Bug 158145 - Firefox crashes in pango when viewing a particular page
Firefox crashes in pango when viewing a particular page
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
3
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Christopher Aillon
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-18 22:32 EDT by Dean Brettle
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-30 15:47:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Page which causes crash (23.08 KB, text/html)
2005-05-18 22:41 EDT, Dean Brettle
no flags Details
Error output from firefox -safe-mode (2.14 KB, text/plain)
2005-05-18 22:41 EDT, Dean Brettle
no flags Details

  None (edit)
Description Dean Brettle 2005-05-18 22:32:12 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Firefox crashes when viewing the Wikinews preferences page.  I'll attach the page since you need an account to see it.  I'll also attach the output from running "firefox -safe-mode".  It seems to indicate that the crash originates in pango.  


Version-Release number of selected component (if applicable):
firefox-1.0.4-1.3.1

How reproducible:
Always

Steps to Reproduce:
1.  Open the attached web page with firefox (with -safe-mode option to get the error output).
  

Actual Results:  Crash with attached stack trace.

Expected Results:  Page should have displayed.

Additional info:

Here's the tail end of the output:

(Gecko:31347): GLib-GObject-CRITICAL **: file gobject.c: line 1561 (g_object_ref): assertion `G_IS_OBJECT (object)' failed

** (Gecko:31347): CRITICAL **: file pango-engine.c: line 68 (_pango_engine_shape_shape): assertion `PANGO_IS_FONT (font)' failed

** ERROR **: file shape.c: line 75 (pango_shape): assertion failed: (glyphs->num_glyphs > 0)
aborting...
/usr/lib64/firefox-1.0.4/run-mozilla.sh: line 159: 31347 Aborted  "$prog" ${1+"$@"}


I can workaround the problem by setting MOZ_DISABLE_PANGO=1.

I'm running pango-1.6.0-7.

Setting severity to "High" instead of "Security" because the only obvious security   vulnerability is DoS (because firefox crashes).  The crash seems to be a controlled crash caused by an assertion failure.

Possibly related to bug 151628 or bug 157600.
Comment 1 Dean Brettle 2005-05-18 22:41:26 EDT
Created attachment 114549 [details]
Page which causes crash
Comment 2 Dean Brettle 2005-05-18 22:41:59 EDT
Created attachment 114550 [details]
Error output from firefox -safe-mode
Comment 3 Warren Togami 2005-05-19 00:35:10 EDT
Unable to reproduce with firefox-1.0.4-2 x86_64 here.
Comment 4 Dean Brettle 2005-05-19 03:32:59 EDT
(In reply to comment #3)
> Unable to reproduce with firefox-1.0.4-2 x86_64 here.
> 

I just did the following:

1. Installed firefox-1.0.4-2 x86_64, but the problem still occurred.
2. Installed pango-1.8.1-2, ignoring lots of warnings that look like this:

Cannot load module /usr/lib64/pango/1.4.0/modules/pango-tibetan-fc.so:
/usr/lib64/pango/1.4.0/modules/pango-tibetan-fc.so: undefined symbol:
g_assert_warning
/usr/lib64/pango/1.4.0/modules/pango-tibetan-fc.so does not export Pango module API
Cannot load module /usr/lib64/pango/1.4.0/modules/pango-basic-x.so:
/usr/lib64/pango/1.4.0/modules/pango-basic-x.so: undefined symbol:
g_return_if_fail_warning
...

3. Tried to run firefox with the new pango.  It doesn't even start -- I get the
following error:
(Gecko:32598): GLib-GObject-CRITICAL **: file gobject.c: line 1561
(g_object_ref): assertion `G_IS_OBJECT (object)' failed
/usr/lib64/firefox-1.0.4/firefox-bin: symbol lookup error:
/usr/lib64/libpango-1.0.so.0: undefined symbol: g_return_if_fail_warning

4. Decided I couldn't live without my browser, so:
rpm --nodeps -e pango.i386 pango.x86_64 pango-devel.i386 pango-devel.x86_64
yum -y install pango pango.devel
rpm -e firefox
yum -y install firefox

That installed firefox-1.0.4-1.3.1 and pango-1.6.0-7 (ie the versions I
originally reported).

BUT, now I can't reproduce the bug anymore.  Maybe some other package had
changed some pango file and caused the bug, and reinstalling pango undid that
change and fixed it?

Let me know if there is something I can do to further diagnose.



Comment 5 Warren Togami 2005-09-30 15:47:01 EDT
REOPEN if you can reliably reproduce this problem with the latest FC updates or
rawhide.

Note You need to log in before you can comment on or make changes to this bug.