Closed Bug 421393 Opened 17 years ago Closed 17 years ago

Crashes [@ gfxTextRun::SetMissingGlyph] with RLO and other characters

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, crash, testcase, Whiteboard: [sg:critical?])

Crash Data

Attachments

(1 file)

testcase (crashes Firefox when loaded)
237 bytes, text/html
Details
Loading the testcase triggers: ###!!! ASSERTION: Couldn't find glyph for trailing marker: 'glyphRecords[0].originalOffset == aSegmentLength*2', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxAtsuiFonts.cpp, line 1046 ###!!! ASSERTION: Index out of range: 'aIndex < mCharacterCount', file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 1736 firefox-bin(738,0xa000d000) malloc: *** Deallocation of a pointer not malloced: 0x77180000; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug ###!!! ASSERTION: invalid array index: 'i < Length()', file ../../../dist/include/xpcom/nsTArray.h, line 317 If you have MallocScribble and MallocPreScribble enabled, it will then crash [@ gfxTextRun::SetMissingGlyph] trying to access memory at 0xaaaaaaaa. Without scribbling enabled, it may or may not crash.
Whiteboard: [sg:critical?]
WFM using Mac trunk debug (no assertions, no crash) (tested both with and without Malloc*Scribble).
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Flags: in-testsuite?
Crashtest checked in.
Flags: in-testsuite? → in-testsuite+
Crash Signature: [@ gfxTextRun::SetMissingGlyph]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: