Bug 509501 (cairo-ff-crash) - Firefox 3.5 will reliably segfault while viewing web-font webpage
Summary: Firefox 3.5 will reliably segfault while viewing web-font webpage
Alias: cairo-ff-crash
Product: Fedora
Classification: Fedora
Component: cairo
Version: 11
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Behdad Esfahbod
QA Contact: Fedora Extras Quality Assurance
: 509574 509634 542016 545503 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2009-07-03 05:51 UTC by Aaron Schlaegel
Modified: 2018-04-11 18:51 UTC (History)
10 users (show)

Fixed In Version: 1.8.8-1.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-07-22 21:55:57 UTC
Type: ---

Attachments (Terms of Use)
backtrace (30.15 KB, text/plain)
2009-07-04 06:47 UTC, Matěj Cepl
no flags Details

Description Aaron Schlaegel 2009-07-03 05:51:41 UTC
Description of problem:
While viewing 'http://nicewebtype.com/fonts/graublau-sans-web/' the browser will segfault. It also segfaults on other websites, but I know this site triggers the fault.

Version-Release number of selected component (if applicable):

How reproducible:
Every time, it doesn't always segfault immediately, but no extra behavior but loading the page is needed.

Steps to Reproduce:
1. Type: 'http://nicewebtype.com/fonts/graublau-sans-web/' in the URL bar.
2. Wait.
3. Watch in amazement as away go all your tabs and windows.
Actual results:
"firefox: cairo-ft-font.c:554: _cairo_ft_unscaled_font_lock_face: Assertion `!unscaled->from_face' failed."
Your entire web-browsing session will crash. Hopefully you were not typing your dissertation on world peace in another tab.

Expected results:
The page should load, and your dissertation on world-peace in the text box of the other tab should be preserved.

Comment 1 Nicholas Miell 2009-07-03 20:35:27 UTC
Other @font-face related crashes:

#0  0x000000388ca0ed5b in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00007f0acb34eda8 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:212
#2  <signal handler called>
#3  FT_Set_Transform (face=0x7f0ab4402800, matrix=0x7fff77aaa450, delta=0x0) at /usr/src/debug/freetype-2.3.9/src/base/ftobjs.c:463
#4  0x0000003a840481dc in _cairo_ft_unscaled_font_set_scale (unscaled=0x7f0ab4a29df0, scale=<value optimized out>) at cairo-ft-font.c:696
#5  0x0000003a8404b225 in _cairo_ft_scaled_font_create (unscaled=0x7f0ab4a29df0, font_face=<value optimized out>, font_matrix=<value optimized out>, 
    ctm=<value optimized out>, options=0x7f0ab4454a60, ft_options=
      {base = {antialias = CAIRO_ANTIALIAS_DEFAULT, subpixel_order = CAIRO_SUBPIXEL_ORDER_DEFAULT, hint_style = CAIRO_HINT_STYLE_MEDIUM, hint_metrics = CAIRO_HINT_METRICS_DEFAULT}, load_flags = 0, extra_flags = 0}, font_out=<value optimized out>) at cairo-ft-font.c:1536
#6  0x0000003a8404b838 in _cairo_ft_font_face_scaled_font_create (abstract_face=<value optimized out>, font_matrix=<value optimized out>, 
    ctm=<value optimized out>, options=<value optimized out>, scaled_font=<value optimized out>) at cairo-ft-font.c:2311
#7  0x0000003a8402701b in *INT_cairo_scaled_font_create (font_face=0x7f0ab781abe0, font_matrix=<value optimized out>, ctm=0x7fff77aaa790, 
    options=0x7f0ab4454a60) at cairo-scaled-font.c:886
#8  0x00007f0acbc70d43 in CreateScaledFont (aPattern=0x7f0ab4d31840) at gfxPangoFonts.cpp:3077
#9  0x00007f0acbc70f67 in gfxFcFont::GetOrMakeFont (aPattern=0x7f0ab4402800) at gfxPangoFonts.cpp:2245
#10 0x00007f0acbc758a2 in gfxPangoFcFont::GfxFont (self=0x7f0ab3f597c0) at gfxPangoFonts.cpp:681
#11 0x00007f0acbc73b9c in gfxPangoFontGroup::GetFontAt (this=0x7f0abab26060, i=<value optimized out>) at gfxPangoFonts.cpp:1987
#12 0x00007f0acbc6d579 in TextRunWordCache::MakeTextRun (this=0x7f0ac1b1be80, aText=<value optimized out>, aLength=<value optimized out>, aFontGroup=
    0x7f0abab26060, aParams=0x7fff77aab200, aFlags=22282880) at gfxTextRunWordCache.cpp:715
#13 0x00007f0acb562326 in MakeTextRun (aFlags=<value optimized out>, aParams=<value optimized out>, aFontGroup=<value optimized out>, 
    aLength=<value optimized out>, aText=<value optimized out>) at nsTextFrameThebes.cpp:431

#0  0x000000388ca0ed5b in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x00007f164404eda8 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:212
#2  <signal handler called>
#3  FT_Done_Face (face=0x7f162da07800) at /usr/src/debug/freetype-2.3.9/src/base/ftobjs.c:2216
#4  0x00007f1644974449 in gfxDownloadedFcFontEntry::~gfxDownloadedFcFontEntry (this=0x7f1630028eb0, __in_chrg=<value optimized out>)
    at gfxPangoFonts.cpp:358
#5  0x00007f1644974fa6 in gfxFontEntry::Release (this=0x7f162da07800) at ../../../dist/include/thebes/gfxFont.h:150
#6  0x0000003a8400bdce in _cairo_user_data_array_fini (array=0x7f1633014710) at cairo-array.c:392
#7  0x0000003a84011dd5 in *INT_cairo_font_face_destroy (font_face=0x7f1633014700) at cairo-font-face.c:206
#8  0x0000003a84049515 in _cairo_ft_unscaled_font_destroy (abstract_font=<value optimized out>) at cairo-ft-font.c:515
#9  0x0000003a84011c32 in _cairo_unscaled_font_destroy (unscaled_font=0x7f162da07800) at cairo-font-face.c:759
#10 0x0000003a84026aa0 in _cairo_scaled_font_fini_internal (scaled_font=0x7f163025d4e0) at cairo-scaled-font.c:733
#11 0x0000003a84026b70 in *INT_cairo_scaled_font_destroy (scaled_font=0x7f162faae330) at cairo-scaled-font.c:1063
#12 0x00007f1644970e24 in gfxFcFont::~gfxFcFont (this=0x7f16275d2420, __in_chrg=<value optimized out>) at gfxPangoFonts.cpp:2097
#13 0x00007f1644961b91 in gfxFontCache::DestroyFont (this=<value optimized out>, aFont=0x7f16275d2420) at gfxFont.cpp:252
#14 0x00007f1644967c08 in nsExpirationTracker<gfxFont, 3u>::AgeOneGeneration (this=0x7f163a81be10) at ../../../dist/include/xpcom/nsExpirationTracker.h:210
#15 0x00007f1644967c34 in nsExpirationTracker<gfxFont, 3u>::TimerCallback (aTimer=<value optimized out>, aThis=0x7f162da07800)
    at ../../../dist/include/xpcom/nsExpirationTracker.h:299

valgrind reports no errors.

On the whole, it just feels like Linux @font-face support isn't done yet.

Comment 2 Matěj Cepl 2009-07-03 22:07:44 UTC
OK, looking at the backtraces, this looks like some problem in Cairo/Pango/Freetype. Changing the component for further analysis, but ready to accept explanation why firefox is to be blamed.

Comment 3 Matěj Cepl 2009-07-04 06:47:41 UTC
Created attachment 350476 [details]

OK, so I got this as well. I will work on reproducer.

Comment 4 Nicholas Miell 2009-07-04 14:48:39 UTC
Apparently this is fixed in cairo 1.8.8

Comment 5 Aaron Schlaegel 2009-07-04 17:41:51 UTC
After installing 'cairo-1.8.8-1.fc12.x86_64', I tried to no avail to reproduce this bug. That is great. I tried hard.

Can cairo 1.8.8 get pushed out soon for F11? Until cairo is updated, anyone can easily produce a webpage that dumps Firefox for every Fedora 11 user.

Comment 6 Matěj Cepl 2009-07-04 19:18:26 UTC
*** Bug 509574 has been marked as a duplicate of this bug. ***

Comment 7 Matěj Cepl 2009-07-04 19:19:14 UTC
There is an unofficial scratch rebuild of F12 cairo for F11 at http://koji.fedoraproject.org/koji/taskinfo?taskID=1454453

Comment 8 Aaron Schlaegel 2009-07-05 06:13:40 UTC
The unofficial scratch rebuild of F12 cairo for F11 also works great for me. I couldn't get an embedded font to seg fault the browser with it.

Comment 9 Fedora Update System 2009-07-16 18:53:54 UTC
cairo-1.8.8-1.fc11 has been submitted as an update for Fedora 11.

Comment 10 Matěj Cepl 2009-07-16 21:10:47 UTC
*** Bug 509634 has been marked as a duplicate of this bug. ***

Comment 11 Fedora Update System 2009-07-22 21:55:51 UTC
cairo-1.8.8-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Jim Wilson 2009-07-23 14:01:26 UTC
Didn't fix my problem.  Bug 509574 must have been a *different* bug.  That's not at all unreasonable, since the symptoms were quite different.

Comment 13 Matěj Cepl 2009-12-09 23:27:37 UTC
*** Bug 542016 has been marked as a duplicate of this bug. ***

Comment 14 Matěj Cepl 2009-12-09 23:27:37 UTC
*** Bug 545503 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.