Closed Bug 219808 Opened 22 years ago Closed 18 years ago

This mailman interface page causes Firefox to crash (xft linux)

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: levon, Assigned: blizzard)

Details

Attachments

(1 file)

testcase of crashing page
37.76 KB, text/html
Details
Using a just-built Firebird (2003-09-20) Linux gcc 3.2, the attached page crashes. This is likely due to the mailman bug described in bug 148182. Whilst it's acceptable to mis-render given bad HTML, Firebird/Mozilla should never crash. Thus I enter this as a separate issue.
In fact, looking at the page, it looks like the HTML tags *have* been escaped.
Linux RH8 up to date. Xft-2.0-4. Using XFT GTK1.2 firebird build from CVS. #0 0x414dae6a in XftCharIndex () from /usr/lib/libXft.so.2 #1 0x414d79be in XftTextExtents32 () from /usr/lib/libXft.so.2 #2 0x4148d2da in nsFontXft::GetTextExtents32(unsigned const*, unsigned, _XGlyphInfo&) (this=0x867aa88, aString=0x0, aLen=0, aGlyphInfo=@0x0) at nsFontMetricsXft.cpp:1983 #3 0x4148c57e in nsFontMetricsXft::TextDimensionsCallback(unsigned const*, unsigned, nsFontXft*, void*) (this=0x867fff8, aString=0x42138c90, aLen=0, aFont=0x867aa88, aData=0xbfffc5b8) at nsFontMetricsXft.cpp:1646 #4 0x4148eaca in StaticTextDimensionsCallback (aString=0x0, aLen=0, aFont=0x0, aData=0xbfffc660) at nsFontMetricsXft.cpp:2768 #5 0x4148c24a in nsFontMetricsXft::EnumerateGlyphs(unsigned const*, unsigned, unsigned (*)(unsigned const*, unsigned, nsFontXft*, void*), void*) (this=0x0, aString=0xbfffc5c4, aLen=73, aCallback=0x4148ea90 <StaticTextDimensionsCallback>, aCallbackData=0xbfffc5b8) at nsFontMetricsXft.cpp:1520 #6 0x41489ccf in nsFontMetricsXft::GetTextDimensions(unsigned short const*, unsigned, nsTextDimensions&, int*, nsRenderingContextGTK*) (this=0x867fff8, aString=0x0, aLength=73, aDimensions=@0xbfffd4d0, aFontID=0x0, aContext=0x867f3c8) at nsFontMetricsXft.cpp:632 #7 0x414680b4 in nsRenderingContextGTK::GetTextDimensions(unsigned short const*, unsigned, nsTextDimensions&, int*) (this=0xbfffc660, aString=0x0, aLength=0, aDimensions=@0x0, aFontID=0x0) at nsRenderingContextGTK.cpp:1266 #8 0x40a8720b in nsTextFrame::MeasureText(nsIPresContext*, nsHTMLReflowState const&, nsTextTransformer&, nsILineBreaker*, nsTextFrame::TextStyle&, nsTextFrame::TextReflowData&) (this=0x865c520, aPresContext=0x861df10, aReflowState=@0xbfffd9d0, aTx=@0xbfffd710, aLb=0x0, aTs=@0xbfffd850, aTextData=@0xbfffd6f0) at nsTextFrame.cpp:4859 #9 0x40a87d49 in nsTextFrame::Reflow(nsIPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) (this=0x865c520, aPresContext=0x861df10, aMetrics=@0xbfffd980, aReflowState=@0xbfffd9d0, aStatus=@0xbfffdafc) at ../../../../dist/include/xpcom/nsCOMPtr.h:661 #10 0x40a57308 in nsLineLayout::ReflowFrame(nsIFrame*, unsigned&, nsHTMLReflowMetrics*, int&) (this=0xbfffdba0, aFrame=0x865c520, aReflowStatus=@0xbfffdafc, aMetrics=0x0, aPushedFrame=@0xbfffdaf8) at nsLineLayout.cpp:1019 #11 0x40a237a6 in nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, unsigned char*) (this=0x86d5d18, aState=@0xbfffe250, aLineLayout=@0xbfffdba0, aFrame=0x865c520, aLineReflowStatus=0xbfffdb6b "") at nsBlockFrame.cpp:3704 #12 0x40a234de in nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, int*, unsigned char*, int, int) (this=0x86d5d18, aState=@0xbfffe250, aLineLayout=@0xbfffdba0, aLine={mCurrent = 0x865c560}, aKeepReflowGoing=0xbfffe13c, aLineReflowStatus=0x0, aUpdateMaximumWidth=0, aDamageDirtyArea=1) at nsBlockFrame.cpp:3571 #13 0x40a23284 in nsBlockFrame::DoReflowInlineFramesAuto(nsBlockReflowState&, nsLineList_iterator, int*, unsigned char*, int, int) (this=0x0, aState=@0xbfffe250, aKeepReflowGoing=0x0, aLineReflowStatus=0x0, aUpdateMaximumWidth=0, aDamageDirtyArea=0) at nsBlockFrame.cpp:3472 #14 0x40a230ef in nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, int*, int, int) (this=0x86d5d18, aState=@0xbfffe250, aKeepReflowGoing=0xbfffdba0, aDamageDirtyArea=1, aUpdateMaximumWidth=0) at nsBlockFrame.cpp:3416 #15 0x40a21597 in nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*, int) (this=0x86d5d18, aState=@0xbfffe250, aKeepReflowGoing=0xbfffe13c, aDamageDirtyArea=1) at nsBlockFrame.cpp:2533 #16 0x40a21308 in nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) (this=0x86d5d18, aState=@0xbfffe250) at nsBlockFrame.cpp:2180 #17 0x40a1f420 in nsBlockFrame::Reflow(nsIPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) (this=0x8214, aPresContext=0x861df10, aMetrics=@0xbfffe610, aReflowState=@0xbfffe4b0, aStatus=@0xbfffe5fc) at nsBlockFrame.cpp:849 #18 0x40b1fa06 in nsBoxToBlockAdaptor::Reflow(nsBoxLayoutState&, nsIPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&, int, int, int, int, int) (this=0x86d88a8, aState=@0xbfffeaf0, aPresContext=0x861df10, aDesiredSize=@0xbfffe610, aReflowState=@0xbfffebc0, aStatus=@0xbfffe5fc, aX=0, aY=0, aWidth=0, aHeight=-1073749424, aMoveFrame=1) at nsBoxToBlockAdaptor.cpp:886 #19 0x40b1f5ee in nsBoxToBlockAdaptor::DoLayout(nsBoxLayoutState&) (this=0x86d88a8, aState=@0xbfffeaf0) at nsBoxToBlockAdaptor.cpp:633 #20 0x40b170d0 in nsBox::Layout(nsBoxLayoutState&) (this=0xbfffed60, aState=@0xbfffeaf0) at nsBox.cpp:998 #21 0x40b131ff in nsScrollBoxFrame::DoLayout(nsBoxLayoutState&) (this=0xbfffeaf0, aState=@0xbfffed60) at nsScrollBoxFrame.cpp:337 #22 0x40b170d0 in nsBox::Layout(nsBoxLayoutState&) (this=0xbfffed60, aState=@0xbfffeaf0) at nsBox.cpp:998 #23 0x40b2156c in nsContainerBox::LayoutChildAt(nsBoxLayoutState&, nsIBox*, nsRect const&) (aState=@0xbfffeaf0, aBox=0xbfffed60, aRect=@0xbfffe990) at nsContainerBox.cpp:650 #24 0x40a400ed in nsGfxScrollFrameInner::LayoutBox(nsBoxLayoutState&, nsIBox*, nsRect const&) (this=0x86d7618, aState=@0x0, aBox=0x0, aRect=@0x0) at nsGfxScrollFrame.cpp:1196 #25 0x40a403fd in nsGfxScrollFrameInner::Layout(nsBoxLayoutState&) (this=0x86d7618, aState=@0xbfffeaf0) at nsGfxScrollFrame.cpp:1343 #26 0x40a4014b in nsGfxScrollFrame::DoLayout(nsBoxLayoutState&) (this=0x86d5d68, aState=@0xbfffeaf0) at nsGfxScrollFrame.cpp:1204 #27 0x40b170d0 in nsBox::Layout(nsBoxLayoutState&) (this=0xbfffeaf0, aState=@0xbfffeaf0) at nsBox.cpp:998 #28 0x40b1a38b in nsBoxFrame::Reflow(nsIPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) (this=0x86d5d68, aPresContext=0x0, aDesiredSize=@0xbfffed50, aReflowState=@0xbfffeaf0, aStatus=@0xbfffebb8) at nsBoxFrame.cpp:880 #29 0x40a3f3ce in nsGfxScrollFrame::Reflow(nsIPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) (this=0x86d5d68, aPresContext=0x0, aDesiredSize=@0xbfffeaf0, aReflowState=@0xbfffebc0, aStatus=@0xbfffebb8) at nsGfxScrollFrame.cpp:833 #30 0x40a69b03 in IncrementalReflow::Dispatch(nsIPresContext*, nsHTMLReflowMetrics&, nsSize const&, nsIRenderingContext&) (this=0xbfffed10, aPresContext=0xbfffebb8, aDesiredSize=@0xbfffed50, aMaxSize=@0xbfffed40, aRendContext=@0x867f3c8) at nsPresShell.cpp:910 #31 0x40a76e18 in PresShell::ProcessReflowCommands(int) (this=0x861e870, aInterruptible=1) at nsPresShell.cpp:6488 #32 0x40a78950 in ReflowEvent::HandleEvent() (this=0x0) at nsPresShell.cpp:6331 #33 0x40a7690f in HandlePLEvent (aEvent=0x0) at nsPresShell.cpp:6347 #34 0x40134cb7 in PL_HandleEvent (self=0xffffffff) at plevent.c:671 #35 0x40134be4 in PL_ProcessPendingEvents (self=0x80cda58) at plevent.c:606 #36 0x40135f9b in nsEventQueueImpl::ProcessPendingEvents() (this=0x808b288) at nsEventQueue.cpp:391 #37 0x411d1155 in event_processor_callback (data=0xbfffc660, source=7, condition=GDK_INPUT_READ) at nsAppShell.cpp:187 #38 0x411d0d0d in our_gdk_io_invoke (source=0x0, condition=G_IO_IN, data=0x808b288) at nsAppShell.cpp:72 #39 0x403d8076 in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #40 0x403d997e in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #41 0x403d9e59 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #42 0x403da0f4 in g_main_run () from /usr/lib/libglib-1.2.so.0 #43 0x402d96df in gtk_main () from /usr/lib/libgtk-1.2.so.0 #44 0x411d1546 in nsAppShell::Run() (this=0x81019a8) at nsAppShell.cpp:327 #45 0x411ae5d4 in nsAppShellService::Run() (this=0x0) at ../../../dist/include/xpcom/nsCOMPtr.h:667 #46 0x08051b8f in main1 (argc=2, argv=0xbffff414, nativeApp=0x0, aAppData=@0x0) at ../../dist/include/xpcom/nsCOMPtr.h:667 #47 0x08052488 in xre_main(int, char**, nsXREAppData const&) (argc=2, argv=0xbffff414, aAppData=@0xbffff390) at nsAppRunner.cpp:1693 #48 0x0804debe in main (argc=0, argv=0x0) at nsBrowserApp.cpp:51 #49 0x420158f7 in __libc_start_main () from /lib/i686/libc.so.6
QA Contact: asa
Summary: This mailman interface page causes Firebird to crash → This mailman interface page causes Firebird to crash (xft linux)
It's likely to be a dupe of bug 180309. Do you have any 'FON' fonts in your fontconfig font search path? Can you still reproduce the bug with fontconfig/Xft updated to the latest?
Assignee: firefox → blizzard
Component: General → GFX: Gtk
Product: Firefox → Browser
Version: unspecified → Trunk
Oops. I thought the stack is identical to that of bug 180309, but it's not. It's identical to that of bug 193276. Anyway, I think upgrading to a newer version of Xft should prevent Mozilla from crashing.
This is WFM in Fx 1.0PR. I haven't tested the trunk. Reporter, does the testcase cause a crash for you now on trunk or branch?
Summary: This mailman interface page causes Firebird to crash (xft linux) → This mailman interface page causes Firefox to crash (xft linux)
Please REOPEN if this still occurs in a recent trunk build. Thanks. http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ -> WORKSFORME
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: