196484 - HTML table with 2-pixel Arial makes Mozilla crash [@ nsUnicodeEncodeHelper::ConvertByTable ]

Status: RESOLVED FIXED

(Core :: Internationalization, defect)

Description

[Haydar Beyaz]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20030122
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20030122

The following crashes the browser.
Extracted from a real web page (http://www.nethaber.com/).
May have something to do with Truetype arial font.

Reproducible: Always

Steps to Reproduce:
1.Load the given URL.

Actual Results:  
Mozilla dies.

Expected Results:  
Display the page.

Theme : classic.

Comment 1

[Olivier Cahagne]

can you try again with 1.3 release candidate build ?
http://www.mozillazine.org/articles/article2959.html

Comment 2

[Andrew Schultz]

worksforme with linux trunk 20030308 and 1.3a

Comment 3

[Olivier Cahagne]

got e-mail from reporter: "Sorry, I've got only a 56k connection.  But here's a
stack trace :
(BTW as I said in the comments, the problem appears to be heavily
related to :
   ISO-8859-9 (Turkish)
   Arial font (from MS)
   Particular font sizes
   User font preferences ?
as when I change any of these parameters in the page, it doesn't make
Mozilla crash anymore.  Maybe it's related to GTK and X11 too ?)"

Comment 4

[Olivier Cahagne]

Attachment: Stacktrace 1.3b from reporter

Comment 5

[Olivier Cahagne]

related: bug 50613.

Comment 6

[Simon Montagu :smontagu]

From talkback data nsUnicodeEncodeHelper::ConvertByTable() looks to me like a
1.3b topcrash.

Comment 7

[Simon Montagu :smontagu]

Some URIs and comments from talkback with this crash, all with buildid
2003021008 on Linux

http://www.aljazeera.net
http://www.leta2000.lv
http://www.typos.com.cy trying to resize characters by holding down ctrl and
turning the mouse wheel
http://www.iht.com/articles/87521.html From that URL, click Next
http://wiadomosci.wp.pl

Comment 8

[Simon Montagu :smontagu]

Annoyingly, I could reproduce this yesterday with http://www.nethaber.com but I
can't reproduce it again today, and I was only half way to an understanding of
what was happening when I stopped work yesterday.

I know enough to produce a wallpaper patch, but I suspect there is an underlying
issue which I haven't quite grasped.

Comment 9

[Simon Montagu :smontagu]

Attachment: patch

rbs, what do you think about this? I'm not even sure that I was seeing the same
crash as the original reporter, but I don't see any harm in adding a bounds
check here.

Comment 10

[rbs]

Comment on attachment 116867 [details] [diff] [review]
patch

I re-read the code and it makes sense. Better be on the safe side than to
crash. Care to make a patch for everybody (GTK, Xlib, Win32)?

Comment 11

[Olivier Cahagne]

*** Bug 199005 has been marked as a duplicate of this bug. ***

Comment 12

[marco]

Note that:

http://abaababa.ouvaton.org/mozilla-crash.html

does _not_ crash my browser, but (from duplicate 199005):

http://www.gazeta.ru/sport/2003/03/kz_18598.shtml?kz18598

does.

Comment 13

[Roland Mainz]

marco wrote:
> Note that:
> http://abaababa.ouvaton.org/mozilla-crash.html
> does _not_ crash my browser, but (from duplicate 199005):
> http://www.gazeta.ru/sport/2003/03/kz_18598.shtml?kz18598
> does.

Does setting the "MOZILLA_GFX_DISABLE_FAST_MEASURE" env variable prevent the
crash for that page ?
e.g. start Mozilla like this:
% export MOZILLA_GFX_DISABLE_FAST_MEASURE=1
% ./mozilla
does that help?

Comment 14

[R.K.Aa.]

http://www.gazeta.ru/sport/2003/03/kz_18598.shtml?kz18598 WFM, day old trnk CVS,
Linux. (Not Xft)

Comment 15

[Simon Montagu :smontagu]

Roland said he would take this.

Comment 16

[Roland Mainz]

Simon Montagu wrote:
> Roland said he would take this.

Yeah... I hate that when simple-to-fix issues are rotting in bugzilla... patch
in 45secs... I hope review and superreview are similar fast... :)

Comment 17

[Roland Mainz]

Attachment: Patch for 2003-03-20-08-trunk

Comment 18

[Roland Mainz]

Comment on attachment 118515 [details] [diff] [review]
Patch for 2003-03-20-08-trunk

Requesting r=/sr= ...

Comment 19

[Roland Mainz]

Note: Tree freeze is in less than 5 hours (<=FIVE), it would be nice to get the
r=/sr=/checkin= done before that... :)

Comment 20

[Simon Montagu :smontagu]

Comment on attachment 118515 [details] [diff] [review]
Patch for 2003-03-20-08-trunk

r=smontagu

Comment 21

[rbs]

Comment on attachment 118515 [details] [diff] [review]
Patch for 2003-03-20-08-trunk

sr=rbs

Comment 22

[Simon Montagu :smontagu]

Patch checked in.

Comment 23

[Roland Mainz]

Marking bug as FIXED for now (per
http://bonsai.mozilla.org/cvsquery.cgi?module=MozillaTinderboxAll&branch=HEAD&cvsroot=/cvsroot&date=explicit&mindate=1048649940&maxdate=1048650660&who=smontagu%25netscape.com),
reopen if this issue still occurs...

Comment 24

[marco]

Just to answer comment #13: if I set

export MOZILLA_GFX_DISABLE_FAST_MEASURE=1

before running mozilla, and then go to:

http://www.gazeta.ru/sport/2003/03/kz_18598.shtml?kz18598

the browser does not crash and shows the page OK (Mozilla
1.3 build 2003031709, see bug 199005).

Comment 25

[Simon Montagu :smontagu]

*** Bug 167863 has been marked as a duplicate of this bug. ***

Comment 26

[Andrew Schultz]

*** Bug 203381 has been marked as a duplicate of this bug. ***

Comment 27

[Asa Dotzler [:asa]]

*** Bug 199224 has been marked as a duplicate of this bug. ***