Closed
Bug 604380
Opened 15 years ago
Closed 14 years ago
Crash [@ libpangoft2-1.0.so.0.1400.9@0x148a3]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 605347
People
(Reporter: bc, Assigned: karlt)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
94.86 KB,
text/plain
|
Details |
1. http://code.google.com/webfonts
2. crash linux 1.9.2 debug only.
Operating system: Linux
0.0.0 Linux 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:07:06 EDT 2010 i686
CPU: x86
GenuineIntel family 6 model 44 stepping 2
1 CPU
Crash reason: SIGSEGV
Crash address: 0xa69403c
Thread 0 (crashed)
0 libpangoft2-1.0.so.0.1400.9 + 0x148a3
eip = 0x009098a3 esp = 0xbffb1d00 ebp = 0xbffb1d48 ebx = 0x009227a0
esi = 0x00000004 edi = 0xbffb1e38 eax = 0x000351aa ecx = 0x0a694038
edx = 0x000351aa efl = 0x00010202
Found by: given as instruction pointer in context
I couldn't reproduce by hand with a nightly nor with a debug build, but was able to reproduce using the sisyphus automation.
the crash address varies therefore making this sensitive.
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Comment 2•15 years ago
|
||
I was wrong. It occurs on 1.9.1,1.9.2 and 2.0.0
Version: 1.9.2 Branch → Trunk
|
||
Updated•15 years ago
|
status1.9.1:
--- → wanted
status1.9.2:
--- → wanted
|
|
||
Updated•15 years ago
|
Keywords: testcase-wanted
|
||
Comment 3•15 years ago
|
||
, can you take a look at this and connect with Bob?
Assignee: nobody → karlt
|
Assignee | |
Comment 4•15 years ago
|
||
Related to bug 605347, but this is a very old Pango library.
There have been a number of vulnerabilities repaired in Pango since 1.14 and I doubt 1.14.9 includes any backports.
We won't use this path for this page when bug 569770 lands.
For the branches, this becomes a SIGFPE DoS (bug 605347) with newer Pango versions.
Depends on: 605347
|
||
Comment 5•15 years ago
|
||
Bob, based on your kernel version you're running a pretty old linux installation, is that so? Roc thinks that the version of pango that you have is too old.
Karl thought that, I just parroted it :-).
But I do think this is clearly a Pango bug, and since we don't ship Pango, I think it's up to the distro to package a fixed Pango.
|
|
Reporter | |
Comment 7•15 years ago
|
||
Sounds reasonable. This is on a Centos 5.5 box. I guess I'll need to start using Fedora or RHEL6beta. Should we clue some RedHat folks in here?
|
|
||
Updated•15 years ago
|
Whiteboard: [sg:vector-critical? (pango)]
|
|
Reporter | |
Comment 8•14 years ago
|
||
I set up Fedora 14 for testing and can again reproduce crashes using the automation but not locally. Locally I hang.
The installed version of pango is 1.28.1-4.fc14.
running 1.9.2 under gdb with debuginfo gives:
Program received signal SIGFPE, Arithmetic exception.
0x002e65f6 in _hb_sanitize_array (this=0x8f80124, context=0xbfff2e14) at hb-open-type-private.hh:202
202 bool overflows = len >= ((unsigned int) -1) / record_size;
with record_size == 0. It looks like 1.9.2 gets hung up with repeated SIGFPEs
|
|
Reporter | |
Updated•14 years ago
|
Group: core-security
Status: NEW → RESOLVED
Closed: 14 years ago
status1.9.1:
wanted → ---
status1.9.2:
wanted → ---
Resolution: --- → DUPLICATE
Whiteboard: [sg:vector-critical? (pango)]
|
||
Updated•14 years ago
|
Crash Signature: [@ libpangoft2-1.0.so.0.1400.9@0x148a3]
|
||
Updated•10 years ago
|
Keywords: testcase-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•