[OS/2] Attempting to render wingding font causes crash

RESOLVED FIXED

Status

()

Core
Graphics
--
critical
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Dave Yeo, Assigned: Peter Weilbacher)

Tracking

({crash, fixed1.9.1, regression})

Trunk
x86
OS/2
crash, fixed1.9.1, regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(2 attachments)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9.2a1pre) Gecko/20090330 Minefield/3.2a1pre
Build Identifier: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9.2a1pre) Gecko/20090330 Minefield/3.2a1pre

As discussed in newsgroup (thread, page crashes FF 3) going to http://www.toolmax-walldorf.de/ causes Firefox and Seamonkey to crash. Investigation points to wingding.ttf causing crash in GetMetrics()

Reproducible: Always

Steps to Reproduce:
1.Install wingding.ttf from winos2
2.Load http://www.toolmax-walldorf.de/
3.
Actual Results:  
sigsegv in xul.dll

Expected Results:  
Display page

Killed by SIGSEGV
pid=0x4a08 ppid=0x0020 tid=0x0001 slot=0x00d1 pri=0x0200 mc=0x0001
I:\COMM-CENTRAL\.MOZILLA-TRUNK\OBJ-FB\DIST\BIN\FIREFOX.EXE
XUL 0:009d86ce
cs:eip=005b:11d786ce      ss:esp=0053:0011bea0      ebp=0011beb8
 ds=0053      es=0053      fs=150b      gs=0000     efl=00212206
eax=00000000 ebx=234f5560 ecx=11ec2fac edx=00000000 edi=0011c25c esi=00000005
Process dumping was disabled, use DUMPPROC / PROCDUMP to enable it.
(Assignee)

Comment 1

9 years ago
Created attachment 374865 [details] [diff] [review]
fix for the branch

As all crash addresses shown in the newsgroup had something to do with fontmetrics, a fix in gfxOS2Fonts::GetMetrics suggested itself. For the Wingdings font, the code enters the !face->charmap case and so would return unallocated metrics, causing the crash.

This fix allocates the metrics before returning, so that at least there won't be a sigsev any more. This patch is against mozilla-1.9.1 but should work similarly for mozilla-central.
Assignee: nobody → mozilla
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #374865 - Flags: review?(wuno)
(Assignee)

Comment 2

9 years ago
This is a regression from changeset http://hg.mozilla.org/mozilla-central/rev/f9ff564db145 which added improvements from gfxFT2Fonts. FF 3.0.x is not affected.
Keywords: regression
(Assignee)

Updated

9 years ago
Severity: normal → major
Keywords: crash
Version: unspecified → Trunk

Updated

9 years ago
Severity: major → critical
Component: General → Widget: OS/2
Product: Firefox → Core
QA Contact: general → os2
(Assignee)

Updated

9 years ago
Component: Widget: OS/2 → GFX: Color Management
QA Contact: os2 → color-management
(Assignee)

Updated

9 years ago
Component: GFX: Color Management → GFX: Thebes
QA Contact: color-management → thebes

Comment 3

9 years ago
Created attachment 374938 [details] [diff] [review]
patch for trunk

Peter, for your convenience I added the patch for the trunk, the #ifdef DEBUG line you changed already (no bug #) in Dec for the trunk
Attachment #374938 - Flags: review+

Updated

9 years ago
Attachment #374865 - Attachment description: fix → fix for the branch
Attachment #374865 - Flags: review?(wuno) → review+
(Assignee)

Comment 4

9 years ago
Pushed:
http://hg.mozilla.org/mozilla-central/rev/3a27bee3d7b5

(1.9.1 will have to wait until I figured out again how to handle new branches.)
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Updated

9 years ago
Blocks: 490561
You need to log in before you can comment on or make changes to this bug.