Created attachment 278861 [details] testcase 1 (may make Firefox unstable) Loading "testcase 1" triggers: ###!!! ASSERTION: Started word in the middle of a cluster...: 'aSource->IsClusterStart(start)', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 1683 It also puts Firefox into a state where encountering a lone ́ will make it crash.
Created attachment 278863 [details] testcase 2 (crashes Firefox when loaded) This demonstrates the divide-by-zero crash in gfxTextRun::ComputeLigatureData. The crash is preceded by ###!!! ASSERTION: Ligature at the start of the run??: 'i > 0', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 817 I see "Floating point exception" on the terminal, but that line in gfxFont.cpp looks like integer division. Hmm.
The assertions and crashes are fixed by my patch in bug 385417. There's still some potential issues about marks combining with spaces, but I'll have to think about the best way to solve those.
FIXED by bug 385417 landing. roc, please file a new bug on the issues you mentioned in comment 2.
The patch for bug 385417 was backed out.
... and checked in again.
I checked in both testcases as crashtests.
I am seeing the assertions and crash on current Linux trunk.
Sorry, I see that is already reported in bug 408746