Bug 235938 - firefox crashes displaying gmail/spam folder
Summary: firefox crashes displaying gmail/spam folder
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: freetype
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Behdad Esfahbod
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-10 21:33 UTC by Tom London
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-04-11 13:24:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Tom London 2007-04-10 21:33:10 UTC 
Description of problem:
I can reliably reproduce a firefox crash by trying to look at my spam folder in
my gmail account:

[New Thread -1298359408 (LWP 25715)]
*** glibc detected *** /usr/lib/firefox-2.0.0.3/firefox-bin: free(): invalid
next size (fast): 0x0ae97520 ***
======= Backtrace: =========
/lib/libc.so.6[0x47b48bed]
/lib/libc.so.6(cfree+0x90)[0x47b4c210]
/usr/lib/libfreetype.so.6[0x4976800d]
/usr/lib/libfreetype.so.6(ft_mem_free+0x1a)[0x4976b7da]
/usr/lib/libfreetype.so.6(ft_glyphslot_free_bitmap+0x4c)[0x4976bc9c]
/usr/lib/libfreetype.so.6(FT_Load_Glyph+0x40)[0x4976cb20]
/usr/lib/libcairo.so.2[0x49caff94]
/usr/lib/libcairo.so.2[0x49c9fdaf]
/usr/lib/libcairo.so.2(cairo_scaled_font_glyph_extents+0xa0)[0x49ca0a50]
/usr/lib/libpangocairo-1.0.so.0[0x49c82c1c]
/usr/lib/libpango-1.0.so.0(pango_font_get_glyph_extents+0x3e)[0x48422c9e]
/usr/lib/libpangoft2-1.0.so.0(pango_ot_buffer_output+0x18a)[0x4982947a]
/usr/lib/libpangoft2-1.0.so.0[0x49845147]
/usr/lib/libpango-1.0.so.0[0x4842aa3a]
/usr/lib/libpango-1.0.so.0(pango_shape+0xf7)[0x4843bb47]
/usr/lib/libpango-1.0.so.0[0x4842e88a]
/usr/lib/libpango-1.0.so.0[0x484314f5]
/usr/lib/libpango-1.0.so.0[0x48431a5d]
/usr/lib/libpango-1.0.so.0(pango_layout_get_line+0x2f)[0x48433b1f]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x6eb354]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x6ecda0]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x6e190f]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x6f1f9f]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10eeb53]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10f480f]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10d07f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10cb681]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10cb8f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10cbc9d]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10d07f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2482]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2932]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2bb0]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2dfa]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a3387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a6206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10acf03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1176e59]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10acf03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x118b36e]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x11898af]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10acf03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x118cecd]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x118ea29]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10acf03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1180d45]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x11813f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1184ff9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10acf03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x11871ae]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x11880b3]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a7c99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a1cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a3387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a6206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a7c99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a1cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a2cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a3387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a6206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a7c99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10a1cb9]
======= Memory map: ========
00110000-0017e000 r-xp 00000000 fd:00 5704947   
/usr/lib/firefox-2.0.0.3/components/libtoolkitcomps.so
0017e000-00181000 rw-p 0006e000 fd:00 5704947   
/usr/lib/firefox-2.0.0.3/components/libtoolkitcomps.so
00181000-001ca000 r-xp 00000000 fd:00 5704891   
/usr/lib/firefox-2.0.0.3/components/libembedcomponents.so
001ca000-001cc000 rw-p 00049000 fd:00 5704891   
/usr/lib/firefox-2.0.0.3/components/libembedcomponents.so
001cc000-001d3000 r-xp 00000000 fd:00 5704946   
/usr/lib/firefox-2.0.0.3/components/libsystem-pref.so
001d3000-001d4000 rw-p 00007000 fd:00 5704946   
/usr/lib/firefox-2.0.0.3/components/libsystem-pref.so
001d4000-001db000 r-xp 00000000 fd:00 7212324    /lib/librt-2.5.90.so
001db000-001dc000 r--p 00006000 fd:00 7212324    /lib/librt-2.5.90.so
001dc000-001dd000 rw-p 00007000 fd:00 7212324    /lib/librt-2.5.90.so
001dd000-001e0000 r-xp 00000000 fd:00 5669099   
/usr/lib/firefox-2.0.0.3/libgfxpsshar.so
001e0000-001e1000 rw-p 00002000 fd:00 5669099    /usr/lib/firefox-2.0.0.3/lib
Program received signal SIGABRT, Aborted.
[Switching to Thread -1209002288 (LWP 25688)]
0x0089d410 in __kernel_vsyscall ()
(gdb) where
#0  0x0089d410 in __kernel_vsyscall ()
#1  0x47b09f10 in raise () from /lib/libc.so.6
#2  0x47b0b761 in abort () from /lib/libc.so.6
#3  0x47b40d6b in __libc_message () from /lib/libc.so.6
#4  0x47b48bed in _int_free () from /lib/libc.so.6
#5  0x47b4c210 in free () from /lib/libc.so.6
#6  0x4976800d in __cxa_pure_virtual () from /usr/lib/libfreetype.so.6
#7  0x4976b7da in ft_mem_free () from /usr/lib/libfreetype.so.6
#8  0x4976bc9c in ft_glyphslot_free_bitmap () from /usr/lib/libfreetype.so.6
#9  0x4976cb20 in FT_Load_Glyph () from /usr/lib/libfreetype.so.6
#10 0x49caff94 in __cxa_pure_virtual () from /usr/lib/libcairo.so.2
#11 0x49c9fdaf in __cxa_pure_virtual () from /usr/lib/libcairo.so.2
#12 0x49ca0a50 in cairo_scaled_font_glyph_extents ()
   from /usr/lib/libcairo.so.2
#13 0x49c82c1c in __cxa_pure_virtual () from /usr/lib/libpangocairo-1.0.so.0
#14 0x48422c9e in pango_font_get_glyph_extents ()
   from /usr/lib/libpango-1.0.so.0
#15 0x4982947a in pango_ot_buffer_output () from /usr/lib/libpangoft2-1.0.so.0
#16 0x49845147 in __cxa_pure_virtual () from /usr/lib/libpangoft2-1.0.so.0
#17 0x4842aa3a in __cxa_pure_virtual () from /usr/lib/libpango-1.0.so.0
#18 0x4843bb47 in pango_shape () from /usr/lib/libpango-1.0.so.0
#19 0x4842e88a in __cxa_pure_virtual () from /usr/lib/libpango-1.0.so.0
#20 0x484314f5 in __cxa_pure_virtual () from /usr/lib/libpango-1.0.so.0
---Type <return> to continue, or q <return> to quit---
#21 0x48431a5d in __cxa_pure_virtual () from /usr/lib/libpango-1.0.so.0
#22 0x48433b1f in pango_layout_get_line () from /usr/lib/libpango-1.0.so.0
#23 0x006eb354 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so
#24 0x006ecda0 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so
#25 0x006e190f in ?? () from /usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so
#26 0x006f1f9f in ?? () from /usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so
#27 0x010eeb53 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#28 0x010f480f in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#29 0x010d07f9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#30 0x010cb681 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#31 0x010cb8f9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#32 0x010cbc9d in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#33 0x010d07f9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#34 0x010a2482 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#35 0x010a2932 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#36 0x010a2bb0 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#37 0x010a2dfa in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#38 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#39 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#40 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#41 0x01176e59 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#42 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#43 0x0118b36e in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#44 0x011898af in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#45 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#46 0x0118cecd in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#47 0x0118ea29 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#48 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#49 0x01180d45 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#50 0x011813f9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#51 0x01184ff9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#52 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#53 0x011871ae in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#54 0x011880b3 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#55 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#56 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#57 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#58 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#59 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#60 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#61 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#62 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#63 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#64 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#65 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#66 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#67 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#68 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#69 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#70 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#71 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#72 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#73 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#74 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#75 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#76 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#77 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#78 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#79 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#80 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#81 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#82 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#83 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#84 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#85 0x010a7c99 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#86 0x010a1cb9 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#87 0x010a2cb1 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#88 0x010a3387 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#89 0x010a6206 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#90 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#91 0x010c1f90 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#92 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#93 0x010be7f8 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#94 0x010beb9c in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#95 0x010bf537 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#96 0x010acf03 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#97 0x010f95b5 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#98 0x0108e94d in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#99 0x0108ebf5 in ?? () from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#100 0x0109789b in ?? ()
   from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#101 0x0108ecfc in ?? ()
   from /usr/lib/firefox-2.0.0.3/components/libgklayout.so
#102 0x4b570f6d in PL_HandleEvent ()
   from /usr/lib/firefox-2.0.0.3/libxpcom_core.so
#103 0x4b5711f6 in PL_ProcessPendingEvents ()
   from /usr/lib/firefox-2.0.0.3/libxpcom_core.so
#104 0x4b5729eb in __cxa_pure_virtual ()
   from /usr/lib/firefox-2.0.0.3/libxpcom_core.so
#105 0x00d2126e in ?? ()
   from /usr/lib/firefox-2.0.0.3/components/libwidget_gtk2.so
#106 0x47cecd8d in __cxa_pure_virtual () from /lib/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#107 0x47cc3622 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#108 0x47cc65ff in __cxa_pure_virtual () from /lib/libglib-2.0.so.0
#109 0x47cc69a9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#110 0x4997c654 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#111 0x00d2165b in ?? ()
   from /usr/lib/firefox-2.0.0.3/components/libwidget_gtk2.so
#112 0x001190ea in ?? ()
   from /usr/lib/firefox-2.0.0.3/components/libtoolkitcomps.so
#113 0x0804f81d in __cxa_pure_virtual ()
#114 0x0804abf0 in __cxa_pure_virtual ()
#115 0x47af6ef0 in __libc_start_main () from /lib/libc.so.6
#116 0x0804ab41 in __cxa_pure_virtual ()
(gdb) 

Version-Release number of selected component (if applicable):
firefox-2.0.0.3-2.fc7


How reproducible:
every time

Steps to Reproduce:
1. browse to gmail.  click on spam folder
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2007-04-10 22:27:06 UTC 
This works with firefox 2.0.0.3 under Windows.

Fails every time here...
Comment 2 Tom London 2007-04-10 22:36:16 UTC 
Get a similar crash running with '-safe-mode':

[tbl@localhost ~]$ firefox -safe-mode
*** glibc detected *** /usr/lib/firefox-2.0.0.3/firefox-bin: malloc(): memory
corruption: 0x08e9ff68 ***
======= Backtrace: =========
/lib/libc.so.6[0x47b492bc]
/lib/libc.so.6(__libc_malloc+0x7e)[0x47b4a9ee]
/lib/libglib-2.0.so.0(g_malloc+0x36)[0x47ccaa56]
/lib/libglib-2.0.so.0(g_slice_alloc+0x138)[0x47cda7b8]
/usr/lib/libpango-1.0.so.0(pango_script_iter_new+0x29)[0x48438cd9]
/usr/lib/libpango-1.0.so.0[0x484283bf]
/usr/lib/libpango-1.0.so.0(pango_itemize_with_base_dir+0x9b)[0x4842923b]
/usr/lib/libpango-1.0.so.0[0x484317b1]
/usr/lib/libpango-1.0.so.0(pango_layout_get_line+0x2f)[0x48433b1f]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x134354]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x135da0]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x12a90f]
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so[0x13af9f]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf92b53]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf9880f]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf747f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf6f681]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf6f8f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf6fc9d]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf747f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46482]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46932]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46bb0]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46dfa]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf47387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4a206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf50f03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x101ae59]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf50f03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x102f36e]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x102d8af]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf50f03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1030ecd]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1032a29]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf50f03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1024d45]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x10253f9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x1028ff9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf50f03]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x102b1ae]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0x102c0b3]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4bc99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf45cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf47387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4a206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4bc99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf45cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf47387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4a206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4bc99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf45cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf47387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4a206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4bc99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf45cb9]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf46cb1]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf47387]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4a206]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf4bc99]
/usr/lib/firefox-2.0.0.3/components/libgklayout.so[0xf45cb9]
======= Memory map: ========
00110000-00158000 r-xp 00000000 fd:00 5704330   
/usr/lib/firefox-2.0.0.3/components/libgfx_gtk.so
001
Comment 3 Christopher Aillon 2007-04-10 22:45:15 UTC 
Works for me here.  I'm guessing there's something specific to your inbox that
is triggering this.  Possibly a character in one of the spams.

I see pango in your stack.  Does setting MOZ_DISABLE_PANGO=1 work as a stopgap?
 What are your pango, cairo, and freetype versions?
Comment 4 Tom London 2007-04-10 22:49:21 UTC 
Ha!  Was just testing that...

No, setting MOZ_DISABLE_PANGO=1 has no effect.  Same crash.

[root@localhost ~]# rpm -q pango
pango-1.16.1-1.fc7
[root@localhost ~]# rpm -q cairo
cairo-1.4.2-1.fc7
[root@localhost ~]# rpm -q freetype
freetype-2.3.3-2.fc7
[root@localhost ~]#
Comment 5 Tom London 2007-04-10 23:01:15 UTC 
Aha....

Reverting freetype to freetype-2.3.2-1.fc7 'makes it work'.

Problem with freetype?
Comment 6 Christopher Aillon 2007-04-10 23:09:44 UTC 
Probably.  Moving to freetype.  Btw, for future reference, you can issue one rpm
-q command with multiple package names as arguments:

% rpm -q pango cairo freetype
pango-1.16.1-1.fc7
cairo-1.4.2-1.fc7
freetype-2.3.2-1.fc7
Comment 7 Behdad Esfahbod 2007-04-10 23:26:37 UTC 
I built freetype-2.3.4-1.fc7 today.  That should hopefully fix this...  Let me
know if it doesn't.
Comment 8 Tom London 2007-04-10 23:40:22 UTC 
OK.  I'll leave my 'Spam' folder untouched until I can download/test 2.3.4-1.fc7
Comment 9 Tom London 2007-04-10 23:45:41 UTC 
btw, reverting from 2.3.3-2.fc7 to 2.3.2-1.fc7 did not 'restore' the symbolic
link, so I had to fix this manually. 

I reverted via 'rpm -Uvh --oldpackage ..."

[root@localhost lib]# ls -l libfreetype*
lrwxrwxrwx 1 root root     21 2007-04-10 15:56 libfreetype.so ->
libfreetype.so.6.3.13
lrwxrwxrwx 1 root root     21 2007-04-10 15:56 libfreetype.so.6 ->
libfreetype.so.6.3.14
-rwxr-xr-x 1 root root 562152 2007-03-09 13:38 libfreetype.so.6.3.13
[root@localhost lib]#

Notice that libfreetype.so.6 is pointing to (the now non-existent)
libfreetype.so.6.3.14.

Removing and doing the link manually fixed this.
Comment 10 Tom London 2007-04-11 13:24:27 UTC 
freetype-2.3.4-1.fc7 fixes this....

Thanks.
Note You need to log in before you can comment on or make changes to this bug.