Closed Bug 262246 Opened 16 years ago Closed 16 years ago

[xft] crash when using a missing/dead font

Categories

(Core Graveyard :: GFX: Gtk, defect)

x86
Linux
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 180309

People

(Reporter: dsilva, Assigned: blizzard)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a5) Gecko/20040928
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a5) Gecko/20040928

When some font files in ~/.fonts are dead symlinks, mozilla crashes if
it tries to use one of those fonts.  I tried the same scenario with
KWrite and GEdit, and both of them handle the xft2/fontconfig error
gracefully, plus the (limited) backtrace from libSegFault only shows:

Backtrace:
/usr/lib/libXft.so.2(_GLOBAL_OFFSET_TABLE+0x0)[0x430e21f0]

So the bug might be at not detecting an invalid (null?) value from Xft
and passing it back into another Xft function.


Reproducible: Always
Steps to Reproduce:
1. add some (valid) TTF font symlinks to ~/.fonts
2. update your fontconfig cache
3. run mozilla, set it to use some of those fonts
4. quit mozilla
5. either move the target TTF file or re-assign the symlink to a bad path
6. restart mozilla, it should crash when trying to display the font

Actual Results:  
Segfault.

Expected Results:  
Should have logged or reported an error gracefully.

Backtrace:
/usr/lib/libXft.so.2(_GLOBAL_OFFSET_TABLE+0x0)[0x430e21f0]
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: crash when using a missing/dead font → [xft] crash when using a missing/dead font
It happened to me too, on Mozilla 1.7.3.  (Fedora Core 3, out of the box, with
Xft and Pango, and without Freetype2.)  I poked around in the source, and found
the segfault in layout/html/base/src/nsTextFrame.cpp:543.

542:   aRenderingContext.GetFontMetrics(mNormalFont);
543:   mNormalFont->GetSpaceWidth(mSpaceWidth);

When a font file in ~/.fonts is a dangling symlink, mNormalFont remains nsNull
after 542, causing a segfault in 543.  There should probably be a null check
there that causes a fallback to another font.

Firefox 1.0 also segfaults under these conditions.

*** This bug has been marked as a duplicate of 183279 ***
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
sorry for bug spam

*** This bug has been marked as a duplicate of 180309 ***
Status: REOPENED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.