Closed Bug 653954 Opened 15 years ago Closed 14 years ago

Firefox on Mac OS X crashes a certain Wikipedia page, most likely a font problem

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Version:
2.0 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: lowzl, Unassigned)

References

(
URL
)

Details

Attachments

(3 files)

Stack trace and other diagnostic information
58.08 KB, text/plain
Details
prefs.js that causes the crash
76.99 KB, application/octet-stream
Details
Collected stack traces
301.86 KB, application/octet-stream
Details
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Firefox 4.0.1 consistently crashes when I try to view the above linked Wikipedia page. I suspect the problem is font-related — since the update to 4.0.1, I have encountered some rendering bugs (IPA length colon is misplaced, for example), but this page in particular causes a crash. Stack traces follow. The error each time indicates "incorrect checksum for freed object - object was probably modified after being freed." Reproducible: Always Steps to Reproduce: 1. Visit webpage specified in report. Actual Results: Crash Expected Results: Page should have rendered
Any chance you could submit a crash report using the crash reporter that's part of Firefox, then go to about:crashes, and post the crash ID in this bug? (Bugzilla will even turn the IDs into links when they start with "bp-", as in bug 645072 comment 4.)
Version: unspecified → 2.0 Branch
Unfortunately, when I enable the crash reporter, either the crash happens without being reported. After more testing I have noticed that it sometimes doesn't crash, but if I try to visit the page soon after starting Firefox (and especially if it somehow ends up being part of the saved session), it almost surely crashes.
(In reply to comment #0) > since the update to > 4.0.1, I have encountered some rendering bugs (IPA length colon is misplaced, > for example) Please file a separate bug report with a specific testcase for this. I'm aware of changes in 4.0.1 that may be related to this, but will need to look at the particular font involved. > Stack traces follow. The error each time indicates "incorrect checksum for > freed object - object was probably modified after being freed." I'm not sure there's any firm evidence here that this crash is font-related. The memory problem is _detected_ (leading to the crash) when text-shaping code wants to allocate storage, but the damage must have occurred prior to this, and might originate somewhere quite different.
(In reply to comment #4) > (In reply to comment #0) > > > since the update to > > 4.0.1, I have encountered some rendering bugs (IPA length colon is misplaced, > > for example) > > Please file a separate bug report with a specific testcase for this. I'm aware > of changes in 4.0.1 that may be related to this, but will need to look at the > particular font involved. Please see bug #653993 for details. > I'm not sure there's any firm evidence here that this crash is font-related. > The memory problem is _detected_ (leading to the crash) when text-shaping code > wants to allocate storage, but the damage must have occurred prior to this, and > might originate somewhere quite different. Very true, but the fact that it's occurring on a linguistics webpage full of combining diacritics and other special symbols, together with my observation that there are some rendering bugs for IPA symbols, suggests to me that it's font related.
(In reply to comment #5) > Please see bug #653993 for details. Thanks. OK, that is a separate issue - it's caused by a font error, but it only affects glyph spacing, it seems unlikely to be related to the crash described here. > Very true, but the fact that it's occurring on a linguistics webpage full of > combining diacritics and other special symbols, Yes, this is suggestive though not conclusive. I've tried repeatedly loading that page, including in a saved session (see comment #3), but have not yet been able to reproduce this crash. I wonder if it might be related to some other font you have installed locally (and that may be getting used during font fallback for some characters on the page). Could you try disabling all non-standard fonts (or create a new OS X user account for testing purposes) and see if the problem persists? Also, if you have any addons or extensions in Firefox, please try disabling them in order to narrow down the field of investigation.
(In reply to comment #6) > I wonder if it might be related to some other font you have installed locally > (and that may be getting used during font fallback for some characters on the > page). Could you try disabling all non-standard fonts (or create a new OS X > user account for testing purposes) and see if the problem persists? My default font is Tahoma and has most of the relevant glyphs on the page. I suspected font substitution as well, but it seems unlikely. Another reason why I suspect a font-related issue is Apple's recent bugfix release: http://support.apple.com/kb/HT4605 — "The Snow Leopard Font Update contains fixes for Mac OS X v10.6.7 that address issues displaying and printing OpenType fonts." On the other hand, I get the same crash whether my default font to Arial, Arial Unicode MS, Calbiri, or Lucida Grande, (Wikipedia respects the user's choice of (sans-serif) font) so it may well *not* be a font problem after all. > Also, if you have any addons or extensions in Firefox, please try disabling > them in order to narrow down the field of investigation. The crash is reproducible in Safe Mode.
The problem is *not* reproducible in a new Firefox profile, however, if I copy my prefs.js into the new profile, the crash happens. I attach the problematic prefs.js file.
Attached file Collected stack traces
Just in case anyone is still watching this, I've attached a collection of stack traces. (The offending exception is triggered in a few different contexts, hopefully there's a common theme which narrows down the problem.) On the bright side, I have narrowed down the trigger to just one setting: if I set font.name.sans-serif.x-unicode to Tahoma, then it crashes on a fresh profile. For completeness, I have MD5 (/Library/Fonts/Tahoma Bold.ttf) = 6bdcb12d1af7ace0ec2fbfc94d0f84da MD5 (/Library/Fonts/Tahoma.ttf) = 976aaea9966bbce5f9713ba2a27950e7 The mtime is 16 Jul 2009 so I presume these are the ones that shipped with Snow Leopard.
Thanks for the additional details. I'll try to reproduce this locally; if I can get it to happen under a debugger, perhaps we can figure out the root cause.
Low, do you see this wit version 11 or newer?
No, I can no longer reproduce the problem. I guess this bug can be marked as closed.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: