Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158145 - Firefox crashes in pango when viewing a particular page
Summary: Firefox crashes in pango when viewing a particular page
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 3
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-05-19 02:32 UTC by Dean Brettle
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-09-30 19:47:01 UTC

Attachments (Terms of Use)
Page which causes crash (deleted)
2005-05-19 02:41 UTC, Dean Brettle
no flags Details
Error output from firefox -safe-mode (deleted)
2005-05-19 02:41 UTC, Dean Brettle
no flags Details

Description Dean Brettle 2005-05-19 02:32:12 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Firefox crashes when viewing the Wikinews preferences page.  I'll attach the page since you need an account to see it.  I'll also attach the output from running "firefox -safe-mode".  It seems to indicate that the crash originates in pango.  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Open the attached web page with firefox (with -safe-mode option to get the error output).

Actual Results:  Crash with attached stack trace.

Expected Results:  Page should have displayed.

Additional info:

Here's the tail end of the output:

(Gecko:31347): GLib-GObject-CRITICAL **: file gobject.c: line 1561 (g_object_ref): assertion `G_IS_OBJECT (object)' failed

** (Gecko:31347): CRITICAL **: file pango-engine.c: line 68 (_pango_engine_shape_shape): assertion `PANGO_IS_FONT (font)' failed

** ERROR **: file shape.c: line 75 (pango_shape): assertion failed: (glyphs->num_glyphs > 0)
/usr/lib64/firefox-1.0.4/ line 159: 31347 Aborted  "$prog" ${1+"$@"}

I can workaround the problem by setting MOZ_DISABLE_PANGO=1.

I'm running pango-1.6.0-7.

Setting severity to "High" instead of "Security" because the only obvious security   vulnerability is DoS (because firefox crashes).  The crash seems to be a controlled crash caused by an assertion failure.

Possibly related to bug 151628 or bug 157600.

Comment 1 Dean Brettle 2005-05-19 02:41:26 UTC
Created attachment 114549 [details]
Page which causes crash

Comment 2 Dean Brettle 2005-05-19 02:41:59 UTC
Created attachment 114550 [details]
Error output from firefox -safe-mode

Comment 3 Warren Togami 2005-05-19 04:35:10 UTC
Unable to reproduce with firefox-1.0.4-2 x86_64 here.

Comment 4 Dean Brettle 2005-05-19 07:32:59 UTC
(In reply to comment #3)
> Unable to reproduce with firefox-1.0.4-2 x86_64 here.

I just did the following:

1. Installed firefox-1.0.4-2 x86_64, but the problem still occurred.
2. Installed pango-1.8.1-2, ignoring lots of warnings that look like this:

Cannot load module /usr/lib64/pango/1.4.0/modules/
/usr/lib64/pango/1.4.0/modules/ undefined symbol:
/usr/lib64/pango/1.4.0/modules/ does not export Pango module API
Cannot load module /usr/lib64/pango/1.4.0/modules/
/usr/lib64/pango/1.4.0/modules/ undefined symbol:

3. Tried to run firefox with the new pango.  It doesn't even start -- I get the
following error:
(Gecko:32598): GLib-GObject-CRITICAL **: file gobject.c: line 1561
(g_object_ref): assertion `G_IS_OBJECT (object)' failed
/usr/lib64/firefox-1.0.4/firefox-bin: symbol lookup error:
/usr/lib64/ undefined symbol: g_return_if_fail_warning

4. Decided I couldn't live without my browser, so:
rpm --nodeps -e pango.i386 pango.x86_64 pango-devel.i386 pango-devel.x86_64
yum -y install pango pango.devel
rpm -e firefox
yum -y install firefox

That installed firefox-1.0.4-1.3.1 and pango-1.6.0-7 (ie the versions I
originally reported).

BUT, now I can't reproduce the bug anymore.  Maybe some other package had
changed some pango file and caused the bug, and reinstalling pango undid that
change and fixed it?

Let me know if there is something I can do to further diagnose.

Comment 5 Warren Togami 2005-09-30 19:47:01 UTC
REOPEN if you can reliably reproduce this problem with the latest FC updates or

Note You need to log in before you can comment on or make changes to this bug.