Closed
Bug 446216
Opened 16 years ago
Closed 16 years ago
FF crashes on files containing 0xea (\^e) [@ HB_GDEF_Get_Glyph_Property]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mp26+moz, Unassigned)
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080719 Firefox/2.0.0.16 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080719 Firefox/2.0.0.16, and others FF 2.0.0.16 and FF 3.0 crash for the following URL: http://bugs.kde.org/show_bug.cgi?id=137320 The problem seems to be the byte 0xEA somewhere in the comments. Reproducible: Always Steps to Reproduce: 1. Redirect browser to "http://bugs.kde.org/show_bug.cgi?id=137320" Actual Results: FF crashed (segfault in Linux) Expected Results: No crash
Comment 1•16 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 I get no connection with http://bugs.kde.org/show_bug.cgi?id=137320 ; no crash either.
Comment 2•16 years ago
|
||
Ok, suddenly I see the page.
Comment 3•16 years ago
|
||
no crash with FF3.01 on win32. If you use a binary Firefox build from Mozilla.org then send a crash report with the crashreporter, open about:crashes and post the ID here. If you are using a build from somewhere else or compiled it yourself then attach a Stack trace.
Component: General → Layout: Fonts and Text
Keywords: crash
Product: Firefox → Core
QA Contact: general → layout.fonts-and-text
Version: unspecified → 1.9.0 Branch
I downloaded FF3.01 for Linux minutes ago and it did crash. The ID is 3c4e527d-5630-11dd-8cef-001a4bd43e5cmv.
(In reply to comment #4) > I downloaded FF3.01 for Linux minutes ago and it did crash. The ID is > 3c4e527d-5630-11dd-8cef-001a4bd43e5cmv. It should be only: 3c4e527d-5630-11dd-8cef-001a4bd43e5c . Sorry, typo.
Signature UUID 3c4e527d-5630-11dd-8cef-001a4bd43e5c Time 2008-07-20 00:47:15-07:00 Uptime 34 Product Firefox Version 3.0.1 Build ID 2008070206 OS OS Version CPU CPU Info Crash Reason Crash Address Comments um.... luser?
Comment 7•16 years ago
|
||
I dunno. File a server ops or socorro bug.
reg. "luser": I have not modified the crash-report. Manual backtrace shows little info as I don't have debug symbols: #0 0xb67ca2ad in ?? () from /usr/lib/libpangoft2-1.0.so.0 #1 0x002c0001 in ?? () #2 0x09533ed8 in ?? () #3 0x00000108 in ?? () #4 0xbfaa3efe in ?? () #5 0xbfaa3efc in ?? () #6 0xa7865ab0 in ?? () #7 0x002c002c in ?? () #8 0x0000ffff in ?? () #9 0x00008868 in ?? () #10 0x00000000 in ?? ()
well, install symbols for pango from your distro and try to get at least some sort of stack trace....
Reporter | ||
Comment 10•16 years ago
|
||
more detailed backtrace: #0 HB_GDEF_Get_Glyph_Property (gdef=0xa6735d60, glyphID=21505, property=0xa7efbd28) at harfbuzz-gdef.c:727 #1 0xb6719c54 in _HB_GDEF_Check_Property (gdef=0x0, gitem=0xa7efbd18, flags=0, property=0xbfddcbfe) at harfbuzz-gdef.c:1087 #2 0xb671a691 in GSUB_Do_Glyph_Lookup (gsub=0xa6783e80, lookup_index=51457, buffer=0x95038eb0, context_length=65535, nesting_level=1) at harfbuzz-gsub.c:3688 #3 0xb671c258 in HB_GSUB_Apply_String (gsub=0xa6783e80, buffer=0x95038eb0) at harfbuzz-gsub.c:4206 #4 0xb671538f in pango_ot_ruleset_substitute (ruleset=0xa8219a00, buffer=0xffffffff) at pango-ot-ruleset.c:521 #5 0xaf021ea2 in basic_engine_shape (engine=0x95019330, font=0xa809baf8, text=0xbfddce08 " \\ѶôÏâ¶", length=-1474192896, analysis=0xbfddce14, glyphs=0xa77f9040) at basic-fc.c:211 #6 0xb6dfcd56 in _pango_engine_shape_shape (engine=0xbfddc901, font=0xffffffff, text=0xffffffff <Address 0xffffffff out of bounds>, length=-1, analysis=0xffffffff, glyphs=0xffffffff) at pango-engine.c:71 #7 0xb6e0df74 in pango_shape (text=0xbfddce08 " \\ѶôÏâ¶", length=1, analysis=0xbfddce14, glyphs=0xa77f9040) at shape.c:55 #8 0xb7c9141b in ?? () from /opt/firefox/libxul.so #9 0xbfddce08 in ?? () #10 0x00000001 in ?? () #11 0xbfddce14 in ?? () #12 0xa77f9040 in ?? () #13 0xa809baf8 in ?? () #14 0xb6206a58 in ?? () #15 0x00000020 in ?? () #16 0xb7c91399 in ?? () from /opt/firefox/libxul.so #17 0xa809baf8 in ?? () #18 0xbfddce14 in ?? () #19 0xb6d15c20 in g_object_unref () from /usr/lib/libgobject-2.0.so.0 #20 0xa809baf8 in ?? ()
Comment 11•16 years ago
|
||
case UNCLASSIFIED_GLYPH: *property = 0; is what i see in http://svn.gnome.org/svn/pango/trunk/pango/opentype/harfbuzz-gdef.c @ r2546 if you can go to frame 0 in gdb, try: p *property anyway, you're eventually going to need to file a bug against harfbuzz/pango, as this isn't our stuff. pango bugs live in bugzilla.gnome.org: http://bugzilla.gnome.org/enter_bug.cgi?product=Pango harfbuzz bugs live in bugs.freedesktop.org: https://bugs.freedesktop.org/enter_bug.cgi?product=HarfBuzz
Summary: FF crashes on files containing 0xea (\^e) → FF crashes on files containing 0xea (\^e) [@ HB_GDEF_Get_Glyph_Property]
Reporter | ||
Comment 12•16 years ago
|
||
The problem seems to be pango-1.20.3. It works with pango-1.20.5 and pango-1.18.4. Fixed for me.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ HB_GDEF_Get_Glyph_Property]
You need to log in
before you can comment on or make changes to this bug.
Description
•