Bug 708940 - pango is getting floating point exception
Summary: pango is getting floating point exception
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pango
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Akira TAGOH
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-30 08:49 UTC by Lubos Kocman
Modified: 2015-01-05 12:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-05 12:07:42 UTC
Target Upstream Version:

Attachments (Terms of Use)
backtrace (61.01 KB, text/plain)
2011-05-30 11:07 UTC, Lubos Kocman 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Lubos Kocman 2011-05-30 08:49:08 UTC 
Created attachment 501743 [details]
problematic web page

Description of problem:

Firefox is getting SIGFPE (Floating point exception) while customizing template in for blogger (google).

I downloaded that specific page and firefox keeps crashing on that file (see attachment).

Version-Release number of selected component (if applicable):

firefox-3.6.17-1.el6_0.x86_64
xulrunner-1.9.2.17-4.el6_0.x86_64

How reproducible:

(always)

Steps to Reproduce:
1. open html file in attachment (or go to blogger -> template designer -> advanced)

Actual results:

(strace -p `pgrep firefox`)

--- SIGFPE (Floating point exception) @ 0 (0) ---
rt_sigreturn(0x8)                       = 4294967295
--- SIGFPE (Floating point exception) @ 0 (0) ---
rt_sigreturn(0x8)                       = 4294967295
--- SIGFPE (Floating point exception) @ 0 (0) ---
rt_sigreturn(0x8)                       = 4294967295
--- SIGFPE (Floating point exception) @ 0 (0) ---
rt_sigreturn(0x8)                       = 42949672

Expected results:

no exception should appear and firefox shouldn't hang

Additional info:
Comment 1 Lubos Kocman 2011-05-30 10:28:23 UTC 
Program received signal SIGFPE, Arithmetic exception.
0x0000003270a1cec4 in _hb_sanitize_array (this=0x7f8711498fb0, context=0x7fff2e068b50)
    at hb-open-type-private.hh:202
202	  bool overflows = len >= ((unsigned int) -1) / record_size;
Comment 2 Lubos Kocman 2011-05-30 11:07:51 UTC 
Created attachment 501779 [details]
backtrace

gdb threads apply all bt
Comment 3 Lubos Kocman 2011-05-30 11:21:59 UTC 
Used pango: pango-1.28.1-6.el6.x86_64
Comment 4 Martin Stransky 2011-05-30 11:29:04 UTC 
It's a crash in pango, we use the system one in rhel6, see https://brewweb.devel.redhat.com/buildinfo?buildID=163118
Comment 5 RHEL Program Management 2011-07-06 01:17:41 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 6 Lubos Kocman 2011-07-08 10:50:18 UTC 
Any progress on this?
Comment 8 Suzanne Logcher 2012-02-14 23:09:56 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 11 Akira TAGOH 2014-01-28 03:37:52 UTC 
Is this still reproducible on rhel6.5 say?
I've tried your attachment and other steps on blogger, but I can't.
Comment 12 Lubos Kocman 2015-01-05 12:07:42 UTC 
Haven't happened since then. Marking as worksforme.
Note You need to log in before you can comment on or make changes to this bug.