Crash with very large font-size (XIOError exit)

RESOLVED FIXED

Status

Core Graveyard
GFX: Gtk
--
critical
RESOLVED FIXED
10 years ago
9 years ago

People

(Reporter: Chris Cook, Assigned: mats)

Tracking

({testcase, verified1.8.1.12})

1.8 Branch
x86
Linux
testcase, verified1.8.1.12
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11

When an element has an absurdly large font-size applied, Firefox crashes predictably. To verify that it's a gecko rendering problem I also tested with Epiphany 2.20.1 which uses Gecko 1.8. I've tested my sample using prism and it renders it fine so it's been resolved in later versions of gecko.

Perhaps it's a bug with Pango. I have not tested on Windows.

Reproducible: Always

Steps to Reproduce:
1. View the attached reduced test-case (to be added). Be prepared to crash your browser.
(Reporter)

Comment 1

10 years ago
Gee, either I'm blind or adding attachments isn't possible anymore for some reason. This would have been my attachment.

------------------------------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Gecko Crash Demo</title>
</head>

<body>

<div>
  <span style="font-size:463.25em"><a href="#">Hello World!</a></span>
</div>

</body>
</html>
------------------------------------------------------------
(Reporter)

Comment 2

10 years ago
Created attachment 292546 [details]
Testcase

I'm blind it turns out. Sorry for the bugspam.

Comment 3

10 years ago
works for me on Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b2pre) Gecko/2007121009 Minefield/3.0b2pre and Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11

Updated

10 years ago
Component: General → GFX: Gtk
Product: Firefox → Core
QA Contact: general → gtk
Version: unspecified → 1.8 Branch

Comment 4

10 years ago
Bug 348462, perhaps?
(Assignee)

Comment 5

10 years ago
We did limit the font size in bug 394859 for branch, but apparently
not enough.  I can reproduce the "crash" on a 2560x1600 display.
If I limit the size to 2589 then it works, but 2590 does not...

Chris, what size is your screen (in pixels)?
Assignee: nobody → mats.palmgren
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: testcase
Summary: Crash with very large font-size → Crash with very large font-size (XIOError exit)
(Assignee)

Comment 6

10 years ago
Created attachment 292620 [details] [diff] [review]
Patch rev. 1

Set an absolute upper limit of 2000 (same as we currently have on trunk)
Attachment #292620 - Flags: superreview?(dbaron)
Attachment #292620 - Flags: review?(dbaron)
(Reporter)

Comment 7

10 years ago
(In reply to comment #5)
> Chris, what size is your screen (in pixels)?

My display resolution is 1680x1050.
(Assignee)

Comment 8

10 years ago
(In reply to comment #7)
> My display resolution is 1680x1050.

Ok, so the current limit we have in branch builds is 2098 for you.
Just to be sure 2000 is enough - could you try the testcase in a trunk build?
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/
(Reporter)

Comment 9

10 years ago
I've tested the firefox nightly build and it renders the testcase just fine. I always expected it would though. Isn't it running the same gecko that prism is? This bug is against Firefox 2.0.x
(Assignee)

Comment 10

10 years ago
Comment on attachment 292620 [details] [diff] [review]
Patch rev. 1

Low-risk crash fix for branch.  (2000px is the same absolute limit we currently have on trunk)
Attachment #292620 - Flags: superreview?(roc)
Attachment #292620 - Flags: superreview?(dbaron)
Attachment #292620 - Flags: review?(roc)
Attachment #292620 - Flags: review?(dbaron)
Attachment #292620 - Flags: superreview?(roc)
Attachment #292620 - Flags: superreview+
Attachment #292620 - Flags: review?(roc)
Attachment #292620 - Flags: review+
(Assignee)

Updated

10 years ago
Attachment #292620 - Flags: approval1.8.1.12?
Comment on attachment 292620 [details] [diff] [review]
Patch rev. 1

approved for 1.8.1.12, a=dveditz for release-drivers
Attachment #292620 - Flags: approval1.8.1.12? → approval1.8.1.12+
(Assignee)

Comment 12

10 years ago
mozilla/gfx/src/gtk/nsFontMetricsGTK.cpp 	1.280.6.5
mozilla/gfx/src/gtk/nsFontMetricsPango.cpp 	1.16.2.9
mozilla/gfx/src/gtk/nsFontMetricsXft.cpp 	1.69.4.4 

I've added the attached testcase as a crash test on trunk:

mozilla/gfx/thebes/crashtests/407842.html 	1.1
mozilla/gfx/thebes/crashtests/crashtests.list 	1.20 

-> FIXED
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Flags: in-testsuite+
Keywords: fixed1.8.1.12
Resolution: --- → FIXED
I could reproduce this 100% using a resolution of 2360x1770 on Ubuntu 7.10 with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11, but NOT with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12pre) Gecko/20080128 BonEcho/2.0.0.12pre.

(It was a clean exit; no Talkback came up.)

Replacing fixed1.8.1.12 keyword with verified1.8.1.12
Keywords: fixed1.8.1.12 → verified1.8.1.12
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.