Bug 502274

Summary: firefox: cairo-ft-font.c:554: _cairo_ft_unscaled_font_lock_face: Assertion `!unscaled->from_face' failed
Product: [Fedora] Fedora Reporter: Bill McGonigle <bill-bugzilla.redhat.com>
Component: cairoAssignee: Behdad Esfahbod <behdad>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: behdad, bernie+fedora, dexterthrowaway, kasmith, konstanty
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://cgit.freedesktop.org/cairo/commit/?h=1.8&id=0137b9bd320783264d865a397392b0ee14fd69b3
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-28 08:40:35 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Bill McGonigle 2009-05-22 19:19:56 EDT
Firefox is crashing rather frequently, often when closing a tab.

Tracing the error message through mozilla bugzilla, it's apparently a cairo bug.

URL field points to patch. Entered mozilla bug number in external bugs.

firefox-3.5-0.20.beta4.fc11.i586
cairo-1.8.6-2.fc11.i586
Comment 1 Bill McGonigle 2009-05-22 19:23:14 EDT
adding freedesktop.org external bug.
Comment 2 Bill McGonigle 2009-05-22 19:26:34 EDT
correcting to non-dupe mozilla bug which has a note for packagers but leads me to think it should be fixed in b4 on the firefox side.
Comment 3 Bill McGonigle 2009-05-27 23:20:17 EDT
I went ahead and made a new version with the patch since my firefox was crashing left and right.

It's the current version plus the aforementioned patch.  So far so good, but I've tested very lightly.

SRPM in my repo here:
  http://swdist.bfccomputing.com/f11-i386-bfc/source/SRPMS/cairo-1.8.6-3.fc11.src.rpm

n.b. --target x86_64 didn't work for me, and I haven't learned mock, so there are only i586 versions in that repo and I haven't tested on 64-bit at all.
Comment 4 Bernie Innocenti 2009-05-28 09:50:28 EDT
(In reply to comment #3)
> http://swdist.bfccomputing.com/f11-i386-bfc/source/SRPMS/cairo-1.8.6-3.fc11.src.rpm
> 
> n.b. --target x86_64 didn't work for me, and I haven't learned mock, so there
> are only i586 versions in that repo and I haven't tested on 64-bit at all.  

x86_64 builds and works for me.
Comment 5 Bug Zapper 2009-06-09 12:24:22 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Konstanty 2009-06-16 08:09:49 EDT
Thanks for the cairo src rpm (I've successfully built it for x86_64, like comment #4) - the crashes happen at least once an hour. And the crashes (especially on "recover" ironically) are like you say on your website - basically 50% of the time.
Comment 7 Karl Hastings 2009-07-02 17:01:34 EDT
Firefox (firefox-3.5-1.fc11.x86_64) crashes within 5 minutes whenever I visit this URL:
http://hacks.mozilla.org/2009/06/beautiful-fonts-with-font-face/

[New Thread 0x7f3553ebd910 (LWP 10620)]
firefox: cairo-ft-font.c:554: _cairo_ft_unscaled_font_lock_face: Assertion `!unscaled->from_face' failed.

Program received signal SIGABRT, Aborted.
0x0000003e9ba332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
Current language:  auto; currently minimal
(gdb) bt
#0  0x0000003e9ba332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003e9ba34b20 in *__GI_abort () at abort.c:88
#2  0x0000003e9ba2c2fa in *__GI___assert_fail (assertion=0x30c806221f "!unscaled->from_face", file=<value optimized out>, line=554, function=0x30c80623e0 "_cairo_ft_unscaled_font_lock_face") at assert.c:78
#3  0x00000030c8049ca0 in _cairo_ft_unscaled_font_lock_face (unscaled=0x7f3540f08590) at cairo-ft-font.c:554
#4  0x00000030c804b897 in cairo_ft_scaled_font_lock_face (abstract_font=0x7f3549958940) at cairo-ft-font.c:2660
#5  0x00000030c7c255fe in basic_engine_shape (engine=<value optimized out>, font=0x2953, text=0x6 <Address 0x6 out of bounds>, length=-1, analysis=0x7f355f622040, glyphs=0x2953) at basic-fc.c:146
#6  0x00000030c922b74a in pango_shape (text=0x7fff6772e563 "The Potential of Web Typography:", length=32, analysis=0x7f3540f3cc90, glyphs=0x7f35359f84a0) at shape.c:55
#7  0x00007f355e171a7c in gfxPangoFontGroup::CreateGlyphRunsItemizing (this=0x7f355056b060, aTextRun=0x7f3540f09030, aUTF8=<value optimized out>, aUTF8Length=<value optimized out>, aUTF8HeaderLen=<value optimized out>) at gfxPangoFonts.cpp:3565
#8  0x00007f355e17397c in gfxPangoFontGroup::MakeTextRun (this=0x7f355056b060, aString=0x7fff6772ebe0 "The Potential of Web Typography:", aLength=32, aParams=<value optimized out>, aFlags=<value optimized out>) at gfxPangoFonts.cpp:2813
#9  0x00007f355e16d457 in TextRunWordCache::MakeTextRun (this=0x7f35550ee0b0, aText=<value optimized out>, aLength=<value optimized out>, aFontGroup=0x7f355056b060, aParams=0x7fff6772ee20, aFlags=<value optimized out>) at gfxTextRunWordCache.cpp:807
#10 0x00007f355da62326 in MakeTextRun (aFlags=<value optimized out>, aParams=<value optimized out>, aFontGroup=<value optimized out>, aLength=<value optimized out>, aText=<value optimized out>) at nsTextFrameThebes.cpp:431
#11 BuildTextRunsScanner::BuildTextRunForFrames (aFlags=<value optimized out>, aParams=<value optimized out>, aFontGroup=<value optimized out>, aLength=<value optimized out>, aText=<value optimized out>) at nsTextFrameThebes.cpp:1789
#12 0x00007f355da62a22 in BuildTextRunsScanner::FlushFrames (this=0x7fff67731310, aFlushLineBreaks=1, aSuppressTrailingBreak=0) at nsTextFrameThebes.cpp:1183
#13 0x00007f355da63288 in BuildTextRuns(gfxContext *, nsTextFrame *, struct nsIFrame *, const nsLineList_iterator *) (aContext=<value optimized out>, aForFrame=0x1, aLineContainer=<value optimized out>, aForFrameLine=0x1) at nsTextFrameThebes.cpp:1114
#14 0x00007f355da6344c in nsTextFrame::EnsureTextRun (this=0x7f354fcae250, aReferenceContext=<value optimized out>, aLineContainer=0x0, aLine=0x0, aFlowEndInTextRun=0x0) at nsTextFrameThebes.cpp:1969
#15 0x00007f355da67878 in nsTextFrame::PaintText (this=0x7f354fcae250, aRenderingContext=0x7f35359f91c0, aPt={x = 2190, y = 6750}, aDirtyRect=@0x7fff67731b40) at nsTextFrameThebes.cpp:4502
#16 0x00007f355da67be8 in nsDisplayText::Paint (this=0x7f3549887210, aBuilder=<value optimized out>, aCtx=0x7f35359f91c0, aDirtyRect=<value optimized out>) at nsTextFrameThebes.cpp:3778
#17 0x00007f355d9e873c in nsDisplayList::Paint (this=<value optimized out>, aBuilder=0x7fff67731c70, aCtx=0x7f35359f91c0, aDirtyRect=@0x7fff67731b40) at nsDisplayList.cpp:313
#18 0x00007f355d9e8908 in nsDisplayWrapList::Paint (aDirtyRect=<value optimized out>, aCtx=<value optimized out>, aBuilder=<value optimized out>, this=<value optimized out>, this=<value optimized out>, aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value optimized out>) at nsDisplayList.cpp:791
#19 nsDisplayClip::Paint (aDirtyRect=<value optimized out>, aCtx=<value optimized out>, aBuilder=<value optimized out>, this=<value optimized out>, this=<value optimized out>, aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value optimized out>) at nsDisplayList.cpp:978
#20 0x00007f355d9e873c in nsDisplayList::Paint (this=<value optimized out>, aBuilder=0x7fff67731c70, aCtx=0x7f35359f91c0, aDirtyRect=@0x7fff677321c0) at nsDisplayList.cpp:313
#21 0x00007f355d9faaa6 in nsLayoutUtils::PaintFrame (aRenderingContext=<value optimized out>, aFrame=0x7f354cbe59e0, aDirtyRegion=@0x7fff67732190, aBackground=<value optimized out>) at nsLayoutUtils.cpp:1114
#22 0x00007f355da02810 in PresShell::Paint (this=0x7f354ba5f000, aView=<value optimized out>, aRenderingContext=0x7f35359f91c0, aDirtyRegion=@0x7fff67732190) at nsPresShell.cpp:5725
#23 0x00007f355dc905cb in nsViewManager::RenderViews (this=0x7f354bb1c590, aView=<value optimized out>, aRC=@0x7f35359f91c0, aRegion=<value optimized out>) at nsViewManager.cpp:648
#24 0x00007f355dc90c93 in nsViewManager::Refresh (this=0x7f354bb1c590, aView=0x7f354b770ea0, aContext=<value optimized out>, aRegion=<value optimized out>, aUpdateFlags=<value optimized out>) at nsViewManager.cpp:512
#25 0x00007f355dc91261 in nsViewManager::DispatchEvent (this=0x7f354bb1c590, aEvent=0x7fff677324d0, aStatus=0x7f354ba5f0d8) at nsViewManager.cpp:1153
#26 0x00007f355dc8c75f in HandleEvent (aEvent=0x7fff677324d0) at nsView.cpp:168
#27 0x00007f355e03ac91 in nsWindow::DispatchEvent (this=0x7f354ca24380, aEvent=<value optimized out>, aStatus=@0x6) at nsWindow.cpp:577
#28 0x00007f355e04446b in nsWindow::OnExposeEvent (this=0x7f354ca24380, aWidget=<value optimized out>, aEvent=0x7fff67732ba0) at nsWindow.cpp:2471
#29 0x00007f355e04486c in expose_event_cb (widget=0x7f354ff15c80, event=0x7fff67732ba0) at nsWindow.cpp:5404
#30 0x00000030c8d2dce8 in _gtk_marshal_BOOLEAN__BOXED (closure=0x7f354ff4e370, return_value=0x7fff67732870, n_param_values=<value optimized out>, param_values=0x7f354070ddc0, invocation_hint=<value optimized out>, marshal_data=0x7f355e044838) at gtkmarshalers.c:84
#31 0x00000030c640b83e in IA__g_closure_invoke (closure=0x7f354ff4e370, return_value=0x7fff67732870, n_param_values=2, param_values=0x7f354070ddc0, invocation_hint=0x7fff67732830) at gclosure.c:767
#32 0x00000030c6420b83 in signal_emit_unlocked_R (node=0x7f355f4dac40, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247
#33 0x00000030c6421ddc in IA__g_signal_emit_valist (instance=0x7f354ff15c80, signal_id=<value optimized out>, detail=0, var_args=0x7fff67732a20) at gsignal.c:2990
#34 0x00000030c6422493 in IA__g_signal_emit (instance=0x2953, signal_id=10579, detail=6) at gsignal.c:3037
#35 0x00000030c8e3143f in gtk_widget_event_internal (widget=0x7f354ff15c80, event=0x7fff67732ba0) at gtkwidget.c:4761
#36 0x00000030c8d27711 in IA__gtk_main_do_event (event=0x7fff67732ba0) at gtkmain.c:1562
#37 0x00000030c8437472 in gdk_window_process_updates_internal (window=0x7f3550547d80) at gdkwindow.c:2611
#38 0x00000030c84379a1 in IA__gdk_window_process_all_updates () at gdkwindow.c:2677
#39 0x00000030c84379c9 in gdk_window_update_idle (data=0x2953) at gdkwindow.c:2521
#40 0x00000030c841c366 in gdk_threads_dispatch (data=0x7f355f5b9ce0) at gdk.c:498
#41 0x00000030c6037afe in g_main_dispatch (context=<value optimized out>) at gmain.c:1814
#42 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2367
#43 0x00000030c603b1d8 in g_main_context_iterate (context=0x7f355f459870, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2445
#44 0x00000030c603b300 in IA__g_main_context_iteration (context=0x7f355f459870, may_block=0) at gmain.c:2508
#45 0x00007f355e05b57f in nsBaseAppShell::DoProcessNextNativeEvent (this=0x2953, mayWait=10579) at nsBaseAppShell.cpp:151
#46 0x00007f355e05b68b in nsBaseAppShell::OnProcessNextEvent (this=0x7f3557341880, thr=0x7f355f43b790, mayWait=1, recursionDepth=<value optimized out>) at nsBaseAppShell.cpp:278
#47 0x00007f355e130e98 in nsThread::ProcessNextEvent (this=0x7f355f43b790, mayWait=1, result=0x7fff67732ebc) at nsThread.cpp:497
#48 0x00007f355e102600 in NS_ProcessNextEvent_P (thread=0x2953, mayWait=10579) at nsThreadUtils.cpp:227
#49 0x00007f355e05b7c9 in nsBaseAppShell::Run (this=0x7f3557341880) at nsBaseAppShell.cpp:170
#50 0x00007f355df09ce8 in nsAppStartup::Run (this=0x7f3557364c80) at nsAppStartup.cpp:193
#51 0x00007f355d849038 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3298
#52 0x000000000040252e in main (argc=1, argv=0x7fff677378f8) at nsXULStub.cpp:482
Comment 8 Karl Hastings 2009-07-02 17:06:12 EDT
Sorry wrong cut/paste.  The URL I've been having problems with is: http://craigmod.com/journal/font-face/
Comment 9 Bill McGonigle 2009-07-06 19:36:30 EDT
In case anybody needs 64-bit binaries, I just got such a machine, and put up some RPM's here:

  http://swdist.bfccomputing.com/f11-x86_64-bfc/x86_64/os/
Comment 10 Bernie Innocenti 2009-07-07 03:30:07 EDT
(In reply to comment #9)
> In case anybody needs 64-bit binaries, I just got such a machine, and put up
> some RPM's here:
> 
>   http://swdist.bfccomputing.com/f11-x86_64-bfc/x86_64/os/  

Thanks.
Comment 11 Bill McGonigle 2009-07-07 13:23:14 EDT
Could folks who've tried the patch confirm or deny it's effectiveness (if you haven't already).
Comment 12 dexterthrowaway 2009-07-07 23:55:18 EDT
Installed the x86_64 cairo RPM. Been running firefox from console for about 1 hour now with the craigmod.com page in one tab, plus multiple other tabs with @font-face samples and other general pages I normally go to. So far no cairo error message and no crash on my end.
Comment 13 Bug Zapper 2010-04-27 10:28:55 EDT
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 14 Bill McGonigle 2010-04-27 12:13:08 EDT
I don't think I've seen this crash in a while - maybe upstream picked up the fix?
Comment 15 Bug Zapper 2010-06-28 08:40:35 EDT
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.