Closed Bug 768462 Opened 12 years ago Closed 12 years ago

SIGSEGV in gfxFont.cpp

Categories

(Firefox :: General, defect)

13 Branch
x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: sadsaddle, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1
Build ID: 20120615050910

Steps to reproduce:

browsing in multiple tabs


Actual results:

Program received signal SIGSEGV, Segmentation fault.
0xb70d0ac8 in gfxFont::ShapeWord (this=0x98e361b0, aContext=0x96d96f60, 
    aShapedWord=0x9519fca0, aText=0xbfff2aa8, aPreferPlatformShaping=false)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:2037
2037	/build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp: No such file or directory.
	in /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp

(gdb) bt full
#0  0xb70d0ac8 in gfxFont::ShapeWord (this=0x98e361b0, aContext=0x96d96f60, 
    aShapedWord=0x9519fca0, aText=0xbfff2aa8, aPreferPlatformShaping=false)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:2037
        ok = <value optimized out>
#1  0xb70d08c8 in gfxFont::GetShapedWord<unsigned char> (this=0x98e361b0, 
    aContext=0x96d96f60, aText=0xbfff43dc "Ken Caryl, CO", aLength=3, 
    aHash=19774, aRunScript=25, aAppUnitsPerDevUnit=50, aFlags=32)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:1967
        utf16 = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {
                mData = 0xbfff2aa8, mLength = 3, 
                mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, 
            mFixedBuf = 0xbfff2aa8}, mStorage = {75, 101, 110, 0, 20, 0, 
            55496, 46980, 22399, 46862, 54310, 46860, 5667, 46862, 55496, 
            46980, 11148, 49151, 26523, 46862, 11008, 49151, 25008, 39139, 
            25008, 39139, 25008, 39139, 11292, 49151, 25008, 39139, 2136, 
            45811, 38720, 44384, 11280, 49151, 1, 0, 0, 0, 17409, 46861, 0, 0, 
            0, 0, 1, 0, 32262, 46684, 0, 0, 11280, 49151, 25008, 39139, 55496, 
            46980, 12, 0, 11280, 49151}}
        key = {mText = {mSingle = 0xbfff43dc "Ken Caryl, CO", 
            mDouble = 0xbfff43dc}, mLength = 3, mFlags = 32, mScript = 25, 
          mAppUnitsPerDevUnit = 50, mHashKey = 2129751, mTextIs8Bit = true}
        entry = 0xbfff43dc
        sw = 0x9519fca0
#2  0xb70d26cb in gfxFont::SplitAndInitTextRun<unsigned char> (
    this=0x98e361b0, aContext=0x96d96f60, aTextRun=0x9579fca0, 
    aString=0xbfff43dc "Ken Caryl, CO", aRunStart=0, aRunLength=13, 
    aRunScript=25)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:2155
        wordFlags = 32
        sw = <value optimized out>
        boundary = <value optimized out>
        invalid = false
        length = <value optimized out>
        breakHere = <value optimized out>
        ch = 32 ' '
        i = <value optimized out>
        flags = 3221171228
---Type <return> to continue, or q <return> to quit---
        hash = <value optimized out>
        appUnitsPerDevUnit = 32
        nextCh = 67 'C'
        text = 0x3 <Address 0x3 out of bounds>
        wordStart = <value optimized out>
        wordIs8Bit = true
#3  0xb70d5184 in gfxFontGroup::InitScriptRun<unsigned char> (this=0x9a9a2b00, 
    aContext=0x96d96f60, aTextRun=0x9579fca0, 
    aString=0xbfff43dc "Ken Caryl, CO", aScriptRunStart=0, aScriptRunEnd=13, 
    aRunScript=25)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:3255
        range = @0x8fce3ca0
        matchedLength = 13
        matchedFont = <value optimized out>
        r = 0
        mainFont = 0x0
        runStart = 0
        fontRanges = {<nsAutoArrayBase<nsTArray<gfxTextRange, nsTArrayDefaultAllocator>, 3u>> = {<nsTArray<gfxTextRange, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                mHdr = 0xbfff2c14}, <nsTArray_SafeElementAtHelper<gfxTextRange, nsTArray<gfxTextRange, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
              mAutoBuf = "\001\000\000\000\003\000\000\200\000\000\000\000\r\000\000\000\260a\343\230\001", '\000' <repeats 11 times>, "\001\000\000\000\000\000\000\000|\037\212\267\000\000\000\000d,\377\277\000\000\000", mAlign = {
                elem = 1 '\001'}}}, <No data fields>}
        numRanges = 13
#4  0xb70d53ba in gfxFontGroup::InitTextRun<unsigned char> (this=0x9a9a2b00, 
    aContext=0x96d96f60, aTextRun=0x9579fca0, 
    aString=0xbfff43dc "Ken Caryl, CO", aLength=13)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont.cpp:3156
        numOption = 0
        transformedString = {mRawPtr = 0x0}
#5  0xb70d56d3 in gfxFontGroup::MakeTextRun (this=0x9a9a2b00, 
    aString=0xbfff43dc "Ken Caryl, CO", aLength=13, aParams=0xbfff3050, 
    aFlags=<value optimized out>)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/gfx/thebes/gfxFont---Type <return> to continue, or q <return> to quit---
.cpp:3080
        textRun = <value optimized out>
#6  0xb67c6cc2 in MakeTextRun<unsigned char> (
    aText=0xbfff43dc "Ken Caryl, CO", aLength=13, aFontGroup=0x9a9a2b00, 
    aParams=0xbfff3050, aFlags=17826080)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:560
        textRun = {mRawPtr = 0xb67c618d}
        rv = <value optimized out>
#7  0xb67c897a in BuildTextRunsScanner::BuildTextRunForFrames (
    this=0xbfff548c, aTextBuffer=<value optimized out>)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:1985
        text = 0xbfff43dc "Ken Caryl, CO"
        anySmallcapsStyle = false
        textBreakPoints = {<nsAutoArrayBase<nsTArray<int, nsTArrayDefaultAllocator>, 50u>> = {<nsTArray<int, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                mHdr = 0xbfff42ac}, <nsTArray_SafeElementAtHelper<int, nsTArray<int, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
              mAutoBuf = "\001\000\000\000\062\000\000\200\000\000\000\000\310\330\204\267\325\004Ķ\240\275\200\257`K\377\277 \034\000\000J\354x\266\240\275\200\257`K\377\277\000\000\000\000 \034\000\000\022\000\000\000\020D\377\277\000\000\000\000\000\000\000\000\020,g\236\022\000\000\000\210.\371\244\000\000\000\000(C\377\277\070C\377\277\020,g\236\310\330\204\267\001\000\000\000\230\276\200\257`K\377\277n\352x\266\230\276\200\257\022\000\000\000`K\377\277\300\353x\266\240\275\200\257`K\377\277\000\000\000\000\234\017n\266\230\276\200\257\022\000\000\000\070\274\256\257\070\274\256\257\020,g\236\020D\377\277\230\276\200\257u\022\200\266\270\365\a\251\030\360\250\245\001\000\000\000\310\330\204\267\320C\377\277\r\000\000\000\320C\377\277", mAlign = {elem = 1 '\001'}}}, <No data fields>}
        currentTransformedTextOffset = 13
        finalUserData = 0x9523e910
        textPtr = 0x9523e910
        userDataToDestroy = 0x0
        nextBreakIndex = 1
        firstFrame = 0x9523e910
        builder = {
          mBuffer = {<nsAutoArrayBase<FallibleTArray<unsigned char>, 256u>> = {<FallibleTArray<unsigned char>> = {<nsTArray<unsigned char, nsTArrayFallibleAllocator>> = {<nsTArray_base<nsTArrayFallibleAllocator>> = {
---Type <return> to continue, or q <return> to quit---
                    mHdr = 0xbfff40c0}, <nsTArray_SafeElementAtHelper<unsigned char, nsTArray<unsigned char, nsTArrayFallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, {
                mAutoBuf = "\000\000\000\000\000\001\000\200\001\000\000\000\000\000\000\000\022\000\000\000\001\000\000\000\300}8\256\212\022\200\266\370\201\032\245\001\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\240\275\200\257 J\377\277\325\004Ķ\300}8\256`K\377\277 \034\000\000J\354x\266\300}8\256`K\377\277\000\000\000\000 \034\000\000\022\000\000\000\020D\377\277\000\000\000\000\000\000\000\000\210*g\236\022\000\000\000\310\022\b\251\000\000\000\000\200D\300\244\070\274\256\257\210*g\236\310\330\204\267\001\000\000\000 \177\070\256`K\377\277n\352x\266 \177\070\256\022\000\000\000`K\377\277\300\353x\266\300}8\256`K\377\277\000\000\000\000 \034\000\000 \177\070\256\022\000\000\000\370\201\032\245\370\201\032\245\210*g\236\020D\377\277 \177\070\256u\022\200\266\020\353\301\244\310\001~\246\001\000\000\000\000\000\000\000\022\000\000\000\000 |@\250&\247\257\212\022\200\266\310\001~\246\001\000\000", mAlign = {
                  elem = 0 '\000'}}}, <No data fields>}, mCharCount = 0, 
          mRunCharCount = 0, mRunSkipped = false, mInErrorState = false}
        userData = <value optimized out>
        fontGroup = 0xbfff3078
        textFlags = 17826080
        i = <value optimized out>
        transformedLength = 13
        textBreakPointsAfterTransform = {<nsAutoArrayBase<nsTArray<unsigned int, nsTArrayDefaultAllocator>, 50u>> = {<nsTArray<unsigned int, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                mHdr = 0xbfff41d8}, <nsTArray_SafeElementAtHelper<unsigned int, nsTArray<unsigned int, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
              mAutoBuf = "\002\000\000\000\062\000\000\200\000\000\000\000\r\000\000\000 \034\000\000J\354x\266 \177\070\256`K\377\277\000\000\000\000 \034\000\000\022\000\000\000\020D\377\277\000\000\000\000\000\000\000\000\240+g\236\022\000\000\000\330?\367\244\000\000\000\000\000\360R\264\004Z\240\216\240+g\236\310\330\204\267\001\000\000\000\240\275\200\257`K\377\277n\352x\266\240\275\200\257\022\000\000\000`K\377\277\300\353x\266 \177\070\256`K\377\277\000\000\000\000 \034\000\000\240\275\200\257\022\000\000\000\310\001~\246\310\001~\246\240+g\236\020D\377\277\240\275\200\257u\022\200\266\200D\300\244\070\274\256\257\001\000\000\000\000\000\000\000\022\000\000\000\000\000\000\000\240\275\200\257\212\022\200\266\070\274\256\257\001\000\000", mAlign = {
                elem = 2 '\002'}}}, <No data fields>}
        styles = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
---Type <return> to continue, or q <return> to quit---
            mHdr = 0xb78a1c60}, <nsTArray_SafeElementAtHelper<nsStyleContext*, nsTArray<nsStyleContext*, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}
        dummyData = {mMappedFlows = 0xbfff3078, mMappedFlowCount = 1, 
          mLastFlowIndex = 0}
        dummyMappedFlow = {mStartFrame = 0x9523e910, 
          mDOMOffsetToBeforeTransformOffset = 0, mContentLength = 13}
        enabledJustification = false
        fontStyle = 0x955abb18
        lastStyleContext = 0x951d02c0
        iter = {mSkipChars = 0xbfff3068, mOriginalStringOffset = 0, 
          mSkippedStringOffset = 0, mOriginalStringToSkipCharsOffset = 0, 
          mListPrefixLength = 0, mListPrefixCharCount = 0, 
          mListPrefixKeepCharCount = 0}
        transformingFactory = {mRawPtr = 0x0}
        flags = <value optimized out>
        textStyle = 0x951cf9f0
        textRun = <value optimized out>
        params = {mContext = 0x96d96f60, mUserData = 0x9523e910, 
          mSkipChars = 0xbfff3068, mInitialBreaks = 0xbfff41e0, 
          mInitialBreakCount = 2, mAppUnitsPerDevUnit = 50}
        anyTextTransformStyle = false
        nextBreakBeforeFrame = 0x9a9a2b00
        skipChars = {mList = {mRawPtr = 0x0}, mShortcuts = {mRawPtr = 0x0}, 
          mListLength = 0, mCharCount = 0}
#8  0xb67c8c90 in BuildTextRunsScanner::FlushFrames (this=0xbfff548c, 
    aFlushLineBreaks=true, aSuppressTrailingBreak=false)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:1397
        buffer = {<nsAutoArrayBase<FallibleTArray<unsigned char>, 4096u>> = {<FallibleTArray<unsigned char>> = {<nsTArray<unsigned char, nsTArrayFallibleAllocator>> = {<nsTArray_base<nsTArrayFallibleAllocator>> = {
                  mHdr = 0xbfff43d4}, <nsTArray_SafeElementAtHelper<unsigned char, nsTArray<unsigned char, nsTArrayFallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, {
              mAutoBuf = "\r\000\000\000\000\020\000\200Ken Caryl, CO\000\000\000\310\330\204\267\001\000\000\000x\300\254\257`K\377\277n\352x\266x\300\254\257\022\000\000\000`K\377\277\300\353x\266\230\276\200\257`K\377\277\000\000\000\000 \034\000\000x\300\254\257\022\000\000\000\070(|\246\070(|\246\240\367}\222\000\000\000\000x\300\254\257u\022\200\266\300#|\246@\374\250\245\001\000\000\000\000---Type <return> to continue, or q <return> to quit---
\000\000\000\240\367}\222\020\000\000\000x\300\254\257\212\022\200\266@\374\250\245\001\000\000\000\001\000\000\000\000\000\000\000x\367}\222\210\361}\222\001\000\000\000\325\004Ķx\300\254\257`K\377\277\000\000\000\000J\354x\266x\300\254\257`K\377\277\000\000\000\000\000\000\000\000\022\000\000\000\314D\377\277@\350@\261\325\004Ķ\240\367}\222XE\377\277\000\000\000\000\321\063\373\267\030ʯ\267\002\000\000\000\350D\377\277\321\063\373\267\030ʯ\267\002\000\000\000\370D\377\277\266\376u\266\001\000\000\000\030ʯ\267\370D\377\277pͭ\267y5\257\267\030ʯ\267\bE\377\277pͭ\267\310\330\204\267\224F*\230\350E\377\277\310\330\204\267\020\024\255\256\250E\377\277\350E\377\277{5u\266\200פ\256\000\000\000\000\250E\377\277K\000"..., mAlign = {elem = 13 '\r'}}}, <No data fields>}
        bufferSize = <value optimized out>
        textRun = 0x0
#9  0xb67c9245 in BuildTextRuns (aContext=<value optimized out>, 
    aForFrame=<value optimized out>, aLineContainer=<value optimized out>, 
    aForFrameLine=0xbfff5de0, aWhichTextRun=nsTextFrame::eInflated, 
    aInflation=1)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:1325
        isValid = true
        backIterator = {mFrame = 0x0, mLine = {mCurrent = 0x9523e958}, 
          mInOverflowLines = 0x0}
        stopAtFrame = 0x9523e910
        mayBeginInTextRun = <value optimized out>
        lineContainerChild = 0x9523e910
        block = <value optimized out>
        forwardIterator = {mFrame = 0x0, mLine = {mCurrent = 0x9523e874}, 
          mInOverflowLines = 0x0}
        nextLineFirstTextFrame = <value optimized out>
        seenTextRunBoundaryOnLaterLine = true
        seenStartLine = true
        linesAfterStartLine = 1
        scanner = {
          mMappedFlows = {<nsAutoArrayBase<nsTArray<BuildTextRunsScanner::MappedFlow, nsTArrayDefaultAllocator>, 10u>> = {<nsTArray<BuildTextRunsScanner::MappedFlow, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                  mHdr = 0xbfff5490}, <nsTArray_SafeElementAtHelper<BuildTextRunsScanner::MappedFlow, nsTArray<BuildTextRunsScanner::MappedFlow, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                mAutoBuf = "\001\000\000\000\n\000\000\200\020\351#\225\000\000\---Type <return> to continue, or q <return> to quit---
000\000\000\000\000\000\330T\377\277\030U\377\277ے\246\266PeҨ\b\000\000\000\330T\377\277\030U\377\277t\360R\264\262\306\b\267\310\330\204\267\020\067\066\256\304\323\377\250\004\000\000\000\000\000\000\000\340T\377\277", '\000' <repeats 16 times>"\340, T\377\277\340T\377\277\320\002\000\000\270>\000\000\060!\000\000<\000\000\000\320\002\000\000\270>\000", mAlign = {
                  elem = 1 '\001'}}}, <No data fields>}, 
          mLineBreakBeforeFrames = {<nsAutoArrayBase<nsTArray<nsTextFrame*, nsTArrayDefaultAllocator>, 50u>> = {<nsTArray<nsTextFrame*, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                  mHdr = 0xbfff5514}, <nsTArray_SafeElementAtHelper<nsTextFrame*, nsTArray<nsTextFrame*, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                mAutoBuf = "\001\000\000\000\062\000\000\200\020\351#\225\060!\000\000<", '\000' <repeats 11 times>"\230, U\377\277\250U\377\277\360w8\256\300\277x\266PeҨ\020\067\066\256\230U\377\277پx\266\350\033m\236\340\033m\236\000\000\000\000\016&q\266\000\000\000\000\000\000\000\000\360w8\256\350\225x\266\254L\373\250\360w8\256Tj^\267\000\000\000\000\300\323\377\250\000\000\000\000 \034\000\000\277\256x\266\000l\210\257@]\377\277\320\002\000\000\270>\000\000\060!\000\000<\000\000\000\254L\373\250\360w8\256\360w8\256\314\006\000\000\325\374t\266\310\330\204\267\000L\373\250\000V\377\277\360w8\256\227\066}\266\360w8\256\000V\377\277\022\000\000\000\000\000\000\000x\354\301\244", mAlign = {
                  elem = 1 '\001'}}}, <No data fields>}, 
          mBreakSinks = {<nsAutoArrayBase<nsTArray<nsAutoPtr<BuildTextRunsScanner::BreakSink>, nsTArrayDefaultAllocator>, 10u>> = {<nsTArray<nsAutoPtr<BuildTextRunsScanner::BreakSink>, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                  mHdr = 0xbfff55e8}, <nsTArray_SafeElementAtHelper<nsAutoPtr<BuildTextRunsScanner::BreakSink>, nsTArray<nsAutoPtr<BuildTextRunsScanner::BreakSink>, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                mAutoBuf = "\000\000\000\000\n\000\000\200\230\276\200\257@]\377\277\000\000\000\000 \034\000\000\320\002\000\000\270>\000\000\060!\000\000<\000\000\000\001\000\000\000\300}8\256", mAlign = {
                  elem = 0 '\000'}}}, <No data fields>}, 
          mTextRunsToDelete = {<nsAutoArrayBase<nsTArray<gfxTextRun*, nsTArrayDefaultAllocator>, 5u>> = {<nsTArray<gfxTextRun*, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                  mHdr = 0xbfff561c}, <nsTArray_SafeElementAtHelper<gfxTextRun*, nsTArray<gfxTextRun*, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                mAutoBuf = "\000\000\000\000\005\000\000\200\022\000\000\000\000a\3---Type <return> to continue, or q <return> to quit---
77\277\300\353x\266\360w8\256\000a\377\277", mAlign = {
                  elem = 0 '\000'}}}, <No data fields>}, mLineBreaker = {
            mCurrentWord = {<nsAutoArrayBase<nsTArray<unsigned short, nsTArrayDefaultAllocator>, 100u>> = {<nsTArray<unsigned short, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                    mHdr = 0xbfff563c}, <nsTArray_SafeElementAtHelper<unsigned short, nsTArray<unsigned short, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                  mAutoBuf = "\000\000\000\000d\000\000\200\022\000\000\000x\354\301\244x\354\301\244\210.\371\244\001\000\000\000\300}8\256u\022\200\266h]3\242\370\201\032\245\001\000\000\000\000\000\000\000x\300\254\257@]\377\277\300}8\256\212\022\200\266\370\201\032\245\001\000\000\000\001\000\000\000\000\000\000\000\022\000\000\000\000\000\000\000\360w8\256\061\000\000\000 2¤\177\000\000\000\034\"\005\267\200L\361\250\204\202엀\000\000\000 2¤\323'\005\267\001\000\000\000\200L\361\250@]\377\277\300\353x\266x\300\254\257@]\377\277\000\000\000\000\200L\361\250\200\202\354\227\000\000\000\000LW\377\277\365\341\217\266\204\202에\330\370\216 2¤i'\005\000\000\000\000\000\200L\361\250\000a\377\277", 
                  mAlign = {elem = 0 '\000'}}}, <No data fields>}, 
            mTextItems = {<nsAutoArrayBase<nsTArray<nsLineBreaker::TextItem, nsTArrayDefaultAllocator>, 2u>> = {<nsTArray<nsLineBreaker::TextItem, nsTArrayDefaultAllocator>> = {<nsTArray_base<nsTArrayDefaultAllocator>> = {
                    mHdr = 0xbfff5710}, <nsTArray_SafeElementAtHelper<nsLineBreaker::TextItem, nsTArray<nsLineBreaker::TextItem, nsTArrayDefaultAllocator> >> = {<No data fields>}, <No data fields>}, {
                  mAutoBuf = "\000\000\000\000\002\000\000\200\r\000\000\000\t<\216\266\220\330\370\216LW\377\277@R[\264\200Q\026\225\026\026|\266\000\000\000", mAlign = {elem = 0 '\000'}}}, <No data fields>}, mCurrentWordLangGroup = 0x0, 
            mCurrentWordContainsMixedLang = false, 
            mCurrentWordContainsComplexChar = false, 
            mAfterBreakableSpace = false, mBreakHere = false}, 
          mCurrentFramesAllSameTextRun = 0x0, mContext = 0x96d96f60, 
          mLineContainer = 0x9523e828, mLastFrame = 0x9523e910, 
          mCommonAncestorWithLastFrame = 0x9523e828, mMaxTextLength = 13, 
          mInflation = 1, mDoubleByteText = false, mBidiEnabled = true, 
          mStartOfLine = true, mSkipIncompleteTextRuns = false, 
          mCanStopOnThisLine = false, mWhichTextRun = nsTextFrame::eInflated, 
          mNextRunContextInfo = 0 '\000', mCurrentRunContextInfo = 0 '\000'}
#10 0xb67c9352 in nsTextFrame::EnsureTextRun (this=0x9523e910, 
    aWhichTextRun=nsTextFrame::eInflated, aInflation=1, 
    aReferenceContext=0x96d96f60, aLineContainer=0x9523e828, aLine=0xbfff5de0, 
---Type <return> to continue, or q <return> to quit---
    aFlowEndInTextRun=0xbfff5a78)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:2391
        ctx = {mRawPtr = 0x96d96f60}
        textRun = <value optimized out>
        userData = <value optimized out>
        flow = <value optimized out>
        emptySkipChars = {mList = {mRawPtr = 0x0}, mShortcuts = {
            mRawPtr = 0x0}, mListLength = 0, mCharCount = 0}
#11 0xb67cef77 in nsTextFrame::ReflowText (this=0x9523e910, aLineLayout=..., 
    aAvailableWidth=6480, aRenderingContext=0x9d1bb8c0, aShouldBlink=false, 
    aMetrics=..., aStatus=@0xbfff5cb8)
    at /build/buildd/firefox-13.0.1+build1/build-tree/mozilla/layout/generic/nsTextFrameThebes.cpp:7375
        forceBreakAfter = <value optimized out>
        transformedLength = <value optimized out>
        flowEndInTextRun = <value optimized out>
        lineContainer = 0x951cf9f0
        fontSizeInflation = -3.17841531e-10
        xOffsetForTabs = <value optimized out>
        textMetrics = {mAdvanceWidth = -2.9913709901500016e-41, 
          mAscent = -1.9594809363636649, mDescent = -2.9913709901500016e-41, 
          mBoundingBox = {<mozilla::gfx::BaseRect<double, gfxRect, gfxPoint, gfxSize, gfxMargin>> = {x = -1.532810822520053e-236, y = -2.2910664443049032e-46, 
              width = -3.8522658495668327e-86, 
              height = 1.591475845434006e-314}, <No data fields>}}
        trimmedWidth = <value optimized out>
        textStyle = 0xa8f14cb4
        contentNewLineOffset = -1
        forceBreak = <value optimized out>
        offset = 0
        newLineOffset = -1
        provider = {<gfxTextRun::PropertyProvider> = {
            _vptr.PropertyProvider = 0x0}, mTextRun = 0x8ef8f400, 
          mFontGroup = 0xb669b252, mFontMetrics = {mRawPtr = 0xa8fff4cc}, 
          mTextStyle = 0xae332880, mFrag = 0xbfff5908, 
          mLineContainer = 0xb669b277, mFrame = 0xa8fff4cc, mStart = {
            mSkipChars = 0xae332880, mOriginalStringOffset = -1459620672, 
            mSkippedStringOffset = 3060380430, 
            mOriginalStringToSkipCharsOffset = -1459620660, 
---Type <return> to continue, or q <return> to quit---
            mListPrefixLength = 2922588288, mListPrefixCharCount = 2835346624, 
            mListPrefixKeepCharCount = 3060380430}, mTempIterator = {
            mSkipChars = 0xa8fff4cc, mOriginalStringOffset = -1372379008, 
            mSkippedStringOffset = 0, 
            mOriginalStringToSkipCharsOffset = -1234174097, 
            mListPrefixLength = 2, mListPrefixCharCount = 3221182888, 
            mListPrefixKeepCharCount = 3221182888}, mTabWidths = 0xb7fb33d1, 
          mTabWidthsAnalyzedLimit = 3081751064, mLength = 2, 
          mWordSpacing = -2.407931730678687e-46, 
          mLetterSpacing = 5.0927898983660601e-313, 
          mJustificationSpacing = -2.8802491541879983e-192, 
          mHyphenWidth = -1.8246243523148889e-40, 
          mOffsetFromBlockOriginForTabs = -1.710579705235906e-40, 
          mReflowing = 200, mWhichTextRun = 2552907412}
        end = {mSkipChars = 0xaf886c00, mOriginalStringOffset = 0, 
          mSkippedStringOffset = 0, mOriginalStringToSkipCharsOffset = 0, 
          mListPrefixLength = 2835342432, mListPrefixCharCount = 3221182984, 
          mListPrefixKeepCharCount = 3221183048}
        breakAfter = <value optimized out>
        maxContentLength = -1444514444
        transformedOffset = 4294967295
        limitLength = <value optimized out>
        charsFit = <value optimized out>
        atStartOfLine = 150
        cachedNewlineOffset = 0x0
        boundingBoxType = <value optimized out>
        transformedLastBreak = 2922788624
        contentLength = <value optimized out>
        ctx = 0x1c
        iter = {mSkipChars = 0xae332880, mOriginalStringOffset = -1073784196, 
          mSkippedStringOffset = 0, 
          mOriginalStringToSkipCharsOffset = -1073784304, 
          mListPrefixLength = 3221182992, mListPrefixCharCount = 720, 
          mListPrefixKeepCharCount = 16056}
        usedHyphenation = false
        canTrimTrailingWhitespace = <value optimized out>
        transformedCharsFit = <value optimized out>
        lastBreak = <value optimized out>
        trimmableWidth = <value optimized out>
        frag = 0xd
---Type <return> to continue, or q <return> to quit---
        availWidth = <value optimized out>
        breakPriority = 2832360784
        boundingBox = {<mozilla::gfx::BaseRect<int, nsRect, nsPoint, nsSize, nsMargin>> = {x = 8496, y = 60, width = 720, height = 16056}, <No data fields>}
        presContext = 0xa8fff4cc
        length = 13
        completedFirstLetter = false
        brokeText = <value optimized out>
        emptyTextAtStartOfLine = <value optimized out>
#12 0xbfff5dc4 in ?? ()
No symbol table info available.
#13 0x97af7580 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) 





Expected results:

no SIGSEGV
Component: Untriaged → General
QA Contact: untriaged → general
Roger, can you please try to reproduce this issue with a clean profile?
http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.