Closed
Bug 604380
Opened 14 years ago
Closed 13 years ago
Crash [@ libpangoft2-1.0.so.0.1400.9@0x148a3]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 605347
People
(Reporter: bc, Assigned: karlt)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
94.86 KB,
text/plain
|
Details |
1. http://code.google.com/webfonts 2. crash linux 1.9.2 debug only. Operating system: Linux 0.0.0 Linux 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:07:06 EDT 2010 i686 CPU: x86 GenuineIntel family 6 model 44 stepping 2 1 CPU Crash reason: SIGSEGV Crash address: 0xa69403c Thread 0 (crashed) 0 libpangoft2-1.0.so.0.1400.9 + 0x148a3 eip = 0x009098a3 esp = 0xbffb1d00 ebp = 0xbffb1d48 ebx = 0x009227a0 esi = 0x00000004 edi = 0xbffb1e38 eax = 0x000351aa ecx = 0x0a694038 edx = 0x000351aa efl = 0x00010202 Found by: given as instruction pointer in context I couldn't reproduce by hand with a nightly nor with a debug build, but was able to reproduce using the sisyphus automation. the crash address varies therefore making this sensitive.
Reporter | ||
Comment 1•14 years ago
|
||
Reporter | ||
Comment 2•14 years ago
|
||
I was wrong. It occurs on 1.9.1,1.9.2 and 2.0.0
Version: 1.9.2 Branch → Trunk
Updated•14 years ago
|
status1.9.1:
--- → wanted
status1.9.2:
--- → wanted
Updated•14 years ago
|
Keywords: testcase-wanted
Comment 3•14 years ago
|
||
, can you take a look at this and connect with Bob?
Assignee: nobody → karlt
Assignee | ||
Comment 4•14 years ago
|
||
Related to bug 605347, but this is a very old Pango library. There have been a number of vulnerabilities repaired in Pango since 1.14 and I doubt 1.14.9 includes any backports. We won't use this path for this page when bug 569770 lands. For the branches, this becomes a SIGFPE DoS (bug 605347) with newer Pango versions.
Depends on: 605347
Comment 5•14 years ago
|
||
Bob, based on your kernel version you're running a pretty old linux installation, is that so? Roc thinks that the version of pango that you have is too old.
Karl thought that, I just parroted it :-). But I do think this is clearly a Pango bug, and since we don't ship Pango, I think it's up to the distro to package a fixed Pango.
Reporter | ||
Comment 7•14 years ago
|
||
Sounds reasonable. This is on a Centos 5.5 box. I guess I'll need to start using Fedora or RHEL6beta. Should we clue some RedHat folks in here?
Updated•14 years ago
|
Whiteboard: [sg:vector-critical? (pango)]
Reporter | ||
Comment 8•13 years ago
|
||
I set up Fedora 14 for testing and can again reproduce crashes using the automation but not locally. Locally I hang. The installed version of pango is 1.28.1-4.fc14. running 1.9.2 under gdb with debuginfo gives: Program received signal SIGFPE, Arithmetic exception. 0x002e65f6 in _hb_sanitize_array (this=0x8f80124, context=0xbfff2e14) at hb-open-type-private.hh:202 202 bool overflows = len >= ((unsigned int) -1) / record_size; with record_size == 0. It looks like 1.9.2 gets hung up with repeated SIGFPEs
Reporter | ||
Updated•13 years ago
|
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
status1.9.1:
wanted → ---
status1.9.2:
wanted → ---
Resolution: --- → DUPLICATE
Whiteboard: [sg:vector-critical? (pango)]
Updated•13 years ago
|
Crash Signature: [@ libpangoft2-1.0.so.0.1400.9@0x148a3]
Updated•9 years ago
|
Keywords: testcase-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•