682812 - Firefox 6 crash on "http://www.yandex.ru" [@ gfxUnicodeProperties::ScriptShapingType(int) ]

Status: RESOLVED INCOMPLETE

(Core :: Layout: Text and Fonts, defect)

Description

[Grunin Yuriy]

Attachment: Firefox troubleshooting info

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20100101 Firefox/6.0
Build ID: 20110811165603

Steps to reproduce:

Go to www.yandex.ru
Enter "песьмо" in the search field. Press "Enter".


Actual results:

Firefox will crash trying to load the next page and Firefox debugger can't catch the exception.
This is reproducing even in the safe mode.


Expected results:

The page should load normally.

Comment 1

[Grunin Yuriy]

Attachment: Mac OS X Crash Report

Comment 2

[Mats Palmgren (inactive)]

The stack is similar to the one in bug 644591.

Comment 3

[Jonathan Kew [:jfkthame]]

The "gfxUnicodeProperties::ScriptShapingType" frame here (or gfxUnicodeProperties::ScriptShapingLevel in bug 644591) is misleading; note the large offsets shown in the backtrace, whereas those are quite short functions. (Also, note that gfxFont::InitTextRun does not actually call these functions at all.)

I think the real crash location must be in some other function that doesn't have symbols available, and this is just the closest available symbol that the stack walker can find.

Comment 4

[Mats Palmgren (inactive)]

The stack frames 13..17 looks valid though, and gfxFont::InitTextRun() does
call gfxPlatform::GetPlatform()->UseHarfBuzzForScript() which calls
gfxUnicodeProperties::ScriptShapingType(), so it may just be the stack walker
that's confused about frames 11 and 12 by inlining or something.

Comment 5

[Mats Palmgren (inactive)]

ScriptShapingType is gone (at least) in v45 or newer, so this crash must have moved
to a new signature, if it still exists.
https://dxr.mozilla.org/mozilla-esr45/search?q=ScriptShapingType