Closed Bug 580962 Opened 10 years ago Closed 9 years ago

testcase from bug 580233 (unexpected values in GPOS table) crashes on Linux

Categories

(Core :: Graphics, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- final+

People

(Reporter: jfkthame, Assigned: karlt)

References

Details

(Keywords: crash)

The crashtest gfx/tests/crashtests/580233-1.html, which loads a font with a "damaged" GPOS table, caused a crash on Linux-64 Co test:

s: talos-r3-fed64-003
TEST-UNEXPECTED-FAIL | file:///home/cltbld/talos-slave/mozilla-central-fedora64-opt-u-crashtest/build/reftest/tests/gfx/tests/crashtests/580233-1.html | Exited with code -8 during test run
PROCESS-CRASH | file:///home/cltbld/talos-slave/mozilla-central-fedora64-opt-u-crashtest/build/reftest/tests/gfx/tests/crashtests/580233-1.html | application crashed (minidump found)

We may get a more useful stack once the debug builds complete; it will most likely be a crash within the system Pango library.

Marking the test to be skipped on Linux for now.
From the 32-bit Linux stack, confirming this is a crash within Pango:

PROCESS-CRASH | file:///home/cltbld/talos-slave/mozilla-central-fedora-debug-u-crashtest/build/reftest/tests/gfx/tests/crashtests/580233-1.html | application crashed (minidump found)
Operating system: Linux
                  0.0.0 Linux 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686
CPU: x86
     GenuineIntel family 6 model 23 stepping 10
     1 CPU

Crash reason:  SIGFPE
Crash address: 0x71002c

Thread 0 (crashed)
 0  libpangoft2-1.0.so.0.2600.0 + 0x1f02c
    eip = 0x0071002c   esp = 0xbfefbef0   ebp = 0xbfefbf48   ebx = 0x00719220
    esi = 0x0c07e2fc   edi = 0xbfefbfe0   eax = 0xffffffff   ecx = 0x00001000
    edx = 0x00000000   efl = 0x00010246
    Found by: given as instruction pointer in context
 1  libpangoft2-1.0.so.0.2600.0 + 0x1f6f6
    eip = 0x007106f7   esp = 0xbfefbf50   ebp = 0xbfefbfb8
    Found by: previous frame's frame pointer
 2  libpangoft2-1.0.so.0.2600.0 + 0x1514f
    eip = 0x00706150   esp = 0xbfefbfc0   ebp = 0xbfefc008
    Found by: previous frame's frame pointer
 3  libpangoft2-1.0.so.0.2600.0 + 0x112fc
    eip = 0x007022fd   esp = 0xbfefc010   ebp = 0xbfefc098
    Found by: previous frame's frame pointer
 4  libpangoft2-1.0.so.0.2600.0 + 0xdf3f
    eip = 0x006fef40   esp = 0xbfefc0a0   ebp = 0xbfefc118
    Found by: previous frame's frame pointer
 5  libpangoft2-1.0.so.0.2600.0 + 0x1fd04
    eip = 0x00710d05   esp = 0xbfefc120   ebp = 0xbfefc198
    Found by: previous frame's frame pointer
 6  libpango-1.0.so.0.2600.0 + 0x17a0a
    eip = 0x00241a0b   esp = 0xbfefc1a0   ebp = 0xbfefc1c8
    Found by: previous frame's frame pointer
 7  libpango-1.0.so.0.2600.0 + 0x2a48a
    eip = 0x0025448b   esp = 0xbfefc1d0   ebp = 0xbfefc238
    Found by: previous frame's frame pointer
 8  libxul.so!gfxPangoFontGroup::CreateGlyphRunsItemizing [gfxPangoFonts.cpp:0f5fc40c6a0f : 3098 + 0x22]
    eip = 0x02620bd3   esp = 0xbfefc240   ebp = 0xbfefc2b8
    Found by: previous frame's frame pointer
 9  libxul.so!gfxPangoFontGroup::InitTextRun [gfxPangoFonts.cpp:0f5fc40c6a0f : 2447 + 0x26]
    eip = 0x02621f10   esp = 0xbfefc2c0   ebp = 0xbfefc2f8   ebx = 0x02d81ee8
    Found by: call frame info
10  libxul.so!gfxPangoFontGroup::MakeTextRun [gfxPangoFonts.cpp:0f5fc40c6a0f : 2383 + 0x40]
    eip = 0x026220d1   esp = 0xbfefc300   ebp = 0xbfefc428   ebx = 0x02d81ee8
    Found by: call frame info
11  libxul.so!TextRunWordCache::MakeTextRun [gfxTextRunWordCache.cpp:0f5fc40c6a0f : 817 + 0x56]
    eip = 0x0260eda7   esp = 0xbfefc430   ebp = 0xbfefca38   ebx = 0x02d81ee8
    esi = 0x01100061   edi = 0x0000000b
    Found by: call frame info
12  libxul.so!gfxTextRunWordCache::MakeTextRun [gfxTextRunWordCache.cpp:0f5fc40c6a0f : 1013 + 0x30]
    eip = 0x0260eec6   esp = 0xbfefca40   ebp = 0xbfefca68   ebx = 0x02d81ee8
    esi = 0xbfeff24d   edi = 0x0000000b
    Found by: call frame info
13  libxul.so!MakeTextRun [nsTextFrameThebes.cpp:0f5fc40c6a0f : 470 + 0x26]
    eip = 0x0131552a   esp = 0xbfefca70   ebp = 0xbfefcaa8   ebx = 0x02d81ee8
    esi = 0xbfeff24d   edi = 0x0000000b
    Found by: call frame info
14  libxul.so!BuildTextRunsScanner::BuildTextRunForFrames [nsTextFrameThebes.cpp:0f5fc40c6a0f : 1820 + 0x2c]
    eip = 0x01319922   esp = 0xbfefcab0   ebp = 0xbfefdf18   ebx = 0x02d81ee8
    esi = 0xbfeff24d   edi = 0x0000000b
    Found by: call frame info
15  libxul.so!BuildTextRunsScanner::FlushFrames [nsTextFrameThebes.cpp:0f5fc40c6a0f : 1238 + 0x1c]
    eip = 0x01319cc3   esp = 0xbfefdf20   ebp = 0xbfefef58   ebx = 0x02d81ee8
    esi = 0x0bcf0b40   edi = 0x00000000
    Found by: call frame info
16  libxul.so!BuildTextRuns [nsTextFrameThebes.cpp:0f5fc40c6a0f : 1172 + 0x1d]
    eip = 0x0131a915   esp = 0xbfefef60   ebp = 0xbfeff308   ebx = 0x02d81ee8
    esi = 0x0bcf0b40   edi = 0x00000000
    Found by: call frame info
17  libxul.so!nsTextFrame::EnsureTextRun [nsTextFrameThebes.cpp:0f5fc40c6a0f : 2040 + 0x29]
    eip = 0x0131aa5c   esp = 0xbfeff310   ebp = 0xbfeff388   ebx = 0x02d81ee8
    esi = 0x00000401   edi = 0x00000000
    Found by: call frame info
18  libxul.so!nsTextFrame::Reflow [nsTextFrameThebes.cpp:0f5fc40c6a0f : 6293 + 0x46]
    eip = 0x0131f49a   esp = 0xbfeff390   ebp = 0xbfeff708   ebx = 0x02d81ee8
    esi = 0x00000401   edi = 0x00000000
    Found by: call frame info
19  libxul.so!nsLineLayout::ReflowFrame [nsLineLayout.cpp:0f5fc40c6a0f : 853 + 0x37]
    eip = 0x012e06d7   esp = 0xbfeff710   ebp = 0xbfeff8a8   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
20  libxul.so!nsBlockFrame::ReflowInlineFrame [nsBlockFrame.cpp:0f5fc40c6a0f : 3722 + 0x27]
    eip = 0x0126739e   esp = 0xbfeff8b0   ebp = 0xbfeff938   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
21  libxul.so!nsBlockFrame::DoReflowInlineFrames [nsBlockFrame.cpp:0f5fc40c6a0f : 3517 + 0x37]
    eip = 0x0126e81a   esp = 0xbfeff940   ebp = 0xbfeffa48   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
22  libxul.so!nsBlockFrame::ReflowInlineFrames [nsBlockFrame.cpp:0f5fc40c6a0f : 3371 + 0x53]
    eip = 0x0126f2a5   esp = 0xbfeffa50   ebp = 0xbfeffb88   ebx = 0x02d81ee8
    esi = 0x0a66d230   edi = 0x00000000
    Found by: call frame info
23  libxul.so!nsBlockFrame::ReflowLine [nsBlockFrame.cpp:0f5fc40c6a0f : 2467 + 0x26]
    eip = 0x01270e2f   esp = 0xbfeffb90   ebp = 0xbfeffca8   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
24  libxul.so!nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp:0f5fc40c6a0f : 1907 + 0x2f]
    eip = 0x01271824   esp = 0xbfeffcb0   ebp = 0xbfefff48   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
25  libxul.so!nsBlockFrame::Reflow [nsBlockFrame.cpp:0f5fc40c6a0f : 1009 + 0x14]
    eip = 0x01273420   esp = 0xbfefff50   ebp = 0xbff00328   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
26  libxul.so!nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp:0f5fc40c6a0f : 310 + 0x3a]
    eip = 0x01276734   esp = 0xbff00330   ebp = 0xbff00378   ebx = 0x02d81ee8
    esi = 0x0bcf0a88   edi = 0x01272fac
    Found by: call frame info
27  libxul.so!nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp:0f5fc40c6a0f : 3090 + 0x6c]
    eip = 0x0126fc55   esp = 0xbff00380   ebp = 0xbff00728   ebx = 0x02d81ee8
    esi = 0x0bcf0b68   edi = 0x00000000
    Found by: call frame info
28  libxul.so!nsBlockFrame::ReflowLine [nsBlockFrame.cpp:0f5fc40c6a0f : 2412 + 0x26]
    eip = 0x01270b5f   esp = 0xbff00730   ebp = 0xbff00848   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
29  libxul.so!nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp:0f5fc40c6a0f : 1907 + 0x2f]
    eip = 0x01271824   esp = 0xbff00850   ebp = 0xbff00ae8   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
30  libxul.so!nsBlockFrame::Reflow [nsBlockFrame.cpp:0f5fc40c6a0f : 1009 + 0x14]
    eip = 0x01273420   esp = 0xbff00af0   ebp = 0xbff00ec8   ebx = 0x02d81ee8
    esi = 0x00100401   edi = 0x00000000
    Found by: call frame info
31  libxul.so!nsBlockReflowContext::ReflowBlock [nsBlockReflowContext.cpp:0f5fc40c6a0f : 310 + 0x3a]
    eip = 0x01276734   esp = 0xbff00ed0   ebp = 0xbff00f18   ebx = 0x02d81ee8
    esi = 0x0bcf08a0   edi = 0x01272fac
    Found by: call frame info
32  libxul.so!nsBlockFrame::ReflowBlockFrame [nsBlockFrame.cpp:0f5fc40c6a0f : 3090 + 0x6c]
    eip = 0x0126fc55   esp = 0xbff00f20   ebp = 0xbff012c8   ebx = 0x02d81ee8
    esi = 0x0bcf0910   edi = 0x00000000
    Found by: call frame info
33  libxul.so!nsBlockFrame::ReflowLine [nsBlockFrame.cpp:0f5fc40c6a0f : 2412 + 0x26]
    eip = 0x01270b5f   esp = 0xbff012d0   ebp = 0xbff013e8   ebx = 0x02d81ee8
    esi = 0x00d00401   edi = 0x00000000
    Found by: call frame info
34  libxul.so!nsBlockFrame::ReflowDirtyLines [nsBlockFrame.cpp:0f5fc40c6a0f : 1907 + 0x2f]
    eip = 0x01271824   esp = 0xbff013f0   ebp = 0xbff01688   ebx = 0x02d81ee8
    esi = 0x00d00401   edi = 0x00000000
    Found by: call frame info
35  libxul.so!nsBlockFrame::Reflow [nsBlockFrame.cpp:0f5fc40c6a0f : 1009 + 0x14]
    eip = 0x01273420   esp = 0xbff01690   ebp = 0xbff01a68   ebx = 0x02d81ee8
    esi = 0x00d00401   edi = 0x00000000
    Found by: call frame info
36  libxul.so!nsContainerFrame::ReflowChild [nsContainerFrame.cpp:0f5fc40c6a0f : 738 + 0x2f]
    eip = 0x01283bf6   esp = 0xbff01a70   ebp = 0xbff01ab8   ebx = 0x02d81ee8
    esi = 0x0c0d01d0   edi = 0x00000000
    Found by: call frame info
37  libxul.so!nsCanvasFrame::Reflow [nsCanvasFrame.cpp:0f5fc40c6a0f : 487 + 0x57]
    eip = 0x012c35bb   esp = 0xbff01ac0   ebp = 0xbff01d68   ebx = 0x02d81ee8
    esi = 0x0c0d01d0   edi = 0x00000000
    Found by: call frame info
38  libxul.so!nsContainerFrame::ReflowChild [nsContainerFrame.cpp:0f5fc40c6a0f : 738 + 0x2f]
    eip = 0x01283bf6   esp = 0xbff01d70   ebp = 0xbff01db8   ebx = 0x02d81ee8
    esi = 0x02cb3594   edi = 0x0c0d01d0
    Found by: call frame info
39  libxul.so!nsHTMLScrollFrame::ReflowScrolledFrame [nsGfxScrollFrame.cpp:0f5fc40c6a0f : 513 + 0x53]
    eip = 0x012b797d   esp = 0xbff01dc0   ebp = 0xbff01f28   ebx = 0x02d81ee8
    esi = 0x02cb3594   edi = 0x0c0d01d0
    Found by: call frame info
40  libxul.so!nsHTMLScrollFrame::ReflowContents [nsGfxScrollFrame.cpp:0f5fc40c6a0f : 606 + 0x53]
    eip = 0x012b815a   esp = 0xbff01f30   ebp = 0xbff01ff8   ebx = 0x02d81ee8
    esi = 0x00000000   edi = 0x0000bb80
    Found by: call frame info
41  libxul.so!nsHTMLScrollFrame::Reflow [nsGfxScrollFrame.cpp:0f5fc40c6a0f : 812 + 0x1b]
    eip = 0x012baa87   esp = 0xbff02000   ebp = 0xbff02148   ebx = 0x02d81ee8
    esi = 0x0132a480   edi = 0x0000bb80
    Found by: call frame info
42  libxul.so!nsContainerFrame::ReflowChild [nsContainerFrame.cpp:0f5fc40c6a0f : 738 + 0x2f]
    eip = 0x01283bf6   esp = 0xbff02150   ebp = 0xbff02198   ebx = 0x02d81ee8
    esi = 0x0132a480   edi = 0x0000bb80
    Found by: call frame info
43  libxul.so!ViewportFrame::Reflow [nsViewportFrame.cpp:0f5fc40c6a0f : 285 + 0x53]
    eip = 0x0132a6af   esp = 0xbff021a0   ebp = 0xbff023e8   ebx = 0x02d81ee8
    esi = 0x0132a480   edi = 0x0000bb80
    Found by: call frame info
44  libxul.so!PresShell::DoReflow [nsPresShell.cpp:0f5fc40c6a0f : 7510 + 0x3b]
    eip = 0x012354bc   esp = 0xbff023f0   ebp = 0xbff025b8   ebx = 0x02d81ee8
    esi = 0x0132a480   edi = 0x0000bb80
    Found by: call frame info
45  libxul.so!PresShell::ProcessReflowCommands [nsPresShell.cpp:0f5fc40c6a0f : 7645 + 0x18]
    eip = 0x01247347   esp = 0xbff025c0   ebp = 0xbff02618   ebx = 0x02d81ee8
    esi = 0x00002420   edi = 0x00000000
    Found by: call frame info
46  libxul.so!PresShell::FlushPendingNotifications [nsPresShell.cpp:0f5fc40c6a0f : 4829 + 0x1a]
    eip = 0x012477ef   esp = 0xbff02620   ebp = 0xbff02688   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
47  libxul.so!nsDocument::FlushPendingNotifications [nsDocument.cpp:0f5fc40c6a0f : 6188 + 0x1f]
    eip = 0x01507f7a   esp = 0xbff02690   ebp = 0xbff026c8   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
48  libxul.so!nsDocLoader::DocLoaderIsEmpty [nsDocLoader.cpp:0f5fc40c6a0f : 771 + 0x21]
    eip = 0x01e74d29   esp = 0xbff026d0   ebp = 0xbff02738   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
49  libxul.so!nsDocLoader::OnStopRequest [nsDocLoader.cpp:0f5fc40c6a0f : 701 + 0x12]
    eip = 0x01e76651   esp = 0xbff02740   ebp = 0xbff02818   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
50  libxul.so!nsLoadGroup::RemoveRequest [nsLoadGroup.cpp:0f5fc40c6a0f : 680 + 0x2d]
    eip = 0x00fa39c1   esp = 0xbff02820   ebp = 0xbff028c8   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
51  libxul.so!nsBaseChannel::OnStopRequest [nsBaseChannel.cpp:0f5fc40c6a0f : 712 + 0x3a]
    eip = 0x00f83699   esp = 0xbff028d0   ebp = 0xbff028f8   ebx = 0x02d81ee8
    esi = 0x00fa36fc   edi = 0x0b7fb590
    Found by: call frame info
52  libxul.so!nsInputStreamPump::OnStateStop [nsInputStreamPump.cpp:0f5fc40c6a0f : 578 + 0x42]
    eip = 0x00f97711   esp = 0xbff02900   ebp = 0xbff02928   ebx = 0x02d81ee8
    esi = 0x0a94e99c   edi = 0x00000000
    Found by: call frame info
53  libxul.so!nsInputStreamPump::OnInputStreamReady [nsInputStreamPump.cpp:0f5fc40c6a0f : 403 + 0xa]
    eip = 0x00f97839   esp = 0xbff02930   ebp = 0xbff02968   ebx = 0x02d81ee8
    esi = 0x0abb413c   edi = 0x00f97796
    Found by: call frame info
54  libxul.so!nsInputStreamReadyEvent::Run [nsStreamUtils.cpp:0f5fc40c6a0f : 112 + 0x2d]
    eip = 0x024cd2be   esp = 0xbff02970   ebp = 0xbff02988   ebx = 0x02d81ee8
    esi = 0x0abb413c   edi = 0x00f97796
    Found by: call frame info
55  libxul.so!nsThread::ProcessNextEvent [nsThread.cpp:0f5fc40c6a0f : 547 + 0x18]
    eip = 0x024f672b   esp = 0xbff02990   ebp = 0xbff029f8   ebx = 0x02d81ee8
    esi = 0x09c6d68c   edi = 0x022a6ba8
    Found by: call frame info
56  libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 250 + 0x1f]
    eip = 0x024825b0   esp = 0xbff02a00   ebp = 0xbff02a38   ebx = 0x02d81ee8
    esi = 0x00000001   edi = 0x022a6ba8
    Found by: call frame info
57  libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp:0f5fc40c6a0f : 118 + 0x15]
    eip = 0x02332dee   esp = 0xbff02a40   ebp = 0xbff02a88   ebx = 0x02d81ee8
    esi = 0x00000001   edi = 0x022a6ba8
    Found by: call frame info
58  libxul.so!MessageLoop::RunInternal [message_loop.cc:0f5fc40c6a0f : 219 + 0x22]
    eip = 0x025642e7   esp = 0xbff02a90   ebp = 0xbff02ab8   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
59  libxul.so!MessageLoop::RunHandler [message_loop.cc:0f5fc40c6a0f : 202 + 0xa]
    eip = 0x025642ff   esp = 0xbff02ac0   ebp = 0xbff02ac8   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
60  libxul.so!MessageLoop::Run [message_loop.cc:0f5fc40c6a0f : 176 + 0xa]
    eip = 0x02564363   esp = 0xbff02ad0   ebp = 0xbff02ae8   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
61  libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp:0f5fc40c6a0f : 175 + 0xc]
    eip = 0x021d5098   esp = 0xbff02af0   ebp = 0xbff02b28   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
62  libxul.so!nsAppStartup::Run [nsAppStartup.cpp:0f5fc40c6a0f : 191 + 0x1b]
    eip = 0x01f2599d   esp = 0xbff02b30   ebp = 0xbff02b68   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
63  libxul.so!XRE_main [nsAppRunner.cpp:0f5fc40c6a0f : 3625 + 0x1b]
    eip = 0x00f4cd98   esp = 0xbff02b70   ebp = 0xbff03108   ebx = 0x02d81ee8
    esi = 0x0a1dd248   edi = 0x022a6ba8
    Found by: call frame info
blocking2.0: --- → ?
blocking2.0: ? → final+
Assignee: nobody → jdaggett
Does this still crash now that bug 569770 is fixed?
Assignee: jdaggett → karlt
This seems different from bug 605347 because I can't reproduce here with harfbuzz disabled and Pango 1.28.1.  It may be the same as bug 570968.

Since bug 569770 we no longer use Pango for this script so the test passes.
Enabled the test:
http://hg.mozilla.org/mozilla-central/rev/82e9968b933b
Blocks: 570968
Status: NEW → RESOLVED
Closed: 9 years ago
Depends on: 569770
Flags: in-testsuite+
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.