Last Comment Bug 407842 - Crash with very large font-size (XIOError exit)
: Crash with very large font-size (XIOError exit)
Status: RESOLVED FIXED
: testcase, verified1.8.1.12
Product: Core Graveyard
Classification: Graveyard
Component: GFX: Gtk (show other bugs)
: 1.8 Branch
: x86 Linux
: -- critical (vote)
: ---
Assigned To: Mats Palmgren (:mats)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-10 21:48 PST by Chris Cook
Modified: 2009-01-22 10:17 PST (History)
4 users (show)
mats: in‑testsuite+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Testcase (417 bytes, text/html)
2007-12-10 21:54 PST, Chris Cook
no flags Details
Patch rev. 1 (3.82 KB, patch)
2007-12-11 10:36 PST, Mats Palmgren (:mats)
roc: review+
roc: superreview+
dveditz: approval1.8.1.12+
Details | Diff | Splinter Review

Description Chris Cook 2007-12-10 21:48:19 PST
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11

When an element has an absurdly large font-size applied, Firefox crashes predictably. To verify that it's a gecko rendering problem I also tested with Epiphany 2.20.1 which uses Gecko 1.8. I've tested my sample using prism and it renders it fine so it's been resolved in later versions of gecko.

Perhaps it's a bug with Pango. I have not tested on Windows.

Reproducible: Always

Steps to Reproduce:
1. View the attached reduced test-case (to be added). Be prepared to crash your browser.
Comment 1 Chris Cook 2007-12-10 21:50:36 PST
Gee, either I'm blind or adding attachments isn't possible anymore for some reason. This would have been my attachment.

------------------------------------------------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Gecko Crash Demo</title>
</head>

<body>

<div>
  <span style="font-size:463.25em"><a href="#">Hello World!</a></span>
</div>

</body>
</html>
------------------------------------------------------------
Comment 2 Chris Cook 2007-12-10 21:54:11 PST
Created attachment 292546 [details]
Testcase

I'm blind it turns out. Sorry for the bugspam.
Comment 3 Kevin Brosnan 2007-12-10 22:27:13 PST
works for me on Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b2pre) Gecko/2007121009 Minefield/3.0b2pre and Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Comment 4 Jesse Ruderman 2007-12-10 23:42:06 PST
Bug 348462, perhaps?
Comment 5 Mats Palmgren (:mats) 2007-12-11 10:24:17 PST
We did limit the font size in bug 394859 for branch, but apparently
not enough.  I can reproduce the "crash" on a 2560x1600 display.
If I limit the size to 2589 then it works, but 2590 does not...

Chris, what size is your screen (in pixels)?
Comment 6 Mats Palmgren (:mats) 2007-12-11 10:36:22 PST
Created attachment 292620 [details] [diff] [review]
Patch rev. 1

Set an absolute upper limit of 2000 (same as we currently have on trunk)
Comment 7 Chris Cook 2007-12-11 10:50:45 PST
(In reply to comment #5)
> Chris, what size is your screen (in pixels)?

My display resolution is 1680x1050.
Comment 8 Mats Palmgren (:mats) 2007-12-11 10:58:46 PST
(In reply to comment #7)
> My display resolution is 1680x1050.

Ok, so the current limit we have in branch builds is 2098 for you.
Just to be sure 2000 is enough - could you try the testcase in a trunk build?
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/
Comment 9 Chris Cook 2007-12-17 15:38:08 PST
I've tested the firefox nightly build and it renders the testcase just fine. I always expected it would though. Isn't it running the same gecko that prism is? This bug is against Firefox 2.0.x
Comment 10 Mats Palmgren (:mats) 2007-12-29 23:13:45 PST
Comment on attachment 292620 [details] [diff] [review]
Patch rev. 1

Low-risk crash fix for branch.  (2000px is the same absolute limit we currently have on trunk)
Comment 11 Daniel Veditz [:dveditz] 2008-01-09 11:45:49 PST
Comment on attachment 292620 [details] [diff] [review]
Patch rev. 1

approved for 1.8.1.12, a=dveditz for release-drivers
Comment 12 Mats Palmgren (:mats) 2008-01-12 21:24:45 PST
mozilla/gfx/src/gtk/nsFontMetricsGTK.cpp 	1.280.6.5
mozilla/gfx/src/gtk/nsFontMetricsPango.cpp 	1.16.2.9
mozilla/gfx/src/gtk/nsFontMetricsXft.cpp 	1.69.4.4 

I've added the attached testcase as a crash test on trunk:

mozilla/gfx/thebes/crashtests/407842.html 	1.1
mozilla/gfx/thebes/crashtests/crashtests.list 	1.20 

-> FIXED
Comment 13 Stephen Donner [:stephend] 2008-01-28 22:06:22 PST
I could reproduce this 100% using a resolution of 2360x1770 on Ubuntu 7.10 with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11, but NOT with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12pre) Gecko/20080128 BonEcho/2.0.0.12pre.

(It was a clean exit; no Talkback came up.)

Replacing fixed1.8.1.12 keyword with verified1.8.1.12

Note You need to log in before you can comment on or make changes to this bug.