Open
Bug 1240158
Opened 10 years ago
Updated 3 years ago
Cairo crash in _cairo_scaled_glyph_set_metrics() when visiting certain O'Reilly blog article
Categories
(Core :: Graphics: Text, defect, P3)
Tracking
()
People
(Reporter: andre.jaenisch, Unassigned)
Details
(Keywords: crash, Whiteboard: [gfx-noted])
Attachments
(3 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Steps to reproduce:
Open https://www.oreilly.com/ideas/5-ways-web-apps-and-sites-are-the-same-and-different in Firefox 43 on Sabayon Linux.
I tried open the same page in both, private mode and without enabled add-ons (aka safe-mode). Same result.
$ uname -a
Linux sabayonx86-64 4.3.0-sabayon #1 SMP Wed Dec 16 22:02:39 UTC 2015 x86_64 Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz GenuineIntel GNU/Linux
Actual results:
The browser just closes and in a console I can see a line stating "Segmentation Fault". Nothing else.
Every.Single.Time.
Expected results:
I want to be able to read that article
|
Reporter | |
Comment 1•10 years ago
|
||
Oh, and in ~/.mozilla/firefox/Crash Reports/ there is no new file, so I cannot even upload that one :-(
I hate C/C++ especially because of SegFaults :-/
https://developer.mozilla.org/en-US/docs/How_to_get_a_stacktrace_for_a_bug_report follow it for a crash stacktrace.
|
|
Reporter | |
Comment 3•10 years ago
|
||
Bummer.
Sabayon is based on Gentoo, but with binaries. Hence no emerging for me. That means, no debugging symbols in the binary :-/
Attached is a strace.
|
|
Reporter | |
Comment 4•10 years ago
|
||
Bummer.
Sabayon is based on Gentoo, but with binaries. Hence no emerging for me. That means, no debugging symbols in the binary :-/
Attached is a gdb dump.
|
||
Comment 5•10 years ago
|
||
Andre, can you try download and testing an official Mozilla build? It might have more useful debug information than your distro's Firefox build.
This crash looks like it's in freetype, though I don't know the stack trace would include vpx_get_mb_ss_mmx(), a libvpx (VP8/VP9) video function.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e60f2d in ?? () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff6e60f2d in ?? () from /lib64/libc.so.6
#1 0x00007ffff0064e83 in ?? () from /usr/lib64/libfreetype.so.6
#2 0x00007ffff006524c in ?? () from /usr/lib64/libfreetype.so.6
#3 0x00007ffff00b189f in ?? () from /usr/lib64/libfreetype.so.6
#4 0x00007ffff00afe12 in ?? () from /usr/lib64/libfreetype.so.6
#5 0x00007ffff00b27ba in ?? () from /usr/lib64/libfreetype.so.6
#6 0x00007ffff006dd95 in FT_Load_Glyph () from /usr/lib64/libfreetype.so.6
#7 0x00007ffff3a9dbd0 in vpx_get_mb_ss_mmx () from /usr/lib64/firefox/libxul.so
#8 0x00007ffff3ad7efd in vpx_get_mb_ss_mmx () from /usr/lib64/firefox/libxul.so
#9 0x00007ffff3ad8508 in vpx_get_mb_ss_mmx () from /usr/lib64/firefox/libxul.so
#10 0x00007ffff2845d30 in ?? () from /usr/lib64/firefox/libxul.so
#11 0x00007ffff284622f in ?? () from /usr/lib64/firefox/libxul.so
#12 0x00007ffff284650e in ?? () from /usr/lib64/firefox/libxul.so
#13 0x00007ffff2845f6c in ?? () from /usr/lib64/firefox/libxul.so
Product: Firefox → Core
|
||
Updated•10 years ago
|
Flags: needinfo?(andre.jaenisch)
|
|
Reporter | |
Comment 6•10 years ago
|
||
Produced with Firefox 45.0a1 (Developer Edition) on 16th Jan 2016: https://crash-stats.mozilla.com/report/index/bb24dc80-33c3-4ca9-bcdb-cb92f2160116
On Chromium the tab crashes, too.
Interestingly I could read it with Firefox executed with root privileges o_O
Flags: needinfo?(andre.jaenisch)
|
|
Reporter | |
Comment 7•10 years ago
|
||
My graphics card:
$ sudo lspci -nnk | grep -i VGA -A2
00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09)
Subsystem: Lenovo 2nd Generation Core Processor Family Integrated Graphics Controller [17aa:21cf]
Kernel driver in use: i915
driver name and version:
$ glxinfo | grep 'OpenGL version string'
OpenGL version string: 3.0 Mesa 11.1.0
|
|
Reporter | |
Comment 8•10 years ago
|
||
um, 45.0a2, My bad.
|
|
Reporter | |
Comment 9•10 years ago
|
||
Stracelog with Firefox Developer Edition v45.0a2.
|
|
||
Comment 10•10 years ago
|
||
Thanks, Andre. The crash report is very helpful! Its stack trace is much clearer than the one from Sabayon build.
This is a null pointer crash deep inside libfreetype.so, called from our Cairo code.
Status: UNCONFIRMED → NEW
status-firefox43:
--- → affected
status-firefox44:
--- → ?
status-firefox45:
--- → affected
status-firefox46:
--- → ?
Component: Untriaged → Graphics: Text
Ever confirmed: true
Summary: Segfault when visiting certain O'Reilly blog article → Cairo crash in _cairo_scaled_glyph_set_metrics() when visiting certain O'Reilly blog article
|
||
Updated•10 years ago
|
Whiteboard: [gfx-noted]
|
||
Updated•8 years ago
|
Priority: -- → P3
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•