Closed
Bug 507566
Opened 15 years ago
Closed 15 years ago
Crash [@ GetAdvanceForGlyphs] with ireflow, RLM, selectAll
Categories
(Core :: Layout: Text and Fonts, defect, P2)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta1-fixed |
status1.9.1 | --- | unaffected |
People
(Reporter: jruderman, Unassigned)
References
Details
(4 keywords, Whiteboard: [sg:critical?])
Crash Data
Attachments
(1 file)
951 bytes,
text/html
|
Details |
To reproduce, run Firefox with these ireflow settings, and load the testcase. export GECKO_REFLOW_INTERRUPT_MODE=counter export GECKO_REFLOW_INTERRUPT_CHECKS_TO_SKIP=1 export GECKO_REFLOW_INTERRUPT_FREQUENCY=1 Result: ###!!! ASSERTION: Invalid offset: 'aOffset <= mSkipChars->mCharCount', file /Users/jruderman/central/gfx/thebes/src/gfxSkipChars.cpp, line 92 ###!!! ASSERTION: Substring out of range: 'aStart + aLength <= mCharacterCount', file /Users/jruderman/central/gfx/thebes/src/gfxFont.cpp, line 2158 Crash [@ GetAdvanceForGlyphs] If MallocScribble is off, Firefox crashes trying to read 0x00000004. But if MallocScribble is on, Firefox crashes trying to read 0x55555559!
Reporter | ||
Updated•15 years ago
|
Flags: blocking1.9.2?
Whiteboard: [sg:critical?]
Comment 1•15 years ago
|
||
Almost certainly the same issue as bug 478504, but I'll double-check on Monday.
Depends on: 478504
Comment 2•15 years ago
|
||
Hmm. It seems like I can't reproduce this at all.
Comment 3•15 years ago
|
||
Ah, nevermind. I had some patches in my tree that made the INTERRUPT_* env vars not work. I can in fact reproduce, and the patch for bug 478504 fixes this.
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Comment 4•15 years ago
|
||
Fixed by checkin for bug 478504. I guess we should keep this closed till be ship 1.9.2b1?
Updated•14 years ago
|
Group: core-security
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ GetAdvanceForGlyphs]
Pushed by mpalmgren@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/e80709fd8002 Add crashtest. r=mats
Updated•6 years ago
|
Flags: in-testsuite+
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e80709fd8002
You need to log in
before you can comment on or make changes to this bug.
Description
•