Description of problem: * firefox-1.5.0.7-3.fc6 * surf to www.paypal.com * print page * kaboom. [hanwen@haring tmp]$ gdb /usr/lib/firefox-1.5.0.7/firefox-bin GNU gdb Red Hat Linux (6.5-8_jkratoch0.fc6rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) r Starting program: /usr/lib/firefox-1.5.0.7/firefox-bin [Thread debugging using libthread_db enabled] [New Thread -1208886528 (LWP 3778)] [New Thread -1211155568 (LWP 3784)] [New Thread -1225786480 (LWP 3785)] [New Thread -1236276336 (LWP 3787)] Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} [New Thread -1247294576 (LWP 3789)] [New Thread -1257784432 (LWP 3790)] [Thread -1247294576 (LWP 3789) exited] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208886528 (LWP 3778)] IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57 57 if (fcs->ref == FC_REF_CONSTANT) Current language: auto; currently c (gdb) p fcs $1 = (FcCharSet *) 0xb70db2e8 (gdb) p *fcs Cannot access memory at address 0xb70db2e8 (gdb) bt #0 IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57 #1 0x054572d3 in ~nsFontMetricsPS (this=0xab46cb8) at nsFontMetricsPS.cpp:111 #2 0x05456fab in nsFontMetricsPS::Release (this=0x0) at nsFontMetricsPS.cpp:135 #3 0x006757c7 in nsFontCache::Flush (this=0xaa98270) at nsDeviceContext.cpp:715 #4 0x006758c4 in ~nsFontCache (this=0xaa98270) at nsDeviceContext.cpp:580 #5 0x0545448a in ~nsFontCachePS (this=0xaa98270) at nsDeviceContextPS.cpp:547 #6 0x00675188 in ~DeviceContextImpl (this=0xb6fa4b78) at nsDeviceContext.cpp:88 #7 0x054539d8 in ~nsDeviceContextPS (this=0xb6fa4b78) at nsDeviceContextPS.cpp:134 #8 0x00675a24 in DeviceContextImpl::Release (this=0x0) at nsDeviceContext.cpp:54 #9 0x054537f8 in nsDeviceContextPS::Release (this=0xb6fa4b78) at nsDeviceContextPS.cpp:179 #10 0x02d676ad in ~nsCOMPtr_base (this=<value optimized out>) at nsCOMPtr.cpp:81 #11 0x0651c652 in ~nsCOMPtr (this=0xb71b135c) at dist/include/xpcom/nsCOMPtr.h:542 #12 0x066058e4 in ~nsPrintData (this=0xb71b1358) at nsPrintData.cpp:159 #13 0x06601fb3 in nsPrintEngine::Destroy (this=0xb6f6aa80) at nsPrintEngine.cpp:283 #14 0x06519f1e in DocumentViewerImpl::OnDonePrinting (this=0xa665de0) at nsDocumentViewer.cpp:4141 #15 0x065fc722 in HandlePLEvent (aEvent=0xb6facfa0) at nsPrintEngine.cpp:4549 #16 0x02da8bfd in PL_HandleEvent (self=0xb6facfa0) at plevent.c:688 #17 0x02da8e86 in PL_ProcessPendingEvents (self=0x9cd30f0) at plevent.c:623 #18 0x02daa6b3 in nsEventQueueImpl::ProcessPendingEvents (this=0x9cd30a8) at nsEventQueue.cpp:417 #19 0x00e3ac16 in event_processor_callback (source=0x9dbf320, condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67 #20 0x0029494d in g_io_channel_unix_get_fd () from /lib/libglib-2.0.so.0 #21 0x0026b342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #22 0x0026e31f in g_main_context_check () from /lib/libglib-2.0.so.0 #23 0x0026e6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0 #24 0x027621c4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #25 0x09e01ef0 in ?? () #26 0x09e01ef0 in ?? () #27 0x00000001 in ?? () #28 0x00000001 in ?? () #29 0x00000000 in ?? () (gdb)
firefox-1.5.0.7-5.fc6.x86_64 Any page will do. Ask.com. google, etc. The page does print, but ff segfaults immediately.
Seems fixed now (firefox-1.5.0.7-5.fc6)
But not when PANGO is disabled. We need this fixed with pango disabled.
Not going to respin for the pango disabled case, since it is not the default in Core. The fix for the non-pango case is already committed upstream to the branch, so the non-pango case will be fixed when we pull in 1.5.0.8.
*** Bug 213275 has been marked as a duplicate of this bug. ***