" [14] g_malloc(n_bytes = 16U), line 136 in "gmem.c" [15] g_slice_alloc(mem_size = 16U), line 824 in "gslice.c" [16] g_hash_table_insert_internal(hash_table = 0xf4587790, key = 0x74, value = 0xe464d268, keep_new_key = 0), line 762 in "ghash.c" [17] g_hash_table_insert(hash_table = 0xf4587790, key = 0x74, value = 0xe464d268), line 798 in "ghash.c" [18] shaper_font_cache_insert(0xe8ab7c10, 0x74, 0xf7575890, 0xe6209b00, 0x0, 0x0), at 0xfb6ee286 [19] get_shaper_and_font(0x803acec, 0x74, 0x803acb8, 0x803acb4, 0x0, 0x0), at 0xfb6ef205 [20] itemize_state_process_run(0x803acec, 0x0), at 0xfb6ef89d [21] pango_itemize_with_base_dir(0xf4587700, 0x0, 0x803eef8, 0x0, 0x1b, 0x0, 0x0, 0xfdb74f78), at 0xfb6efca9 [22] gfxPangoFontGroup::CreateGlyphRunsItemizing(0xe6209630, 0xe8ee2b00, 0x803eef8, 0x1b, 0x3, 0x1300281, 0x803ed5c, 0xfdb7ae15), at 0xfdb7c853 [23] gfxPangoFontGroup::InitTextRun(0xe6209630, 0xe8ee2b00, 0x803eef8, 0x1b, 0x3, 0x1, 0x40, 0x0), at 0xfdb7b10e [24] gfxPangoFontGroup::MakeTextRun(0xe6209630, 0x803eff0, 0x18, 0x803f544, 0x1300281, 0x2, 0x1, 0x803f538), at 0xfdb7aa68 [25] TextRunWordCache::MakeTextRun(0xf7c82400, 0x8040a50, 0x18, 0xe6209630, 0x80409e4, 0x1300280, 0xfef859b6, 0xfdb6fc8c), at 0xfdb6f091 [26] gfxTextRunWordCache::MakeTextRun(0x8040a50, 0x18, 0xe6209630, 0x80409e4, 0x1300280, 0xfde1593c, 0x803f60c, 0xfcd7680e), at 0xfdb6fcb5 [27] MakeTextRun(0x8040a50, 0x18, 0xe6209630, 0x80409e4, 0x1300280, 0x8040914, 0x4, 0xfcd7953d), at 0xfcd76879 [28] BuildTextRunsScanner::BuildTextRunForFrames(0x8041ab4, 0x8040a50, 0x23, 0xfcd77c1d), at 0xfcd7a3dd [29] BuildTextRunsScanner::FlushFrames(0x8041ab4, 0x1, 0x0, 0x0), at 0xfcd77d86 [30] BuildTextRuns(0xef644bb0, 0xe6c507cc, 0xe6c50240, 0x8042528), at 0xfcd778fa [31] nsTextFrame::EnsureTextRun(0x8041f84, 0xe6c507cc, 0xef644bb0, 0xe6c50240, 0x8042528, 0x8041f38, 0x2d, 0x1), at 0xfcd7b624 [32] nsTextFrame::Reflow(0xe6c507cc, 0xe16aac00, 0x80422d4, 0x8042224, 0x804236c, 0xe16aac00, 0xffffffff, 0x1), at 0xfcd8d8fb [33] nsLineLayout::ReflowFrame(0x80424e4, 0xe6c507cc, 0x804236c, 0x0, 0x8042370, 0xfde1593c, 0x804236c, 0xfccf8286), at 0xfcd4bdd2 [34] nsBlockFrame::ReflowInlineFrame(0xe6c50240, 0x8042804, 0x80424e4, 0xe6c509e8, 0xe6c507cc, 0x80423f0, 0x0, 0xfccf76b1), at 0xfccf82b5 [35] nsBlockFrame::DoReflowInlineFrames(0xe6c50240, 0x8042804, 0x80424e4, 0xe6c509e8, 0x80426f8, 0x80424d0, 0x1, 0xfccf7425), at 0xfccf7959 [36] nsBlockFrame::ReflowInlineFrames(0xe6c50240, 0x8042804, 0xe6c509e8, 0x80426f8), at 0xfccf752a [37] nsBlockFrame::ReflowLine(0xe6c50240, 0x8042804, 0xe6c509e8, 0x80426f8), at 0xfccf55f1 [38] nsBlockFrame::ReflowDirtyLines(0xe6c50240, 0x8042804, 0x0, 0x0), at 0xfccf4a61 [39] nsBlockFrame::Reflow(0xe6c50240, 0xe16aac00, 0x8042ab8, 0x8042bd4, 0x8042a48, 0xe16aac00, 0x0, 0xfcd00a92), at 0xfccf3409 [40] nsBlockReflowContext::ReflowBlock(0x8042a94, 0x8042bc4, 0x1, 0x8042fe4, 0x0, 0x0, 0xf547efa0, 0x8042bd4, 0x8042a48, 0x8042f64, 0xffffffff, 0x1), at 0xfcd00bb0 [41] nsBlockFrame::ReflowBlockFrame(0xf318ba7c, 0x8042f64, 0xf547efa0, 0x8042e58), at 0xfccf6d7d [42] nsBlockFrame::ReflowLine(0xf318ba7c, 0x8042f64, 0xf547efa0, 0x8042e58), at 0xfccf53cf [43] nsBlockFrame::ReflowDirtyLines(0xf318ba7c, 0x8042f64, 0x0, 0x0), at 0xfccf4a61 [44] nsBlockFrame::Reflow(0xf318ba7c, 0xe16aac00, 0x8043218, 0x8043334, 0x80431a8, 0xe16aac00, 0x0, 0xfcd00a92), at 0xfccf3409 [45] nsBlockReflowContext::ReflowBlock(0x80431f4, 0x8043324, 0x0, 0x8043744, 0x0, 0x1, 0xe08389d4, 0x8043334, 0x80431a8, 0x80436c4, 0xffffffff, 0x1), at 0xfcd00bb0 [46] nsBlockFrame::ReflowBlockFrame(0xf318b5ec, 0x80436c4, 0xe08389d4, 0x80435b8), at 0xfccf6d7d [47] nsBlockFrame::ReflowLine(0xf318b5ec, 0x80436c4, 0xe08389d4, 0x80435b8), at 0xfccf53cf [48] nsBlockFrame::ReflowDirtyLines(0xf318b5ec, 0x80436c4, 0x0, 0x0), at 0xfccf4a61 [49] nsBlockFrame::Reflow(0xf318b5ec, 0xe16aac00, 0x8043978, 0x8043a94, 0x8043908, 0xe16aac00, 0xe726060c, 0xfcd00a92), at 0xfccf3409 [50] nsBlockReflowContext::ReflowBlock(0x8043954, 0x8043a84, 0x1, 0x8043ea4, 0x0, 0x1, 0xf318b91c, 0x8043a94, 0x8043908, 0x8043e24, 0xffffffff, 0x1), at 0xfcd00bb0 [51] nsBlockFrame::ReflowBlockFrame(0xe6927910, 0x8043e24, 0xf318b91c, 0x8043d18), at 0xfccf6d7d [52] nsBlockFrame::ReflowLine(0xe6927910, 0x8043e24, 0xf318b91c, 0x8043d18), at 0xfccf53cf [53] nsBlockFrame::ReflowDirtyLines(0xe6927910, 0x8043e24, 0x1, 0x1), at 0xfccf4a61 [54] nsBlockFrame::Reflow(0xe6927910, 0xe16aac00, 0x8044044, 0x8044084, 0x804425c, 0xe16aac00, 0x8043fdc, 0xfcd0a5be), at 0xfccf3409 [55] nsContainerFrame::ReflowChild(0xe6927658, 0xe6927910, 0xe16aac00, 0x8044044, 0x8044084, 0x0, 0x0, 0x0, 0x804425c, 0x0, 0xffffffff), at 0xfcd0a6bf [56] CanvasFrame::Reflow(0xe6927658, 0xe16aac00, 0x8044294, 0x80442f4, 0x804425c, 0xe16aac00, 0x804420c, 0xfcd0a5be), at 0xfcd37ff8 [57] nsContainerFrame::ReflowChild(0xe69277cc, 0xe6927658, 0xe16aac00, 0x8044294, 0x80442f4, 0x0, 0x0, 0x3, 0x804425c, 0x0, 0xffffffff, 0x0), at 0xfcd0a6bf [58] nsHTMLScrollFrame::ReflowContents(0xe69277cc, 0x8044414, 0x80445a4, 0x0), at 0xfcd2c946 [59] nsHTMLScrollFrame::Reflow(0xe69277cc, 0xe16aac00, 0x80445a4, 0x80445e4, 0x80447d0, 0xe46dd7c0, 0x0, 0x0), at 0xfcd2d187 [60] nsContainerFrame::ReflowChild(0xe6927580, 0xe69277cc, 0xe16aac00, 0x80445a4, 0x80445e4, 0x0, 0x0, 0x0, 0x80447d0, 0x0, 0xffffffff, 0x1), at 0xfcd0a6bf [61] ViewportFrame::Reflow(0xe6927580, 0xe16aac00, 0x80448b4, 0x8044804, 0x80447d0, 0xf528, 0x80447cc, 0xfcce1fbd), at 0xfcd9562b [62] PresShell::DoReflow(0xe16ab400, 0xe6927580, 0x1, 0xfcce23e6), at 0xfcce21a5 [63] PresShell::ProcessReflowCommands(0xe16ab400, 0x1, 0x80449bc, 0xfccdcb3b), at 0xfcce2447 [64] PresShell::DoFlushPendingNotifications(0xe16ab400, 0x4, 0x1, 0xfcce12c0), at 0xfccdcb81 [65] PresShell::WillPaint(0xe16ab400, 0xe466a340, 0xfebde040, 0xfd1bc19d), at 0xfcce12e0 [66] nsViewManager::DispatchEvent(0xe466a340, 0x8044c24, 0x8044aec, 0xfd1b515a), at 0xfd1bcf1d [67] HandleEvent(0x8044c24, 0xfe46f834, 0xe181b120, 0xfd8e822a), at 0xfd1b51d8 [68] nsWindow::DispatchEvent(0xe4eb6e00, 0x8044c24, 0x8044b88, 0xfd8ec59f), at 0xfd8e824a [69] nsWindow::OnExposeEvent(0xe4eb6e00, 0xf7a52a10, 0x8044fd8, 0xfd8f74d2), at 0xfd8ec825 [70] expose_event_cb(0xf7a52a10, 0x8044fd8, 0x0), at 0xfd8f7546 [71] _gtk_marshal_BOOLEAN__BOXED(0xf78640e0, 0x8044dec, 0x2, 0xef61b370, 0x8044e18, 0x0), at 0xfbdbc26f [72] g_closure_invoke(closure = 0xf78640e0, return_value = 0x8044dec, n_param_values = 2U, param_values = 0xef61b370, invocation_hint = 0x8044e18), line 771 in "gclosure.c" [73] signal_emit_unlocked_R(node = 0xf7eaca30, detail = 0, instance = 0xf7a52a10, emission_return = 0x8044ed0, instance_and_params = 0xef61b370), line 3248 in "gsignal.c" [74] g_signal_emit_valist(instance = 0xf7a52a10, signal_id = 53U, detail = 0, var_args = 0x8044f50), line 2987 in "gsignal.c" [75] g_signal_emit(instance = 0xf7a52a10, signal_id = 53U, detail = 0, ... = 0x8044fd8, ...), line 3034 in "gsignal.c" [76] gtk_widget_event_internal(0xf7a52a10, 0x8044fd8), at 0xfbf27b37 [77] gtk_widget_send_expose(0xf7a52a10, 0x8044fd8), at 0xfbf27721 [78] gtk_main_do_event(0x8044fd8, 0x0), at 0xfbdb8809 [79] gdk_window_process_updates_internal(0xe466a460, 0x0), at 0xfbb75a4a [80] gdk_window_process_all_updates(0xfbbecfc0, 0xfbb75719, 0x0, 0x80450a4, 0xfbb4f50d, 0x0), at 0xfbb75c2a [81] gdk_window_update_idle(0x0, 0x0), at 0xfbb75736 [82] gdk_threads_dispatch(0xf0c689a0, 0x0), at 0xfbb4f50d [83] g_idle_dispatch(source = 0xee260800, callback = 0xfbb4f4a0 = &`libgdk-x11-2.0.so.0.1400.5`gdk.c`gdk_threads_dispatch(), user_data = 0xf0c689a0), line 4235 in "gmain.c" [84] g_main_dispatch(context = 0xfe877080), line 2146 in "gmain.c" [85] g_main_context_dispatch(context = 0xfe877080), line 2697 in "gmain.c" [86] g_main_context_iterate(context = 0xfe877080, block = 0, dispatch = 1, self = 0xfe802220), line 2778 in "gmain.c" [87] g_main_context_iteration(context = 0xfe877080, may_block = 0), line 2841 in "gmain.c" [88] nsAppShell::ProcessNextNativeEvent(0xf7e7e830, 0x0, 0x8045258, 0xfd91f882), at 0xfd8fda44 [89] nsBaseAppShell::OnProcessNextEvent(0xf7e7e830, 0xfe84cf10, 0x1, 0x0), at 0xfd91f86d [90] nsThread::ProcessNextEvent(0xfe84cf10, 0x1, 0x80452cc, 0xfda8aa65), at 0xfdaec022 [91] NS_ProcessNextEvent_P(0xfe84cf10, 0x1, 0x8045308, 0xfd91f646), at 0xfda8aa9c [92] nsBaseAppShell::Run(0xf7e7e830, 0xfd696c8c, 0x0, 0xfd698824), at 0xfd91f666 [93] nsAppStartup::Run(0xf7eeecd0, 0xfe8350c8, 0x8045554, 0x0), at 0xfd69884c [94] XRE_main(0x1, 0x80457a4, 0xfe8010c0, 0x2), at 0xfc9c55fa [95] main(0x1, 0x80457a4, 0x80457ac, 0x8050d90), at 0x805114b Reproducible: Always Steps to Reproduce: 1. launch firefox 3.5.4 or later on solaris 10 x86 2. visit the indicated URL 3. wonder why firefox is no longer running Actual Results: crash
Updated•15 years ago
|
Component: General → Layout: Text
Product: Firefox → Core
QA Contact: general → layout.fonts-and-text
Version: unspecified → 1.9.2 Branch
Maybe related to bug 520030?
Reporter | ||
Comment 2•15 years ago
|
||
Maybe... For what it's worth, the Solaris contrib builds seem to contain their own libcairo.so.2.10800.4 .
The contrib builds contains libcairo.so.2.10800.4, but it was built with mozilla internal cairo. I'll take a look.
I didn't recreate the crash on my box. It might be a problem with pango. But I don't know how to fix it. Can you remove $HOME/.mozilla and try again? Can you create a new user on the machine and try again?
Reporter | ||
Comment 5•15 years ago
|
||
I tried this: set home=/home/peromsik/tmp/alt mkdir $home ./firefox -no-remote -ProfileManager I told it to create a new profile, then I pasted the URL for this bug into the URL bar, then I clicked on the URL which shows the bug... and it crashed. This may be relevant: the shell window says... (Gecko:3555): Gdk-WARNING **: shmget failed: error 28 (No space left on device) It says that even before clicking on the URL though.
Reporter | ||
Comment 6•15 years ago
|
||
In case that wasn't clear, the URL I pasted was https://bugzilla.mozilla.org/show_bug.cgi?id=526848 , and the URL I clicked on was the one linked as "URL" from the bugzilla record.
Reporter | ||
Comment 7•15 years ago
|
||
Rebooted the machine, the shmget error no longer appears but it still crashes.
Reporter | ||
Comment 8•15 years ago
|
||
The traceback changed after I rebooted. New traceback attached. Top few levels: =>[1] FcPatternPosition(0xf02cab40, 0xfddc6ba0), at 0xfb7b4181 [2] FcPatternFindElt(0xf02cab40, 0xfddc6ba0), at 0xfb7b424c [3] FcPatternGet(0xf02cab40, 0xfddc6ba0, 0x0, 0x8042a98), at 0xfb7b4f6c [4] FcPatternGetDouble(0xf02cab40, 0xfddc6ba0, 0x0, 0x8042ad8), at 0xfb7b5134 [5] SizeIsAcceptable(0xf02cab40, 0x0, 0x404e0000, 0x190), at 0xfdb75242 [6] gfxFcPangoFontSet::SortPreferredFonts(0x8042c80, 0xf060cd00, 0xf0608d04, 0xf7fe9d4c), at 0xfdb756f1
Reproduced with a machine of Solaris 10 update 3. Not reproducible with a machine of Solaris 10 update 8. Can you give me your 'uname -a' result and 'cat /etc/release' result? Thanks.
Assignee: nobody → ginn.chen
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Reporter | ||
Comment 10•15 years ago
|
||
SunOS willis 5.10 Generic_127112-05 i86pc i386 i86pc Solaris 10 8/07 s10x_u4wos_12b X86 Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 16 August 2007
Reporter | ||
Comment 11•15 years ago
|
||
I've been informed that our IT department is planning to upgrade me to Solaris 10 10/08 tomorrow. (No, I hadn't mentioned this bug to anyone; just interesting timing I guess.) I've confirmed that this crash is not reproducible on another machine that was already upgraded. Thanks, -- Aaron
Assignee | ||
Comment 12•15 years ago
|
||
Install patch 138353/138352 should resolve the issue. It is integrated in Solaris 10U6. I'll add a note in README. Close as INVALID, since it's not a bug of Firefox.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 13•15 years ago
|
||
138353-02 is required to avoid the crash. 119813-08 is required to make these fonts display correctly.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•