Bug 181361

Summary: fontconfig crashes when reading font cache files
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: fontconfigAssignee: Matthias Clasen <mclasen>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bos, pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-27 06:45:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150222    

Description Dave Jones 2006-02-13 17:17:00 UTC 
even after rm -rf ~/.mozilla I get this..

Core was generated by `/usr/lib64/firefox-1.5.0.1/firefox-bin -UILocale en-US'.
Program terminated with signal 11, Segmentation fault.

(gdb) bt
#0  0x00000038f350cbcd in raise () from /lib64/libpthread.so.0
#1  0x00000000004135ab in nsProfileLock::FatalSignalHandler (signo=11) at
nsProfileLock.cpp:206
#2  <signal handler called>
#3  0x00002af1df2faa03 in FcCharSetIsSubset (a=0x2aaaab6e7480, b=0xbb10a0) at
fccharset.c:674
#4  0x00002af1df3056de in FcFontSetSort (config=Variable "config" is not available.
) at fcmatch.c:809
#5  0x00002af1df305a06 in FcFontSort (config=0x0, p=0xb15fc0, trim=1, csp=0x0,
result=0x7fffff8c8e8c) at fcmatch.c:1032
#6  0x00002af1dfb6ab88 in pango_fc_font_map_get_type () from
/usr/lib64/libpangoft2-1.0.so.0
#7  0x00002af1de877dbd in pango_context_get_font_description () from
/usr/lib64/libpango-1.0.so.0
#8  0x00002af1de8780fd in pango_itemize_with_base_dir () from
/usr/lib64/libpango-1.0.so.0
#9  0x00002af1de878181 in pango_itemize () from /usr/lib64/libpango-1.0.so.0
#10 0x00002af1ea819c9d in nsFontMetricsPango::CacheFontMetrics
(this=0x2aaaaaf0d620) at nsFontMetricsPango.cpp:265
#11 0x00002af1ea81bafd in nsFontMetricsPango::Init (this=0x2aaaaaf0d620,
aFont=Variable "aFont" is not available.
) at nsFontMetricsPango.cpp:251
#12 0x00002af1e3d98a51 in nsFontCache::GetMetricsFor (this=0x2aaaaaf125e0,
aFont=@0x2aaaaaf0a838, aLangGroup=0xa79bb0, aMetrics=@0x7fffff8c9250) at
nsDeviceContext.cpp:631
#13 0x00002af1e5579f5e in nsHTMLReflowState::CalcLineHeight
(aPresContext=Variable "aPresContext" is not available.
) at nsHTMLReflowState.cpp:2263
#14 0x00002af1e556193d in nsBlockReflowState (this=0x7fffff8c93b0,
aReflowState=@0x7fffff8c9700, aPresContext=0xacf130, aFrame=0x2aaaaaf087d0,
aMetrics=@0x7fffff8c9810, aTopMarginRoot=4194304,
    aBottomMarginRoot=4194304) at nsBlockReflowState.cpp:172
#15 0x00002af1e555ebb9 in nsBlockFrame::Reflow (this=0x2aaaaaf087d0,
aPresContext=0xacf130, aMetrics=@0x7fffff8c9810, aReflowState=@0x7fffff8c9700,
aStatus=@0x7fffff8c9a7c)
    at nsBlockFrame.cpp:770
#16 0x00002af1e55655fc in nsContainerFrame::ReflowChild (this=Variable "this" is
not available.
) at nsContainerFrame.cpp:904
#17 0x00002af1e557922e in CanvasFrame::Reflow (this=0xad6040,
aPresContext=0xacf130, aDesiredSize=@0x7fffff8c9b20,
aReflowState=@0x7fffff8c9930, aStatus=@0x7fffff8c9a7c) at nsHTMLFrame.cpp:531
#18 0x00002af1e55655fc in nsContainerFrame::ReflowChild (this=Variable "this" is
not available.
) at nsContainerFrame.cpp:904
#19 0x00002af1e5576055 in nsHTMLScrollFrame::ReflowScrolledFrame (this=0xad6288,
aState=@0x7fffff8c9bf0, aAssumeHScroll=Variable "aAssumeHScroll" is not available.
) at nsGfxScrollFrame.cpp:515
#20 0x00002af1e5576160 in nsHTMLScrollFrame::ReflowContents (this=0xad6288,
aState=0x7fffff8c9bf0, aDesiredSize=@0x7fffff8ca030) at nsGfxScrollFrame.cpp:570
#21 0x00002af1e5576de6 in nsHTMLScrollFrame::Reflow (this=0xad6288,
aPresContext=Variable "aPresContext" is not available.
) at nsGfxScrollFrame.cpp:768
#22 0x00002af1e55655fc in nsContainerFrame::ReflowChild (this=Variable "this" is
not available.
) at nsContainerFrame.cpp:904
#23 0x00002af1e55ad1b1 in ViewportFrame::Reflow (this=0xad5f40,
aPresContext=0xacf130, aDesiredSize=@0x7fffff8ca210,
aReflowState=@0x7fffff8ca100, aStatus=@0x7fffff8ca2bc)
    at nsViewportFrame.cpp:239
#24 0x00002af1e5547f17 in PresShell::InitialReflow (this=0xad4ce0,
aWidth=Variable "aWidth" is not available.
) at nsPresShell.cpp:2865
#25 0x00002af1e56735a0 in nsContentSink::StartLayout (this=0xacad70,
aIsFrameset=Variable "aIsFrameset" is not available.
) at nsContentSink.cpp:921
#26 0x00002af1e57157c6 in HTMLContentSink::OpenBody (this=0xacad70,
aNode=@0xad8100) at nsHTMLContentSink.cpp:2633
#27 0x00002af1e51d3992 in CNavDTD::OpenBody (this=0xad7cd0, aNode=0xad8100) at
CNavDTD.cpp:2968
#28 0x00002af1e51d6255 in CNavDTD::HandleDefaultStartToken (this=0xad7cd0,
aToken=0xac94a0, aChildTag=eHTMLTag_body, aNode=0xad8100) at CNavDTD.cpp:1281
#29 0x00002af1e51d6c07 in CNavDTD::HandleStartToken (this=0xad7cd0,
aToken=0xac94a0) at CNavDTD.cpp:1668
#30 0x00002af1e51d701c in CNavDTD::HandleToken (this=0xad7cd0, aToken=0xac94a0,
aParser=0xac9140) at CNavDTD.cpp:955
#31 0x00002af1e51d7439 in CNavDTD::BuildModel (this=0xad7cd0, aParser=0xac9140,
aTokenizer=Variable "aTokenizer" is not available.
) at CNavDTD.cpp:458
#32 0x00002af1e51e1eb7 in nsParser::BuildModel (this=0xac9140) at nsParser.cpp:2127
#33 0x00002af1e51e4e71 in nsParser::ResumeParse (this=0xac9140,
allowIteration=1, aIsFinalChunk=0, aCanInterrupt=1) at nsParser.cpp:1994
#34 0x00002af1e51e16aa in nsParser::OnDataAvailable (this=0xac9140,
request=Variable "request" is not available.
) at nsParser.cpp:2674
#35 0x00002af1e93325c7 in nsInputStreamPump::OnStateTransfer (this=0x9849e0) at
nsInputStreamPump.cpp:437
#36 0x00002af1e93326ab in nsInputStreamPump::OnInputStreamReady (this=0x9849e0,
stream=Variable "stream" is not available.
) at nsInputStreamPump.cpp:340
#37 0x00002af1ddaad183 in nsInputStreamReadyEvent::EventHandler
(plevent=Variable "plevent" is not available.
) at nsStreamUtils.cpp:119
#38 0x00002af1ddabdcad in PL_HandleEvent (self=0x984a68) at plevent.c:688
#39 0x00002af1ddabdebf in PL_ProcessPendingEvents (self=0x62aa20) at plevent.c:623
#40 0x00002af1ddabf2a7 in nsEventQueueImpl::ProcessPendingEvents (this=0x62a9e0)
at nsEventQueue.cpp:417
#41 0x00002af1eb02990a in event_processor_callback (source=Variable "source" is
not available.
) at nsAppShell.cpp:67
#42 0x00002af1ded5f01a in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#43 0x00002af1ded621a5 in g_main_context_check () from /usr/lib64/libglib-2.0.so.0
#44 0x00002af1ded624cd in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#45 0x00002af1de093c93 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0
#46 0x00002af1eb029c3c in nsAppShell::Run (this=0x908740) at nsAppShell.cpp:139
#47 0x00002af1e3fe4488 in nsAppStartup::Run (this=0x9086c0) at nsAppStartup.cpp:150
#48 0x000000000040b23f in XRE_main (argc=Variable "argc" is not available.
) at nsAppRunner.cpp:2313
#49 0x00000038f1d1cff4 in __libc_start_main () from /lib64/libc.so.6
#50 0x0000000000406b29 in _start ()
#51 0x00007fffff8cb2c8 in ?? ()
Comment 1 Sammy 2006-02-13 17:24:29 UTC 
Cannot reproduce with everything at todays rebuild EXCEPT kernel at test2
level. Kernel problem?
Comment 2 Dave Jones 2006-02-14 00:47:52 UTC 
no. fontconfig bug.
mv .fonts .fonts-foo fixed it.
moving them back, and rerunning fc-cache -f also fixed it.
Comment 3 Matthias Clasen 2006-02-22 14:16:44 UTC 
I'll be looking at getting 2.3.94  in fc5 if it appears in time.
Comment 4 Bryan O'Sullivan 2006-02-23 20:38:44 UTC 
This is a very nasty bug, as it makes the X server appear to die (since
gnome-session can't start metacity).
Comment 5 Matthias Clasen 2006-02-27 06:45:30 UTC 
2.3.94 is in rawhide now, and appears to be more stable than previous cvs
snapshots. Please reopen, if you still see crashes with it.