Firefox crash on visiting wellsfargo.com [@ nsFontMetricsXft::CacheFontMetrics]

RESOLVED DUPLICATE of bug 279032

Status

--
critical
RESOLVED DUPLICATE of bug 279032
12 years ago
7 years ago

People

(Reporter: meta, Unassigned)

Tracking

({crash})

1.8 Branch
x86
Linux
crash

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20060601 Firefox/2.0.0.3 (Ubuntu-edgy)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20060601 Firefox/2.0.0.3 (Ubuntu-edgy)

Firefox crashes every time I visit wellsfargo.com.

I've repeated the problem with all extensions turned off and a clean .mozilla directory.

I've also repeated the problem with the mozilla.com download of the latest Firefox.

However, the problem doesn't occur with the Mac version, so it seems to be Linux-specific.

Reproducible: Always

Steps to Reproduce:
1. Visit https://www.wellsfargo.com/
2. Crash!
3. There is no step 3.



Crash reporter doesn't seem to be triggered, and I can't find a crash log, so any suggestions as to what additional information I could provide would be appreciated...

Updated

12 years ago
Keywords: crash
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.4pre) Gecko/2007042103 BonEcho/2.0.0.4pre
WFM

Comment 2

12 years ago
WFM, Firefox 2.0.0.3 on Ubuntu-edgy.

mathew, if you start firefox from a terminal window, do you see any messages
before the crash?
(Reporter)

Comment 3

12 years ago
"Floating point exception"

I've also tried moving /usr/lib/firefox/plugins somewhere else temporarily, in case it was a plugin. Same behavior.

Comment 4

12 years ago
Try running the mozilla.com build in a debugger, like so:
/usr/bin/firefox -d gdb -g
gdb> run
... make it crash ...
gdb> bt

and post the output here.  Thanks.
(you may need to install the gdb package, "sudo apt-get install gdb")
Keywords: stackwanted
(Reporter)

Comment 5

12 years ago
/usr/local/firefox 564$ ./firefox -g gdb -d
./run-mozilla.sh -g -d gdb ./firefox-bin
MOZILLA_FIVE_HOME=.
  LD_LIBRARY_PATH=.:./plugins:/usr/local/lib/mre/mre-2.0.0.3
DISPLAY=:0
DYLD_LIBRARY_PATH=.:/usr/local/lib/mre/mre-2.0.0.3
     LIBRARY_PATH=.:./components:/usr/local/lib/mre/mre-2.0.0.3
       SHLIB_PATH=.:/usr/local/lib/mre/mre-2.0.0.3
          LIBPATH=.:/usr/local/lib/mre/mre-2.0.0.3
       ADDON_PATH=.
      MOZ_PROGRAM=./firefox-bin
      MOZ_TOOLKIT=
        moz_debug=1
     moz_debugger=gdb
/usr/bin/gdb ./firefox-bin -x /tmp/mozargs.b13323
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run
Starting program: /usr/local/firefox/firefox-bin
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1221805344 (LWP 13361)]
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
[New Thread -1222059104 (LWP 13435)]
[New Thread -1230451808 (LWP 13438)]
(no debugging symbols found)
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
(no debugging symbols found)
[New Thread -1256244320 (LWP 13501)]
(no debugging symbols found)
[New Thread -1265509472 (LWP 13503)]
[New Thread -1273902176 (LWP 13504)]
[New Thread -1282294880 (LWP 13505)]
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
[New Thread -1291580512 (LWP 13540)]
(no debugging symbols found)
[New Thread -1301353568 (LWP 13573)]
(no debugging symbols found)
[New Thread -1309852768 (LWP 13574)]
[New Thread -1318245472 (LWP 13575)]
[Thread -1309852768 (LWP 13574) exited]
(no debugging symbols found)
[Thread -1318245472 (LWP 13575) exited]
[New Thread -1318245472 (LWP 13612)]
[New Thread -1309852768 (LWP 13613)]
[New Thread -1327203424 (LWP 13614)]
[Thread -1327203424 (LWP 13614) exited]
[New Thread -1335596128 (LWP 13615)]
[Thread -1335596128 (LWP 13615) exited]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1221805344 (LWP 13361)]
0x0820900f in XmlInitUnknownEncodingNS ()
(gdb) q
The program is running.  Exit anyway? (y or n) y
/usr/local/firefox 565$   
(Reporter)

Comment 6

12 years ago
...and here's the backtrace:

(gdb) bt
#0  0x0820900f in XmlInitUnknownEncodingNS ()
#1  0x0820866f in XmlInitUnknownEncodingNS ()
#2  0x087da24b in nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIVariant> >::nsBaseHashtableET ()
#3  0x087d95a2 in nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIVariant> >::nsBaseHashtableET ()
#4  0x082ae802 in XmlInitUnknownEncodingNS ()
#5  0x082ae880 in XmlInitUnknownEncodingNS ()
#6  0x08294206 in XmlInitUnknownEncodingNS ()
#7  0x0828b133 in XmlInitUnknownEncodingNS ()
#8  0x082936ee in XmlInitUnknownEncodingNS ()
#9  0x0828df7a in XmlInitUnknownEncodingNS ()
#10 0x0828d032 in XmlInitUnknownEncodingNS ()
#11 0x0828c858 in XmlInitUnknownEncodingNS ()
#12 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#13 0x082936ee in XmlInitUnknownEncodingNS ()
#14 0x08290da8 in XmlInitUnknownEncodingNS ()
#15 0x08294e4e in XmlInitUnknownEncodingNS ()
#16 0x08294ae1 in XmlInitUnknownEncodingNS ()
#17 0x082b7f63 in XmlInitUnknownEncodingNS ()
#18 0x0828ec3d in XmlInitUnknownEncodingNS ()
#19 0x0828eb4e in XmlInitUnknownEncodingNS ()
#20 0x0828e81b in XmlInitUnknownEncodingNS ()
#21 0x0828d49d in XmlInitUnknownEncodingNS ()
#22 0x0828c858 in XmlInitUnknownEncodingNS ()
#23 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#24 0x082936ee in XmlInitUnknownEncodingNS ()
#25 0x0828df7a in XmlInitUnknownEncodingNS ()
#26 0x0828d032 in XmlInitUnknownEncodingNS ()
#27 0x0828c858 in XmlInitUnknownEncodingNS ()
#28 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#29 0x082936ee in XmlInitUnknownEncodingNS ()
#30 0x0828df7a in XmlInitUnknownEncodingNS ()
#31 0x0828d032 in XmlInitUnknownEncodingNS ()
#32 0x0828c858 in XmlInitUnknownEncodingNS ()
#33 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#34 0x082936ee in XmlInitUnknownEncodingNS ()
#35 0x0828df7a in XmlInitUnknownEncodingNS ()
#36 0x0828d032 in XmlInitUnknownEncodingNS ()
#37 0x0828c858 in XmlInitUnknownEncodingNS ()
#38 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#39 0x082993c5 in XmlInitUnknownEncodingNS ()
#40 0x082ab8a1 in XmlInitUnknownEncodingNS ()
#41 0x082993c5 in XmlInitUnknownEncodingNS ()
#42 0x082a6185 in XmlInitUnknownEncodingNS ()
#43 0x082a6347 in XmlInitUnknownEncodingNS ()
#44 0x082a6895 in XmlInitUnknownEncodingNS ()
#45 0x082993c5 in XmlInitUnknownEncodingNS ()
#46 0x082dc067 in XmlInitUnknownEncodingNS ()
#47 0x0827bd47 in XmlInitUnknownEncodingNS ()
#48 0x082850be in XmlInitUnknownEncodingNS ()
---Type <return> to continue, or q <return> to quit---
#49 0x08286058 in XmlInitUnknownEncodingNS ()
#50 0xb7e3318f in PL_HandleEvent () from ./libxpcom_core.so
#51 0xb7e330e2 in PL_ProcessPendingEvents () from ./libxpcom_core.so
#52 0xb7e34743 in nsEventQueueImpl::CheckForDeactivation ()
   from ./libxpcom_core.so
#53 0x0824bb04 in XmlInitUnknownEncodingNS ()
#54 0xb788fc8d in g_io_channel_unix_get_fd () from /usr/lib/libglib-2.0.so.0
#55 0xb7866802 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#56 0xb78697df in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#57 0xb7869b89 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#58 0xb7b43574 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#59 0x0824bda8 in XmlInitUnknownEncodingNS ()
#60 0x086a5e68 in nsXPTCVariant::Init ()
#61 0x0807d26c in ?? ()
#62 0x091b47c0 in ?? ()
#63 0x00000000 in ?? ()
(gdb)  

Comment 7

12 years ago
you need to install debugging symbols.
please follow ubuntu(or whichever distribution you use)'s instructions to install them. then crash again following the original instructions.
(Reporter)

Comment 8

12 years ago
I did dpkg --list, found all the installed packages that had -dbg packages associated with them, and installed the -dbg packages. Hope this helps, those last three lines (#61, 62, 63) still come out as ??

$ LD_LIBRARY_PATH=/usr/local/firefox:/usr/lib ./firefox -d gdb -g
./run-mozilla.sh -d gdb -g ./firefox-bin
MOZILLA_FIVE_HOME=.
  LD_LIBRARY_PATH=.:./plugins:/usr/local/lib/mre/mre-2.0.0.3:/usr/local/firefox:/usr/lib
DISPLAY=:0
DYLD_LIBRARY_PATH=.:/usr/local/lib/mre/mre-2.0.0.3
     LIBRARY_PATH=.:./components:/usr/local/lib/mre/mre-2.0.0.3
       SHLIB_PATH=.:/usr/local/lib/mre/mre-2.0.0.3
          LIBPATH=.:/usr/local/lib/mre/mre-2.0.0.3
       ADDON_PATH=.
      MOZ_PROGRAM=./firefox-bin
      MOZ_TOOLKIT=
        moz_debug=1
     moz_debugger=gdb
/usr/bin/gdb ./firefox-bin -x /tmp/mozargs.R16718
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run
Starting program: /usr/local/firefox/firefox-bin
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1222346016 (LWP 16754)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[New Thread -1222603872 (LWP 16822)]
[New Thread -1230996576 (LWP 16823)]
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
[New Thread -1256776800 (LWP 16893)]
[New Thread -1265579104 (LWP 16895)]
[New Thread -1273971808 (LWP 16896)]
[New Thread -1282364512 (LWP 16897)]
[New Thread -1294668896 (LWP 16935)]
[New Thread -1303680096 (LWP 16952)]
[Thread -1303680096 (LWP 16952) exited]
[New Thread -1312072800 (LWP 16953)]
[Thread -1312072800 (LWP 16953) exited]
[New Thread -1312072800 (LWP 16972)]
[New Thread -1303680096 (LWP 16973)]
[New Thread -1320731744 (LWP 16974)]
[Thread -1320731744 (LWP 16974) exited]
[New Thread -1329124448 (LWP 16975)]
[Thread -1329124448 (LWP 16975) exited]
[New Thread -1329124448 (LWP 17041)]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1222346016 (LWP 16754)]
0x0820900f in XmlInitUnknownEncodingNS ()
(gdb) bt
#0  0x0820900f in XmlInitUnknownEncodingNS ()
#1  0x0820866f in XmlInitUnknownEncodingNS ()
#2  0x087da24b in nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIVariant> >::nsBaseHashtableET ()
#3  0x087d95a2 in nsBaseHashtableET<nsStringHashKey, nsCOMPtr<nsIVariant> >::nsBaseHashtableET ()
#4  0x082ae802 in XmlInitUnknownEncodingNS ()
#5  0x082ae880 in XmlInitUnknownEncodingNS ()
#6  0x08294206 in XmlInitUnknownEncodingNS ()
#7  0x0828b133 in XmlInitUnknownEncodingNS ()
#8  0x082936ee in XmlInitUnknownEncodingNS ()
#9  0x0828df7a in XmlInitUnknownEncodingNS ()
#10 0x0828d032 in XmlInitUnknownEncodingNS ()
#11 0x0828c858 in XmlInitUnknownEncodingNS ()
#12 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#13 0x082936ee in XmlInitUnknownEncodingNS ()
#14 0x08290da8 in XmlInitUnknownEncodingNS ()
#15 0x08294e4e in XmlInitUnknownEncodingNS ()
#16 0x08294ae1 in XmlInitUnknownEncodingNS ()
#17 0x082b7f63 in XmlInitUnknownEncodingNS ()
#18 0x0828ec3d in XmlInitUnknownEncodingNS ()
#19 0x0828eb4e in XmlInitUnknownEncodingNS ()
#20 0x0828e81b in XmlInitUnknownEncodingNS ()
#21 0x0828d49d in XmlInitUnknownEncodingNS ()
#22 0x0828c858 in XmlInitUnknownEncodingNS ()
#23 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#24 0x082936ee in XmlInitUnknownEncodingNS ()
#25 0x0828df7a in XmlInitUnknownEncodingNS ()
#26 0x0828d032 in XmlInitUnknownEncodingNS ()
#27 0x0828c858 in XmlInitUnknownEncodingNS ()
#28 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#29 0x082936ee in XmlInitUnknownEncodingNS ()
#30 0x0828df7a in XmlInitUnknownEncodingNS ()
#31 0x0828d032 in XmlInitUnknownEncodingNS ()
#32 0x0828c858 in XmlInitUnknownEncodingNS ()
#33 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#34 0x082936ee in XmlInitUnknownEncodingNS ()
#35 0x0828df7a in XmlInitUnknownEncodingNS ()
#36 0x0828d032 in XmlInitUnknownEncodingNS ()
#37 0x0828c858 in XmlInitUnknownEncodingNS ()
#38 0x0828b1d0 in XmlInitUnknownEncodingNS ()
#39 0x082993c5 in XmlInitUnknownEncodingNS ()
#40 0x082ab8a1 in XmlInitUnknownEncodingNS ()
#41 0x082993c5 in XmlInitUnknownEncodingNS ()
#42 0x082a6185 in XmlInitUnknownEncodingNS ()
#43 0x082a6347 in XmlInitUnknownEncodingNS ()
#44 0x082a6895 in XmlInitUnknownEncodingNS ()
#45 0x082993c5 in XmlInitUnknownEncodingNS ()
#46 0x082dc067 in XmlInitUnknownEncodingNS ()
#47 0x0827bd47 in XmlInitUnknownEncodingNS ()
#48 0x082850be in XmlInitUnknownEncodingNS ()
---Type <return> to continue, or q <return> to quit---
#49 0x08286058 in XmlInitUnknownEncodingNS ()
#50 0xb7e8a18f in PL_HandleEvent () from ./libxpcom_core.so
#51 0xb7e8a0e2 in PL_ProcessPendingEvents () from ./libxpcom_core.so
#52 0xb7e8b743 in nsEventQueueImpl::CheckForDeactivation ()
   from ./libxpcom_core.so
#53 0x0824bb04 in XmlInitUnknownEncodingNS ()
#54 0xb78e5c8d in g_io_unix_dispatch (source=0x9247828,
    callback=0x824baf4 <XmlInitUnknownEncodingNS+410508>, user_data=0x8b713f8)
    at giounix.c:162
#55 0xb78bc802 in IA__g_main_context_dispatch (context=0x8a6e210)
    at gmain.c:2045
#56 0xb78bf7df in g_main_context_iterate (context=0x8a6e210, block=1,
    dispatch=1, self=0x8e2da68) at gmain.c:2677
#57 0xb78bfb89 in IA__g_main_loop_run (loop=0x9247f20) at gmain.c:2881
#58 0xb7b99574 in IA__gtk_main () at gtkmain.c:1024
#59 0x0824bda8 in XmlInitUnknownEncodingNS ()
#60 0x086a5e68 in nsXPTCVariant::Init ()
#61 0x0807d26c in ?? ()
#62 0x08ec8e00 in ?? ()
#63 0x00000000 in ?? ()
(gdb)

Comment 9

11 years ago
you're missing symbols for firefox itself. that's kinda important.
(Reporter)

Comment 10

11 years ago
OK, so where do I download the version of Firefox which has debugging symbols? /usr/local/firefox, which you'll see is the one used above, is the one from mozilla.com.

Comment 11

11 years ago
mozilla.com doesn't offer one. you can build your own or try to find a distro which has one (I suspect ubuntu can actually provide you w/ symbols for an ubuntu version, but I don't really want to claim it can, I'm not a real ubuntu user and don't memorize such details).

http://developer.mozilla.org/en/docs/Build_and_Install

http://developer.mozilla.org/en/docs/Build_Documentation

something near there.
(Reporter)

Comment 12

11 years ago
Huh, and I thought I was doing the developers a favor by trying to reproduce the bug with the official build!

OK, here's the crash backtrace using Ubuntu's mozilla-dbg package:

$ firefox --debugger gdb
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run
Starting program: /usr/lib/firefox/firefox-bin -a firefox
[Thread debugging using libthread_db enabled]
[New Thread -1221211248 (LWP 26287)]
[New Thread -1223308384 (LWP 26397)]
[New Thread -1231938656 (LWP 26398)]
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 168
  Major opcode:  145
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
[New Thread -1266078816 (LWP 26706)]
[New Thread -1274684512 (LWP 26739)]
[New Thread -1284506720 (LWP 26740)]
[New Thread -1292899424 (LWP 26741)]
[New Thread -1302451296 (LWP 26744)]
[New Thread -1310844000 (LWP 26745)]
[New Thread -1320584288 (LWP 26748)]
[New Thread -1328976992 (LWP 26749)]
[Thread -1274684512 (LWP 26739) exited]
[New Thread -1274684512 (LWP 26818)]
[New Thread -1340818528 (LWP 26819)]
[Thread -1274684512 (LWP 26818) exited]
[Thread -1340818528 (LWP 26819) exited]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1221211248 (LWP 26287)]
0xb493eb9c in nsFontMetricsXft::CacheFontMetrics (this=0x9b141a0)
    at nsFontMetricsXft.cpp:848
848     nsFontMetricsXft.cpp: No such file or directory.
        in nsFontMetricsXft.cpp
(gdb) bt
#0  0xb493eb9c in nsFontMetricsXft::CacheFontMetrics (this=0x9b141a0)
    at nsFontMetricsXft.cpp:848
#1  0xb493f431 in nsFontMetricsXft::RealizeFont (this=0x9b141a0)
    at nsFontMetricsXft.cpp:795
#2  0xb493f769 in nsFontMetricsXft::Init (this=0x9b141a0, aFont=@0x9cb4424,
    aLangGroup=0x870b978, aContext=0x8f625a8) at nsFontMetricsXft.cpp:445
#3  0xb71835c6 in nsFontCache::GetMetricsFor (this=0x9403ab8,
    aFont=@0x9cb4424, aLangGroup=0x870b978, aMetrics=@0xbf91ed24)
    at nsDeviceContext.cpp:631
#4  0xb7182a55 in DeviceContextImpl::GetMetricsFor (this=0x8f625a8,
    aFont=@0x9cb4424, aLangGroup=0x870b978, aMetrics=@0xbf91ed24)
    at nsDeviceContext.cpp:320
#5  0xb5c9fa1c in nsHTMLReflowState::CalcLineHeight (aPresContext=0x9b412f0,
    aRenderingContext=0x9b6f460, aFrame=0x9d54f98)
    at nsHTMLReflowState.cpp:2259
#6  0xb5c80ff9 in nsBlockReflowState (this=0xbf91eddc,
    aReflowState=@0xbf91f19c, aPresContext=0x9b412f0, aFrame=0x9d54f98,
    aMetrics=@0xbf91f298, aTopMarginRoot=0, aBottomMarginRoot=0)
    at nsBlockReflowState.cpp:166
#7  0xb5c7de48 in nsBlockFrame::Reflow (this=0x9d54f98,
    aPresContext=0x9b412f0, aMetrics=@0xbf91f298, aReflowState=@0xbf91f19c,
    aStatus=@0xbf91f33c) at nsBlockFrame.cpp:770
#8  0xb5c7f574 in nsBlockReflowContext::ReflowBlock (this=0xbf91f254,
    aSpace=@0xbf91f310, aApplyTopMargin=1, aPrevMargin=@0xbf91f5e0,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbf91f300,
    aFrameRS=@0xbf91f19c, aFrameReflowStatus=@0xbf91f33c)
    at nsBlockReflowContext.cpp:605
#9  0xb5c7b9ef in nsBlockFrame::ReflowBlockFrame (this=0x9d47820,
    aState=@0xbf91f57c, aLine={mCurrent = 0x9d6f9f0},
    aKeepReflowGoing=0xbf91f4f8) at nsBlockFrame.cpp:3492
#10 0xb5c7c44b in nsBlockFrame::ReflowLine (this=0x9d47820,
    aState=@0xbf91f57c, aLine={mCurrent = 0x9d6f9f0}, aTryPull=1,
    aKeepReflowGoing=0xbf91f4f8, aDamageDirtyArea=0) at nsBlockFrame.cpp:2651
#11 0xb5c7cc55 in nsBlockFrame::ReflowDirtyLines (this=0x9d47820,
    aState=@0xbf91f57c, aTryPull=1) at nsBlockFrame.cpp:2301
#12 0xb5c7df07 in nsBlockFrame::Reflow (this=0x9d47820,
    aPresContext=0x9b412f0, aMetrics=@0xbf91f9f4, aReflowState=@0xbf91f8f8,
    aStatus=@0xbf91fde8) at nsBlockFrame.cpp:903
#13 0xb5c7f574 in nsBlockReflowContext::ReflowBlock (this=0xbf91f9b0,
    aSpace=@0xbf91fa4c, aApplyTopMargin=1, aPrevMargin=@0xbf91fa5c,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0x97a1c20,
    aFrameRS=@0xbf91f8f8, aFrameReflowStatus=@0xbf91fde8)
    at nsBlockReflowContext.cpp:605
#14 0xb5c77ddf in nsBlockFrame::ReflowFloat (this=0x9d4766c,
    aState=@0xbf92015c, aPlaceholder=0x9d47870, aFloatCache=0x97a1c08,
    aReflowStatus=@0xbf91fde8) at nsBlockFrame.cpp:6029
#15 0xb5c7fdce in nsBlockReflowState::FlowAndPlaceFloat (this=0xbf92015c,
    aFloatCache=0x97a1c08, aIsLeftFloat=0xbf91fc18, aReflowStatus=@0xbf91fde8,
    aForceFit=1) at nsBlockReflowState.cpp:850
#16 0xb5c80433 in nsBlockReflowState::AddFloat (this=0xbf92015c,
    aLineLayout=@0xbf91fea0, aPlaceholder=0x9d47870, aInitialReflow=0,
    aReflowStatus=@0xbf91fde8) at nsBlockReflowState.cpp:634
#17 0xb5cb0567 in nsLineLayout::ReflowFrame (this=0xbf91fea0,
    aFrame=0x9d47870, aReflowStatus=@0xbf91fde8, aMetrics=0x0,
    aPushedFrame=@0xbf91fde4) at nsLineLayout.h:260
#18 0xb5c7abe5 in nsBlockFrame::ReflowInlineFrame (this=0x9d4766c,
    aState=@0xbf92015c, aLineLayout=@0xbf91fea0, aLine={mCurrent = 0x9d91a34},
    aFrame=0x9d47870, aLineReflowStatus=0xbf91fe4b "") at nsBlockFrame.cpp:4058
#19 0xb5c7b243 in nsBlockFrame::DoReflowInlineFrames (this=0x9d4766c,
    aState=@0xbf92015c, aLineLayout=@0xbf91fea0, aLine={mCurrent = 0x9d91a34},
    aKeepReflowGoing=0xbf9200d8,
    aLineReflowStatus=0xbf91ff2b "\002�L\020�4\032�\t\\\001\222�\030",
    aUpdateMaximumWidth=0, aDamageDirtyArea=0, aAllowPullUp=1)
    at nsBlockFrame.cpp:3897
#20 0xb5c7b5d6 in nsBlockFrame::ReflowInlineFrames (this=0x9d4766c,
    aState=@0xbf92015c, aLine={mCurrent = 0x9d91a34}, aTryPull=1,
    aKeepReflowGoing=0xbf9200d8, aDamageDirtyArea=0, aUpdateMaximumWidth=0)
    at nsBlockFrame.cpp:3778
#21 0xb5c7c593 in nsBlockFrame::ReflowLine (this=0x9d4766c,
    aState=@0xbf92015c, aLine={mCurrent = 0x9d91a34}, aTryPull=1,
    aKeepReflowGoing=0xbf9200d8, aDamageDirtyArea=0) at nsBlockFrame.cpp:2771
#22 0xb5c7cc55 in nsBlockFrame::ReflowDirtyLines (this=0x9d4766c,
    aState=@0xbf92015c, aTryPull=1) at nsBlockFrame.cpp:2301
#23 0xb5c7df07 in nsBlockFrame::Reflow (this=0x9d4766c,
    aPresContext=0x9b412f0, aMetrics=@0xbf920618, aReflowState=@0xbf92051c,
    aStatus=@0xbf9206bc) at nsBlockFrame.cpp:903
#24 0xb5c7f574 in nsBlockReflowContext::ReflowBlock (this=0xbf9205d4,
    aSpace=@0xbf920690, aApplyTopMargin=1, aPrevMargin=@0xbf920960,
    aClearance=0, aIsAdjacentWithTop=0, aComputedOffsets=@0xbf920680,
    aFrameRS=@0xbf92051c, aFrameReflowStatus=@0xbf9206bc)
    at nsBlockReflowContext.cpp:605
#25 0xb5c7b9ef in nsBlockFrame::ReflowBlockFrame (this=0x9d0afec,
    aState=@0xbf9208fc, aLine={mCurrent = 0x9d91bb4},
    aKeepReflowGoing=0xbf920878) at nsBlockFrame.cpp:3492
#26 0xb5c7c44b in nsBlockFrame::ReflowLine (this=0x9d0afec,
    aState=@0xbf9208fc, aLine={mCurrent = 0x9d91bb4}, aTryPull=1,
    aKeepReflowGoing=0xbf920878, aDamageDirtyArea=0) at nsBlockFrame.cpp:2651
#27 0xb5c7cc55 in nsBlockFrame::ReflowDirtyLines (this=0x9d0afec,
    aState=@0xbf9208fc, aTryPull=1) at nsBlockFrame.cpp:2301
#28 0xb5c7df07 in nsBlockFrame::Reflow (this=0x9d0afec,
    aPresContext=0x9b412f0, aMetrics=@0xbf920db8, aReflowState=@0xbf920cbc,
    aStatus=@0xbf920e5c) at nsBlockFrame.cpp:903
#29 0xb5c7f574 in nsBlockReflowContext::ReflowBlock (this=0xbf920d74,
    aSpace=@0xbf920e30, aApplyTopMargin=0, aPrevMargin=@0xbf921100,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbf920e20,
    aFrameRS=@0xbf920cbc, aFrameReflowStatus=@0xbf920e5c)
    at nsBlockReflowContext.cpp:605
#30 0xb5c7b9ef in nsBlockFrame::ReflowBlockFrame (this=0x9d0a128,
    aState=@0xbf92109c, aLine={mCurrent = 0x9d91c14},
    aKeepReflowGoing=0xbf921018) at nsBlockFrame.cpp:3492
#31 0xb5c7c44b in nsBlockFrame::ReflowLine (this=0x9d0a128,
    aState=@0xbf92109c, aLine={mCurrent = 0x9d91c14}, aTryPull=1,
    aKeepReflowGoing=0xbf921018, aDamageDirtyArea=1) at nsBlockFrame.cpp:2651
#32 0xb5c7cc55 in nsBlockFrame::ReflowDirtyLines (this=0x9d0a128,
    aState=@0xbf92109c, aTryPull=1) at nsBlockFrame.cpp:2301
#33 0xb5c7df07 in nsBlockFrame::Reflow (this=0x9d0a128,
    aPresContext=0x9b412f0, aMetrics=@0xbf921558, aReflowState=@0xbf92145c,
    aStatus=@0xbf9215fc) at nsBlockFrame.cpp:903
#34 0xb5c7f574 in nsBlockReflowContext::ReflowBlock (this=0xbf921514,
    aSpace=@0xbf9215d0, aApplyTopMargin=1, aPrevMargin=@0xbf9218a0,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbf9215c0,
    aFrameRS=@0xbf92145c, aFrameReflowStatus=@0xbf9215fc)
    at nsBlockReflowContext.cpp:605
#35 0xb5c7b9ef in nsBlockFrame::ReflowBlockFrame (this=0x9d09f7c,
    aState=@0xbf92183c, aLine={mCurrent = 0x9d0a18c},
    aKeepReflowGoing=0xbf9217b8) at nsBlockFrame.cpp:3492
#36 0xb5c7c44b in nsBlockFrame::ReflowLine (this=0x9d09f7c,
    aState=@0xbf92183c, aLine={mCurrent = 0x9d0a18c}, aTryPull=1,
    aKeepReflowGoing=0xbf9217b8, aDamageDirtyArea=1) at nsBlockFrame.cpp:2651
#37 0xb5c7cc55 in nsBlockFrame::ReflowDirtyLines (this=0x9d09f7c,
    aState=@0xbf92183c, aTryPull=1) at nsBlockFrame.cpp:2301
#38 0xb5c7df07 in nsBlockFrame::Reflow (this=0x9d09f7c,
    aPresContext=0x9b412f0, aMetrics=@0xbf921b68, aReflowState=@0xbf921ab0,
    aStatus=@0xbf921d28) at nsBlockFrame.cpp:903
#39 0xb5c857e0 in nsContainerFrame::ReflowChild (this=0x9af49f0,
    aKidFrame=0x9d09f7c, aPresContext=0x9b412f0, aDesiredSize=@0xbf921b68,
    aReflowState=@0xbf921ab0, aX=0, aY=0, aFlags=0, aStatus=@0xbf921d28)
    at nsContainerFrame.cpp:905
#40 0xb5c9e8a2 in CanvasFrame::Reflow (this=0x9af49f0, aPresContext=0x9b412f0,
    aDesiredSize=@0xbf921dbc, aReflowState=@0xbf921c48, aStatus=@0xbf921d28)
    at nsHTMLFrame.cpp:531
#41 0xb5c857e0 in nsContainerFrame::ReflowChild (this=0x9af4b38,
    aKidFrame=0x9af49f0, aPresContext=0x9b412f0, aDesiredSize=@0xbf921dbc,
    aReflowState=@0xbf921c48, aX=0, aY=0, aFlags=1, aStatus=@0xbf921d28)
    at nsContainerFrame.cpp:905
#42 0xb5c989b3 in nsHTMLScrollFrame::ReflowScrolledFrame (this=0x9af4b38,
    aState=@0xbf921e8c, aAssumeHScroll=<value optimized out>,
    aAssumeVScroll=0, aMetrics=0xbf921dbc, aFirstPass=1)
    at nsGfxScrollFrame.cpp:515
#43 0xb5c9b5ed in nsHTMLScrollFrame::ReflowContents (this=0x9af4b38,
    aState=0xbf921e8c, aDesiredSize=@0xbf922168) at nsGfxScrollFrame.cpp:570
#44 0xb5c9badc in nsHTMLScrollFrame::Reflow (this=0x9af4b38,
    aPresContext=0x9b412f0, aDesiredSize=@0xbf922168,
    aReflowState=@0xbf921ff8, aStatus=@0xbf9222e8) at nsGfxScrollFrame.cpp:768
#45 0xb5c857e0 in nsContainerFrame::ReflowChild (this=0x9af4960,
    aKidFrame=0x9af4b38, aPresContext=0x9b412f0, aDesiredSize=@0xbf922168,
    aReflowState=@0xbf921ff8, aX=0, aY=0, aFlags=0, aStatus=@0xbf9222e8)
    at nsContainerFrame.cpp:905
#46 0xb5cdef8a in ViewportFrame::Reflow (this=0x9af4960,
    aPresContext=0x9b412f0, aDesiredSize=@0xbf922340,
    aReflowState=@0xbf922228, aStatus=@0xbf9222e8) at nsViewportFrame.cpp:239
#47 0xb5c5fb6d in IncrementalReflow::Dispatch (this=0xbf922398,
    aPresContext=0x9b412f0, aDesiredSize=@0xbf922340, aMaxSize=@0xbf92238c,
    aRendContext=@0x9b6f460) at nsPresShell.cpp:906
#48 0xb5c69176 in PresShell::ProcessReflowCommands (this=0x9c3a1a0,
    aInterruptible=1) at nsPresShell.cpp:6924
#49 0xb5c69302 in HandlePLEvent (aEvent=0x9b02a60) at nsPresShell.cpp:6753
#50 0xb7e18a57 in PL_HandleEvent (self=0x9b02a60) at plevent.c:688
#51 0xb7e18d6b in PL_ProcessPendingEvents (self=0x81143e0) at plevent.c:623
#52 0xb7e1acbe in nsEventQueueImpl::ProcessPendingEvents (this=0x81143b8)
    at nsEventQueue.cpp:417
#53 0xb5a87785 in event_processor_callback (source=0x87b02f0,
    condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67
#54 0xb7573c8d in g_io_unix_dispatch (source=0x8615460,
    callback=0xb5a87770 <event_processor_callback>, user_data=0x81143b8)
    at giounix.c:162
#55 0xb754a802 in IA__g_main_context_dispatch (context=0x8074798)
    at gmain.c:2045
#56 0xb754d7df in g_main_context_iterate (context=0x8074798, block=1,
    dispatch=1, self=0x83ab948) at gmain.c:2677
#57 0xb754db89 in IA__g_main_loop_run (loop=0x855cd58) at gmain.c:2881
#58 0xb7b33574 in IA__gtk_main () at gtkmain.c:1024
#59 0xb5a87be2 in nsAppShell::Run (this=0x83a0d70) at nsAppShell.cpp:139
#60 0xb5114cb2 in nsAppStartup::Run (this=0x8447fc0) at nsAppStartup.cpp:151
#61 0x0804f891 in XRE_main (argc=3, argv=0xbf922ac4, aAppData=0x805a020)
    at nsAppRunner.cpp:2695
#62 0x0804ab4f in main (argc=Cannot access memory at address 0x0
) at nsBrowserApp.cpp:61
#63 0xb76b08cc in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#64 0x0804aa81 in _start ()
(gdb)     
(In reply to comment #12)
> Huh, and I thought I was doing the developers a favor by trying to reproduce
> the bug with the official build!

Yes you are. Normally you can send crash data using QFA (Talkback),
it's only in rare occassions like this where QFA fails that we need
to get the stack from a debug build.  Generally tough, official builds
are preferred for bug triage.  Thanks for providing the stack trace!
Component: General → GFX: Gtk
Keywords: stackwanted
Product: Firefox → Core
QA Contact: general → gtk
Summary: Firefox crash on visiting wellsfargo.com → Firefox crash on visiting wellsfargo.com [@ nsFontMetricsXft::CacheFontMetrics]
Version: unspecified → 1.8 Branch
Looks like a div-by-zero on line 848 (or possibly 857):
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/gfx/src/gtk/nsFontMetricsXft.cpp&rev=MOZILLA_1_8_BRANCH&root=/cvsroot&mark=848,857#806

Could you crash it again and then type the following commands in gdb:
info locals
print *xftFont

that should give us the necessary info for a fix I think.
(Actually, I have a vague feeling I've seen this bug before and that I
have a patch for it laying around somewhere...)
Bug 279032, IIRC I started on a fix that also included other GFX platforms
that would set all metrics to zero as roc suggested in bug 279032 comment 17
but the patch sort of grew and I never finished it, I should still have
it around somewhere.  At the time, my impression was that the crash
would only occur for "bogus" fonts so it had low priority.
Depends on: 279032
Mathew, do you have the info requested in comment 14?
Any info regarding the font that triggers the crash is also welcome.
(Reporter)

Comment 17

11 years ago
There's been a new point release of Firefox from Ubuntu, so here's everything again, including the comment 14 stuff.

$ firefox -g gdb -d
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) run
Starting program: /usr/lib/firefox/firefox-bin gdb -d -a firefox
[Thread debugging using libthread_db enabled]
[New Thread -1220809888 (LWP 11958)]
[New Thread -1223099504 (LWP 11961)]
[New Thread -1231725680 (LWP 11962)]
[New Thread -1266914416 (LWP 11967)]
[New Thread -1275520112 (LWP 11968)]
[New Thread -1285141616 (LWP 11969)]
[New Thread -1295107184 (LWP 11970)]
[New Thread -1303499888 (LWP 11971)]
[New Thread -1312683120 (LWP 11973)]
[New Thread -1321075824 (LWP 11974)]
[New Thread -1329468528 (LWP 11975)]
[Thread -1275520112 (LWP 11968) exited]
[New Thread -1275520112 (LWP 11976)]
[Thread -1275520112 (LWP 11976) exited]
[New Thread -1340187760 (LWP 11977)]
[Thread -1340187760 (LWP 11977) exited]
[New Thread -1340187760 (LWP 11978)]
[New Thread -1275520112 (LWP 11980)]
[New Thread -1349825648 (LWP 11981)]
[New Thread -1358218352 (LWP 11982)]
[Thread -1358218352 (LWP 11982) exited]
[New Thread -1366611056 (LWP 11983)]
[Thread -1366611056 (LWP 11983) exited]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1220809888 (LWP 11958)]
0xb4876acc in nsFontMetricsXft::CacheFontMetrics (this=0x9d9e388)
    at nsFontMetricsXft.cpp:848
848     nsFontMetricsXft.cpp: No such file or directory.
        in nsFontMetricsXft.cpp
(gdb) bt
#0  0xb4876acc in nsFontMetricsXft::CacheFontMetrics (this=0x9d9e388)
    at nsFontMetricsXft.cpp:848
#1  0xb4877361 in nsFontMetricsXft::RealizeFont (this=0x9d9e388)
    at nsFontMetricsXft.cpp:795
#2  0xb4877699 in nsFontMetricsXft::Init (this=0x9d9e388, aFont=@0x9d8236c,
    aLangGroup=0x817a7e8, aContext=0x8f37018) at nsFontMetricsXft.cpp:445
#3  0xb71b7f76 in nsFontCache::GetMetricsFor (this=0x9446728,
    aFont=@0x9d8236c, aLangGroup=0x817a7e8, aMetrics=@0xbfcbf0b4)
    at nsDeviceContext.cpp:631
#4  0xb71b7405 in DeviceContextImpl::GetMetricsFor (this=0x8f37018,
    aFont=@0x9d8236c, aLangGroup=0x817a7e8, aMetrics=@0xbfcbf0b4)
    at nsDeviceContext.cpp:320
#5  0xb5cd2e4c in nsHTMLReflowState::CalcLineHeight (aPresContext=0x81263c8,
    aRenderingContext=0x9d03c10, aFrame=0x9dc60e8)
    at nsHTMLReflowState.cpp:2259
#6  0xb5cb41c9 in nsBlockReflowState (this=0xbfcbf16c,
    aReflowState=@0xbfcbf52c, aPresContext=0x81263c8, aFrame=0x9dc60e8,
    aMetrics=@0xbfcbf628, aTopMarginRoot=0, aBottomMarginRoot=0)
    at nsBlockReflowState.cpp:166
#7  0xb5cb1018 in nsBlockFrame::Reflow (this=0x9dc60e8,
    aPresContext=0x81263c8, aMetrics=@0xbfcbf628, aReflowState=@0xbfcbf52c,
    aStatus=@0xbfcbf6cc) at nsBlockFrame.cpp:770
#8  0xb5cb2744 in nsBlockReflowContext::ReflowBlock (this=0xbfcbf5e4,
    aSpace=@0xbfcbf6a0, aApplyTopMargin=1, aPrevMargin=@0xbfcbf970,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfcbf690,
    aFrameRS=@0xbfcbf52c, aFrameReflowStatus=@0xbfcbf6cc)
    at nsBlockReflowContext.cpp:605
#9  0xb5caebbf in nsBlockFrame::ReflowBlockFrame (this=0x9dc5e30,
    aState=@0xbfcbf90c, aLine={mCurrent = 0x9dfc830},
    aKeepReflowGoing=0xbfcbf888) at nsBlockFrame.cpp:3492
#10 0xb5caf61b in nsBlockFrame::ReflowLine (this=0x9dc5e30,
    aState=@0xbfcbf90c, aLine={mCurrent = 0x9dfc830}, aTryPull=1,
    aKeepReflowGoing=0xbfcbf888, aDamageDirtyArea=0) at nsBlockFrame.cpp:2651
#11 0xb5cafe25 in nsBlockFrame::ReflowDirtyLines (this=0x9dc5e30,
    aState=@0xbfcbf90c, aTryPull=1) at nsBlockFrame.cpp:2301
#12 0xb5cb10d7 in nsBlockFrame::Reflow (this=0x9dc5e30,
    aPresContext=0x81263c8, aMetrics=@0xbfcbfd84, aReflowState=@0xbfcbfc88,
    aStatus=@0xbfcc0178) at nsBlockFrame.cpp:903
#13 0xb5cb2744 in nsBlockReflowContext::ReflowBlock (this=0xbfcbfd40,
    aSpace=@0xbfcbfddc, aApplyTopMargin=1, aPrevMargin=@0xbfcbfdec,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0x9d9ed88,
    aFrameRS=@0xbfcbfc88, aFrameReflowStatus=@0xbfcc0178)
    at nsBlockReflowContext.cpp:605
#14 0xb5caafaf in nsBlockFrame::ReflowFloat (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aPlaceholder=0x9dc5e80, aFloatCache=0x9d9ed70,
    aReflowStatus=@0xbfcc0178) at nsBlockFrame.cpp:6029
#15 0xb5cb2f9e in nsBlockReflowState::FlowAndPlaceFloat (this=0xbfcc04ec,
    aFloatCache=0x9d9ed70, aIsLeftFloat=0xbfcbffa8, aReflowStatus=@0xbfcc0178,
    aForceFit=1) at nsBlockReflowState.cpp:850
#16 0xb5cb3603 in nsBlockReflowState::AddFloat (this=0xbfcc04ec,
    aLineLayout=@0xbfcc0230, aPlaceholder=0x9dc5e80, aInitialReflow=0,
    aReflowStatus=@0xbfcc0178) at nsBlockReflowState.cpp:634
#17 0xb5ce3997 in nsLineLayout::ReflowFrame (this=0xbfcc0230,
    aFrame=0x9dc5e80, aReflowStatus=@0xbfcc0178, aMetrics=0x0,
    aPushedFrame=@0xbfcc0174) at nsLineLayout.h:260
#18 0xb5caddb5 in nsBlockFrame::ReflowInlineFrame (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aLineLayout=@0xbfcc0230, aLine={mCurrent = 0x9e252b8},
    aFrame=0x9dc5e80, aLineReflowStatus=0xbfcc01db "") at nsBlockFrame.cpp:4058
#19 0xb5cae413 in nsBlockFrame::DoReflowInlineFrames (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aLineLayout=@0xbfcc0230, aLine={mCurrent = 0x9e252b8},
    aKeepReflowGoing=0xbfcc0468,
    aLineReflowStatus=0xbfcc02bb "\002�\214\023��R�\t�\004�\003c�ʵ|\\�\t�\004�R�\t\001", aUpdateMaximumWidth=0, aDamageDirtyArea=0, aAllowPullUp=1)
    at nsBlockFrame.cpp:3897
#20 0xb5cae7a6 in nsBlockFrame::ReflowInlineFrames (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aLine={mCurrent = 0x9e252b8}, aTryPull=1,
    aKeepReflowGoing=0xbfcc0468, aDamageDirtyArea=0, aUpdateMaximumWidth=0)
    at nsBlockFrame.cpp:3778
#21 0xb5caf763 in nsBlockFrame::ReflowLine (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aLine={mCurrent = 0x9e252b8}, aTryPull=1,
    aKeepReflowGoing=0xbfcc0468, aDamageDirtyArea=0) at nsBlockFrame.cpp:2771
#22 0xb5cafe25 in nsBlockFrame::ReflowDirtyLines (this=0x9dc5c7c,
    aState=@0xbfcc04ec, aTryPull=1) at nsBlockFrame.cpp:2301
#23 0xb5cb10d7 in nsBlockFrame::Reflow (this=0x9dc5c7c,
    aPresContext=0x81263c8, aMetrics=@0xbfcc09a8, aReflowState=@0xbfcc08ac,
    aStatus=@0xbfcc0a4c) at nsBlockFrame.cpp:903
#24 0xb5cb2744 in nsBlockReflowContext::ReflowBlock (this=0xbfcc0964,
    aSpace=@0xbfcc0a20, aApplyTopMargin=1, aPrevMargin=@0xbfcc0cf0,
    aClearance=0, aIsAdjacentWithTop=0, aComputedOffsets=@0xbfcc0a10,
    aFrameRS=@0xbfcc08ac, aFrameReflowStatus=@0xbfcc0a4c)
    at nsBlockReflowContext.cpp:605
#25 0xb5caebbf in nsBlockFrame::ReflowBlockFrame (this=0x9d91bbc,
    aState=@0xbfcc0c8c, aLine={mCurrent = 0x9e25438},
    aKeepReflowGoing=0xbfcc0c08) at nsBlockFrame.cpp:3492
#26 0xb5caf61b in nsBlockFrame::ReflowLine (this=0x9d91bbc,
    aState=@0xbfcc0c8c, aLine={mCurrent = 0x9e25438}, aTryPull=1,
    aKeepReflowGoing=0xbfcc0c08, aDamageDirtyArea=0) at nsBlockFrame.cpp:2651
#27 0xb5cafe25 in nsBlockFrame::ReflowDirtyLines (this=0x9d91bbc,
    aState=@0xbfcc0c8c, aTryPull=1) at nsBlockFrame.cpp:2301
#28 0xb5cb10d7 in nsBlockFrame::Reflow (this=0x9d91bbc,
    aPresContext=0x81263c8, aMetrics=@0xbfcc1148, aReflowState=@0xbfcc104c,
    aStatus=@0xbfcc11ec) at nsBlockFrame.cpp:903
#29 0xb5cb2744 in nsBlockReflowContext::ReflowBlock (this=0xbfcc1104,
    aSpace=@0xbfcc11c0, aApplyTopMargin=0, aPrevMargin=@0xbfcc1490,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfcc11b0,
    aFrameRS=@0xbfcc104c, aFrameReflowStatus=@0xbfcc11ec)
    at nsBlockReflowContext.cpp:605
#30 0xb5caebbf in nsBlockFrame::ReflowBlockFrame (this=0x9d4e7f0,
    aState=@0xbfcc142c, aLine={mCurrent = 0x9e25498},
    aKeepReflowGoing=0xbfcc13a8) at nsBlockFrame.cpp:3492
#31 0xb5caf61b in nsBlockFrame::ReflowLine (this=0x9d4e7f0,
    aState=@0xbfcc142c, aLine={mCurrent = 0x9e25498}, aTryPull=1,
    aKeepReflowGoing=0xbfcc13a8, aDamageDirtyArea=1) at nsBlockFrame.cpp:2651
#32 0xb5cafe25 in nsBlockFrame::ReflowDirtyLines (this=0x9d4e7f0,
    aState=@0xbfcc142c, aTryPull=1) at nsBlockFrame.cpp:2301
#33 0xb5cb10d7 in nsBlockFrame::Reflow (this=0x9d4e7f0,
    aPresContext=0x81263c8, aMetrics=@0xbfcc18e8, aReflowState=@0xbfcc17ec,
    aStatus=@0xbfcc198c) at nsBlockFrame.cpp:903
#34 0xb5cb2744 in nsBlockReflowContext::ReflowBlock (this=0xbfcc18a4,
    aSpace=@0xbfcc1960, aApplyTopMargin=1, aPrevMargin=@0xbfcc1c30,
    aClearance=0, aIsAdjacentWithTop=1, aComputedOffsets=@0xbfcc1950,
    aFrameRS=@0xbfcc17ec, aFrameReflowStatus=@0xbfcc198c)
    at nsBlockReflowContext.cpp:605
#35 0xb5caebbf in nsBlockFrame::ReflowBlockFrame (this=0x9d4e644,
    aState=@0xbfcc1bcc, aLine={mCurrent = 0x9d4e854},
    aKeepReflowGoing=0xbfcc1b48) at nsBlockFrame.cpp:3492
#36 0xb5caf61b in nsBlockFrame::ReflowLine (this=0x9d4e644,
    aState=@0xbfcc1bcc, aLine={mCurrent = 0x9d4e854}, aTryPull=1,
    aKeepReflowGoing=0xbfcc1b48, aDamageDirtyArea=1) at nsBlockFrame.cpp:2651
#37 0xb5cafe25 in nsBlockFrame::ReflowDirtyLines (this=0x9d4e644,
    aState=@0xbfcc1bcc, aTryPull=1) at nsBlockFrame.cpp:2301
#38 0xb5cb10d7 in nsBlockFrame::Reflow (this=0x9d4e644,
    aPresContext=0x81263c8, aMetrics=@0xbfcc1ef8, aReflowState=@0xbfcc1e40,
    aStatus=@0xbfcc20b8) at nsBlockFrame.cpp:903
#39 0xb5cb89b0 in nsContainerFrame::ReflowChild (this=0x97ca018,
    aKidFrame=0x9d4e644, aPresContext=0x81263c8, aDesiredSize=@0xbfcc1ef8,
    aReflowState=@0xbfcc1e40, aX=0, aY=0, aFlags=0, aStatus=@0xbfcc20b8)
    at nsContainerFrame.cpp:905
#40 0xb5cd1cd2 in CanvasFrame::Reflow (this=0x97ca018, aPresContext=0x81263c8,
    aDesiredSize=@0xbfcc214c, aReflowState=@0xbfcc1fd8, aStatus=@0xbfcc20b8)
    at nsHTMLFrame.cpp:531
#41 0xb5cb89b0 in nsContainerFrame::ReflowChild (this=0x97ca160,
    aKidFrame=0x97ca018, aPresContext=0x81263c8, aDesiredSize=@0xbfcc214c,
    aReflowState=@0xbfcc1fd8, aX=0, aY=0, aFlags=1, aStatus=@0xbfcc20b8)
    at nsContainerFrame.cpp:905
#42 0xb5ccbd03 in nsHTMLScrollFrame::ReflowScrolledFrame (this=0x97ca160,
    aState=@0xbfcc221c, aAssumeHScroll=<value optimized out>,
    aAssumeVScroll=0, aMetrics=0xbfcc214c, aFirstPass=1)
    at nsGfxScrollFrame.cpp:515
#43 0xb5ccea1d in nsHTMLScrollFrame::ReflowContents (this=0x97ca160,
    aState=0xbfcc221c, aDesiredSize=@0xbfcc24f8) at nsGfxScrollFrame.cpp:570
#44 0xb5ccef0c in nsHTMLScrollFrame::Reflow (this=0x97ca160,
    aPresContext=0x81263c8, aDesiredSize=@0xbfcc24f8,
    aReflowState=@0xbfcc2388, aStatus=@0xbfcc2678) at nsGfxScrollFrame.cpp:768
#45 0xb5cb89b0 in nsContainerFrame::ReflowChild (this=0x97c9f88,
    aKidFrame=0x97ca160, aPresContext=0x81263c8, aDesiredSize=@0xbfcc24f8,
    aReflowState=@0xbfcc2388, aX=0, aY=0, aFlags=0, aStatus=@0xbfcc2678)
    at nsContainerFrame.cpp:905
#46 0xb5d123ba in ViewportFrame::Reflow (this=0x97c9f88,
    aPresContext=0x81263c8, aDesiredSize=@0xbfcc26d0,
    aReflowState=@0xbfcc25b8, aStatus=@0xbfcc2678) at nsViewportFrame.cpp:239
#47 0xb5c92f5d in IncrementalReflow::Dispatch (this=0xbfcc2728,
    aPresContext=0x81263c8, aDesiredSize=@0xbfcc26d0, aMaxSize=@0xbfcc271c,
    aRendContext=@0x9d03c10) at nsPresShell.cpp:907
#48 0xb5c9bdc6 in PresShell::ProcessReflowCommands (this=0x99c03d0,
    aInterruptible=1) at nsPresShell.cpp:6943
#49 0xb5c9bf52 in HandlePLEvent (aEvent=0x9053f48) at nsPresShell.cpp:6772
#50 0xb7ee3417 in PL_HandleEvent (self=0x9053f48) at plevent.c:688
#51 0xb7ee372b in PL_ProcessPendingEvents (self=0x811aef0) at plevent.c:623
#52 0xb7ee567e in nsEventQueueImpl::ProcessPendingEvents (this=0x811aeb8)
    at nsEventQueue.cpp:417
#53 0xb5aa86c5 in event_processor_callback (source=0x869dab0,
    condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67
#54 0xb75e240d in ?? () from /usr/lib/libglib-2.0.so.0
#55 0x0869dab0 in ?? ()
#56 0x00000001 in ?? ()
#57 0x0811aeb8 in ?? ()
#58 0xb761f748 in ?? () from /usr/lib/libglib-2.0.so.0
#59 0xb7e19be0 in ?? () from /lib/tls/i686/cmov/libpthread.so.0
#60 0x0877f708 in ?? ()
#61 0xbfcc28a8 in ?? ()
#62 0xb75b8df2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
Backtrace stopped: frame did not save the PC
(gdb) info locals
f = 12
val = 0
xftFont = (XftFont *) 0x9cda2b8
face = (FT_Face) 0x9d7bd08
size = 16
lineHeight = 0
rawWidth = <value optimized out>
unispace = <value optimized out>
xUnichar = <value optimized out>
(gdb) print *xftFont
$1 = {ascent = 0, descent = 0, height = 2, max_advance_width = 22,
  charset = 0xb5b7f3b0, pattern = 0x9d9c678}
(gdb)
We crash on line 848 dividing with a zero lineHeight, which is caused
by xftFont->ascent = 0 and xftFont->descent = 0.

This is a weird font... any chance you could figure out some more info
on it, like it's name and where it came from?
I think the following gdb commands could give the name:
print *this
print *face
print *face->family_name
print *face->style_name

Would be good if I could download and install it from somewhere...
(Reporter)

Comment 19

11 years ago
Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1221285024 (LWP 16928)]
0xb4cd9acc in nsFontMetricsXft::CacheFontMetrics (this=0x9db6250)
    at nsFontMetricsXft.cpp:848
848     nsFontMetricsXft.cpp: No such file or directory.
        in nsFontMetricsXft.cpp
(gdb) print *this
$1 = {<nsIFontMetricsGTK> = {<nsIFontMetrics> = {<nsISupports> = {
        _vptr.nsISupports = 0xb4cec3e8}, mFont = {
        name = {<nsSubstring> = {<nsAString_internal> = {mVTable = 0xb7ea4028,
              mData = 0x9db61f0, mLength = 33,
              mFlags = 5}, <No data fields>}, <No data fields>}, style = 0,
        systemFont = 0, variant = 0 '\0', familyNameQuirks = 0 '\0',
        weight = 700, decorations = 0 '\0', size = 202,
        sizeAdjust = 0}}, <No data fields>}, mRefCnt = {mValue = 1},
  mFontList = {<nsVoidArray> = {_vptr.nsVoidArray = 0xb7ea0ae8,
      mImpl = 0x9db63c8}, <No data fields>},
  mFontIsGeneric = {<nsVoidArray> = {_vptr.nsVoidArray = 0xb7ea0b28,
      mImpl = 0x9db6288},
    mAutoBuf = "\b\000\000\000\004", '\0' <repeats 15 times>, "\001", '\0' <repeats 18 times>}, mDeviceContext = 0x9422a10, mLangGroup = {<nsCOMPtr_base> = {
      mRawPtr = 0x823e1a8}, <No data fields>}, mGenericFont = 0x9db6458,
  mPixelSize = 16.833334,
  mDefaultFont = {<nsFixedCString> = {<nsCString> = {<nsCSubstring> = {<nsACString_internal> = {mVTable = 0xb7ea4128, mData = 0x9db62d8 "", mLength = 0,
            mFlags = 65553}, <No data fields>}, <No data fields>},
      mFixedCapacity = 63, mFixedBuf = 0x9db62d8 ""},
    mStorage = '\0' <repeats 63 times>}, mLoadedFonts = {
    _vptr.nsVoidArray = 0xb7ea0b48, mImpl = 0x9b1e050},
  mWesternFont = 0x9d4a278, mPattern = 0x9db6488,
  mMatchType = nsFontMetricsXft::eBestMatch, mMiniFont = 0x0,
  mMiniFontWidth = 0, mMiniFontHeight = 0, mMiniFontPadding = 0,
  mMiniFontYOffset = 0, mMiniFontAscent = 0, mMiniFontDescent = 0,
  mXHeight = 0, mSuperscriptOffset = 0, mSubscriptOffset = 0,
  mStrikeoutOffset = 0, mStrikeoutSize = 0, mUnderlineOffset = 0,
  mUnderlineSize = 0, mMaxHeight = 0, mLeading = 0, mEmHeight = 192,
  mEmAscent = 0, mEmDescent = 0, mMaxAscent = 0, mMaxDescent = 0,
  mMaxAdvance = 0, mSpaceWidth = 0, mAveCharWidth = 0, mMaxStringLength = 0}
(gdb) print *face
$2 = {num_faces = 1, face_index = 0, face_flags = 537, style_flags = 2,
  num_glyphs = 229, family_name = 0x9df2608 "Myriad",
  style_name = 0x9de0518 "Bold", num_fixed_sizes = 0, available_sizes = 0x0,
  num_charmaps = 4, charmaps = 0x87407f8, generic = {data = 0x0,
    finalizer = 0}, bbox = {xMin = -39, yMin = -250, xMax = 1256, yMax = 851},
  units_per_EM = 1000, ascender = 0, descender = 0, height = 90,
  max_advance_width = 1285, max_advance_height = 90,
  underline_position = -100, underline_thickness = 50, glyph = 0x8740810,
  size = 0x9d4c598, charmap = 0x9dd8fc0, driver = 0x83bbc90,
  memory = 0x83ba9f8, stream = 0x9b1e310, sizes_list = {head = 0x9dca250,
    tail = 0x9dca250}, autohint = {data = 0x0, finalizer = 0},
  extensions = 0x0, internal = 0x9dd8f80}
(gdb) print *face->family_name
$3 = 77 'M'
(gdb) print *face->style_name
$4 = 66 'B'
(gdb)

So, looks like Myriad Bold.
(Reporter)

Comment 20

11 years ago
I just checked, and Myriad Bold looks fine in KFontview. It's the OpenType .otf version, from Adobe. I tried paging through Myriad's first 50-odd pages in KCharSelect too.

Comment 21

11 years ago
I believe this bug is a duplicate of bug 279032.

Updated

11 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 279032
(Assignee)

Updated

10 years ago
Product: Core → Core Graveyard
(Assignee)

Updated

7 years ago
Crash Signature: [@ nsFontMetricsXft::CacheFontMetrics]
You need to log in before you can comment on or make changes to this bug.