browser crash with charset=x-user-defined in http-equiv and face=Verdana in font tag

RESOLVED DUPLICATE of bug 210647

Status

()

Core
Layout: Text
--
critical
RESOLVED DUPLICATE of bug 210647
15 years ago
15 years ago

People

(Reporter: Damian M Gryski, Unassigned)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030715 Mozilla Firebird/0.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030715 Mozilla Firebird/0.6

The main page of http://www.outhousesoftware.co.uk crashes firebird.  In case
they change their page, I will attach a minimal test case demonstrating the problem.


Reproducible: Always

Steps to Reproduce:
1.Load the above webpage or attached html file into firebird.

Actual Results:  
Crash.

Expected Results:  
Complain that webpage is invalid, perhaps ignoring the fact that quotes are
missing from the face= tag, and that I (under Linux) do not have Verdana installed.


valgrind and gdb report that firebird is trying to read from a null pointer in
NSGetModule in libgklayout.so
(Reporter)

Comment 1

15 years ago
Created attachment 128077 [details]
minimal test case for bug

This is the main page of http://www.outhousesoftware.co.uk, with all the
content
stripped leaving only the lines that cause a crash.

Comment 2

15 years ago
WFM with 20030720 build on W2K.
Try a new build.
Summary: browser crash with charset=x-user-defined in http-equiv and face=Verdana in font tag → browser crash with charset=x-user-defined in http-equiv and face=Verdana in font tag
(Reporter)

Comment 3

15 years ago
Also kills latest (2003072105) mozilla nightly (latest-trunk).
Seems like it's linux specific.

Comment 4

15 years ago
Confirming. I see this on my local Mozilla build (2003071705). I also see it on
Firebird. Talkback ID from Firebird TB22076327E
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 5

15 years ago
If this is in Seamonkey as well, it should be moved over.
Assignee: blakeross → font
Component: General → Layout: Fonts and Text
Product: Firebird → Browser
QA Contact: asa → ian
Version: unspecified → Trunk
Incident ID 22076327
Stack Signature 	nsTextFrame::Paint() 4e3a7e60
Email Address 	
Product ID 	MozillaFirebird
Build ID 	2003071508
Trigger Time 	2003-07-21 10:58:40
Platform 	LinuxIntel
Operating System 	Linux 2.4.18-timesys-4.0
Module 	libgklayout.so
URL visited 	
User Comments 	bug 213176
Trigger Reason 	SIGSEGV: Segmentation Fault: (signal 11)
Source File Name 
/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsTextFrame.cpp
Trigger Line No. 	550
Stack Trace 	
nsTextFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsTextFrame.cpp,
line 550]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsContainerFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsInlineFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsInlineFrame.cpp,
line 347]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsBlockFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsBlockFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 5428]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsBlockFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsBlockFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 5428]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsContainerFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 693]
nsTableCellFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableCellFrame.cpp,
line 487]
nsTableRowFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableRowFrame.cpp,
line 655]
nsTableRowFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableRowFrame.cpp,
line 602]
nsTableRowGroupFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp,
line 267]
nsTableRowGroupFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp,
line 215]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsContainerFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 693]
nsTableFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableFrame.cpp,
line 1427]
nsTableFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableFrame.cpp,
line 1472]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsTableOuterFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/table/src/nsTableOuterFrame.cpp,
line 693]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsBlockFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsBlockFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 5428]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsBlockFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsBlockFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 5428]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsBlockFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 693]
nsHTMLContainerFrame::PaintDecorationsAndChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 143]
nsBlockFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsBlockFrame.cpp,
line 5428]
nsContainerFrame::PaintChild()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 132]
nsContainerFrame::PaintChildren()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsContainerFrame.cpp,
line 693]
nsHTMLContainerFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLContainerFrame.cpp,
line 88]
CanvasFrame::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsHTMLFrame.cpp,
line 397]
PresShell::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5732]
nsView::Paint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsView.cpp, line 667]
nsViewManager::RenderDisplayListElement()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsViewManager.cpp,
line 1323]
nsViewManager::RenderViews()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsViewManager.cpp,
line 1252]
nsViewManager::Refresh()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsViewManager.cpp,
line 805]
nsViewManager::DispatchEvent()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsViewManager.cpp,
line 661]
HandleEvent()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/view/src/nsView.cpp, line 285]
nsWidget::DispatchEvent()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsWidget.cpp,
line 1503]
nsWidget::DispatchWindowEvent()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsWidget.cpp,
line 1392]
nsWindow::DoPaint()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsWindow.cpp,
line 857]
nsWindow::Update()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsWindow.cpp,
line 873]
nsWindow::UpdateIdle()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsWindow.cpp,
line 769]
libglib-1.2.so.0 + 0x10ff0 (0x40347ff0)
libglib-1.2.so.0 + 0x10055 (0x40347055)
libglib-1.2.so.0 + 0x10659 (0x40347659)
libglib-1.2.so.0 + 0x107e8 (0x403477e8)
libgtk-1.2.so.0 + 0x91203 (0x40263203)
nsAppShell::Run()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/widget/src/gtk/nsAppShell.cpp,
line 330]
nsAppShellService::Run()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 479]
main1()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/toolkit/xre/nsAppRunner.cpp,
line 649]
xre_main()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/toolkit/xre/nsAppRunner.cpp,
line 1692]
main()
[/home/cltbld/nightlybuild/phoenix/trunk/mozilla/browser/app/nsBrowserApp.cpp,
line 46]
libc.so.6 + 0x1c657 (0x404a9657) 

Comment 7

15 years ago
This is a dupe of bug 210647. Look at the stacktrace I attached to that bug

http://bugzilla.mozilla.org/attachment.cgi?id=126640&action=view

Crash happened around the same line. Probably the source code changed a bit so
that its line 554 in my stacktrace and line 550 over here. Marking this bug as a
dupe.

*** This bug has been marked as a duplicate of 210647 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.