Closed
Bug 376627
Opened 17 years ago
Closed 17 years ago
Crash [@ nsAString_internal::ToSubstring] with 
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 377053
People
(Reporter: jruderman, Unassigned)
References
()
Details
(5 keywords, Whiteboard: [sg:critical?])
Crash Data
Attachments
(1 file)
20 bytes,
text/html
|
Details |
Tested in Mac trunk debug only. This bug affects over 0.1% of URLs in http://random.yahoo.com/bin/ryl/. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000005 Thread 0 Crashed: 0 <<00000000>> 0x3d3930de 0 + 1027158238 1 libxpcom_core.dylib 0x0137ef9f nsAString_internal::ToSubstring() const + 23 (nsTAString.cpp:521) 2 libxpcom_core.dylib 0x013775dd nsSubstring::Assign(nsAString_internal const&) + 73 (nsTSubstring.cpp:435) 3 libxpcom_core.dylib 0x0139aa14 nsString::nsString[in-charge](nsAString_internal const&) + 28 (nsTString.h:100) 4 libthebes.dylib 0x07b0b0c1 gfxFont::gfxFont[not-in-charge](nsAString_internal const&, gfxFontStyle const*) + 61 (gfxFont.cpp:147) 5 libthebes.dylib 0x07b15e2c gfxAtsuiFont::gfxAtsuiFont[in-charge](unsigned long, nsAString_internal const&, gfxFontStyle const*) + 40 (gfxAtsuiFonts.cpp:79) 6 libthebes.dylib 0x07b164c4 GetOrMakeFont(unsigned long, gfxFontStyle const*, nsTArray<nsRefPtr<gfxFont> >*) + 154 (gfxAtsuiFonts.cpp:290) 7 libthebes.dylib 0x07b165e5 gfxAtsuiFontGroup::FindFontFor(unsigned long) + 125 (gfxAtsuiFonts.cpp:495) 8 libthebes.dylib 0x07b16e08 gfxAtsuiFontGroup::InitTextRun(gfxTextRun*, unsigned short const*, unsigned, int) + 910 (gfxAtsuiFonts.cpp:892) 9 libthebes.dylib 0x07b170eb gfxAtsuiFontGroup::MakeTextRunInternal(unsigned short const*, unsigned, int, gfxTextRunFactory::Parameters*) + 209 (gfxAtsuiFonts.cpp:433) 10 libthebes.dylib 0x07b171f3 gfxAtsuiFontGroup::MakeTextRun(unsigned char const*, unsigned, gfxTextRunFactory::Parameters*) + 253 (gfxAtsuiFonts.cpp:478) 11 libthebes.dylib 0x07b140c2 gfxTextRunCache::GetOrMakeTextRun(gfxContext*, gfxFontGroup*, char const*, unsigned, unsigned, int, int, int*) + 406 (gfxTextRunCache.cpp:242) 12 libgkgfxthebes.dylib 0x30d1cd5f nsThebesFontMetrics::AutoTextRun::AutoTextRun[in-charge](nsThebesFontMetrics*, nsIRenderingContext*, char const*, int, int) + 155 (nsThebesFontMetrics.h:165) 13 libgkgfxthebes.dylib 0x30d117e4 nsThebesFontMetrics::GetWidth(char const*, unsigned, int&, nsThebesRenderingContext*) + 178 (nsThebesFontMetrics.cpp:325) 14 libgkgfxthebes.dylib 0x30d0f0b6 nsThebesRenderingContext::GetWidthInternal(char const*, unsigned, int&) + 86 (nsThebesRenderingContext.cpp:1083) 15 libgkgfxthebes.dylib 0x30d12cf6 nsRenderingContextImpl::GetWidth(char const*, unsigned, int&) + 92 (nsRenderingContextImpl.cpp:500) 16 libgkgfxthebes.dylib 0x30d1aa0d nsThebesRenderingContext::GetWidth(char const*, unsigned, int&) + 41 (nsThebesRenderingContext.h:150) 17 libgkgfxthebes.dylib 0x30d0eff7 nsThebesRenderingContext::GetTextDimensionsInternal(char const*, unsigned, nsTextDimensions&) + 123 (nsThebesRenderingContext.cpp:1110) 18 libgkgfxthebes.dylib 0x30d12e4a nsRenderingContextImpl::GetTextDimensions(char const*, unsigned, nsTextDimensions&) + 66 (nsRenderingContextImpl.cpp:540) 19 libgklayout.dylib 0x1978f010 nsTextFrame::MeasureText(nsPresContext*, nsHTMLReflowState const&, nsTextTransformer&, nsTextStyle&, nsTextFrame::TextReflowData&) + 2326 (nsTextFrame.cpp:5326) 20 libgklayout.dylib 0x19792aae nsTextFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned&) + 1546 (nsTextFrame.cpp:6114) ...
Flags: blocking1.9?
Reporter | ||
Updated•17 years ago
|
Whiteboard: [sg:critical?]
Comment 1•17 years ago
|
||
this sounds like a bug with our string code?
Reporter | ||
Comment 2•17 years ago
|
||
This also happens whenever I press Esc in e.g. a prompt(). Probably for the same reason: it's (incorrectly) trying to add an Esc character to the textbox, like it's been doing for months, and now gets confused while trying to find a font for that character.
Reporter | ||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•17 years ago
|
Group: security
Comment 4•15 years ago
|
||
crash test landed http://hg.mozilla.org/mozilla-central/rev/176c054aebad
Flags: in-testsuite+
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsAString_internal::ToSubstring]
You need to log in
before you can comment on or make changes to this bug.
Description
•