"ASSERTION: Started word in the middle of a cluster..." and crash [@ gfxTextRun::ComputeLigatureData] with combining character and newline

RESOLVED FIXED

Status

()

Core
Layout: Text
P3
critical
RESOLVED FIXED
10 years ago
7 years ago

People

(Reporter: Jesse Ruderman, Assigned: roc)

Tracking

(Blocks: 1 bug, {assertion, crash, testcase})

Trunk
x86
Mac OS X
assertion, crash, testcase
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9 +
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [dbaron-1.9:RsCt], crash signature)

Attachments

(2 attachments)

(Reporter)

Description

10 years ago
Created attachment 278861 [details]
testcase 1 (may make Firefox unstable)

Loading "testcase 1" triggers:

###!!! ASSERTION: Started word in the middle of a cluster...: 'aSource->IsClusterStart(start)', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 1683

It also puts Firefox into a state where encountering a lone ́ will make it crash.
Flags: blocking1.9?
(Reporter)

Comment 1

10 years ago
Created attachment 278863 [details]
testcase 2 (crashes Firefox when loaded)

This demonstrates the divide-by-zero crash in gfxTextRun::ComputeLigatureData.  The crash is preceded by

###!!! ASSERTION: Ligature at the start of the run??: 'i > 0', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 817

I see "Floating point exception" on the terminal, but that line in gfxFont.cpp looks like integer division.  Hmm.
Assignee: nobody → roc
The assertions and crashes are fixed by my patch in bug 385417. There's still some potential issues about marks combining with spaces, but I'll have to think about the best way to solve those.
Depends on: 385417
Flags: blocking1.9? → blocking1.9+
Whiteboard: depends on 385417
Whiteboard: depends on 385417 → [depends on 385417]
Whiteboard: [depends on 385417] → [depends on 385417][dbaron-1.9:RsCt]
Priority: -- → P3
(Reporter)

Comment 3

10 years ago
FIXED by bug 385417 landing.

roc, please file a new bug on the issues you mentioned in comment 2.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Flags: in-testsuite?
(Reporter)

Comment 4

10 years ago
The patch for bug 385417 was backed out.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 5

10 years ago
... and checked in again.
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
(Reporter)

Comment 6

10 years ago
I checked in both testcases as crashtests.
Flags: in-testsuite? → in-testsuite+
I am seeing the assertions and crash on current Linux trunk.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Sorry, I see that is already reported in bug 408746
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
Whiteboard: [depends on 385417][dbaron-1.9:RsCt] → [dbaron-1.9:RsCt]
Crash Signature: [@ gfxTextRun::ComputeLigatureData]
You need to log in before you can comment on or make changes to this bug.