Crash [@ gfxPangoFontGroup::SetGlyphs] STEPS TO REPRODUCE 1. load URL (a search at mxr.mozilla.org for "Home", case-sensitive) 2. wait until result is loaded 3. if it didn't crash yet: View->Character Encoding->Unicode (UTF-8) ACTUAL RESULT In the console window just before the crash: (seamonkey-bin:17080): Pango-CRITICAL **: basic_engine_shape: assertion `length >= 0' failed (seamonkey-bin:17080): Pango-WARNING **: shape engine failure, expect ugly output. the offending font is 'DejaVu Sans 12' Program received signal SIGSEGV, Segmentation fault. (gdb) bt #0 0x00002b990c3a0e3b in gfxPangoFontGroup::SetGlyphs #1 0x00002b990c3a88fe in FontSelector::AppendNextSegment #2 0x00002b990c3a8bd6 in FontSelector::InitSegments #3 0x00002b990c3a8b64 in FontSelector::InitSegments #4 0x00002b990c3a8c22 in FontSelector::Run #5 0x00002b990c3a473b in gfxPangoFontGroup::CreateGlyphRunsItemizing #6 0x00002b990c3a488b in gfxPangoFontGroup::InitTextRun #7 0x00002b990c3a49e0 in gfxPangoFontGroup::MakeTextRun ... (gdb) fr 0 #0 0x00002b990c3a0e3b in gfxPangoFontGroup::SetGlyphs 1935 if (aUTF8[index] == 0) { (gdb) list 1930 PRInt32 direction = aTextRun->IsRightToLeft() ? -1 : 1; 1931 gfxPangoTextRun::CompressedGlyph g; 1932 nsAutoTArray<gfxPangoTextRun::DetailedGlyph,1> detailedGlyphs; 1933 1934 while (index < aUTF8Length) { 1935 if (aUTF8[index] == 0) { 1936 // treat this null byte as a missing glyph 1937 aTextRun->SetCharacterGlyph(utf16Offset, g.SetMissing()); 1938 } else if (glyphCount == numGlyphs || 1939 PRUint32(logClusters[glyphIndex]) > index) { (gdb) p index $1 = 2064298 See attachment for details.

Comment on attachment 255127 [details] stack + data (might CRASH just looking at the stack) Beware. Just looking at the plain text stack + data values might CRASH.

Regression range: 2007-01-24-04 -- 2007-01-25-04. Firefox 2007-01-25-04 says: (firefox-bin:17761): Pango-WARNING **: Error loading GPOS table 4097 (firefox-bin:17761): Pango-CRITICAL **: basic_engine_shape: assertion `length >= 0' failed (firefox-bin:17761): Pango-WARNING **: shape engine failure, expect ugly output. the offending font is 'DejaVu Sans 12' before it crashes. Firefox 2007-01-24-04 spits out the GPOS error message a few times, but does not crash. Regression from bug 367768?

The warnings will be gone by bug 357637. We should not call the shape if the font doesn't have the glyph.

I can't reproduce. The stack here looks very similar to the stack in problems addressed by attachment 263422 [details] [diff] [review] in bug 375772. Are you able to test with this patch?

(In reply to comment #5) > I can't reproduce. I can't reproduce either, nor the one in bug 375772 (which I also could reproduce earlier IIRC). I see a lot of these still: (firefox-bin:15255): Pango-WARNING **: Error loading GPOS table 4097 Does anyone else crash on the URL in this bug?

The checkin of attachment 263898 [details] [diff] [review] in bug 357637 means that the code has changed significantly, fixing errors that were likely to cause the original crash. I'm not getting the "Pango-WARNING **: Error loading GPOS table 4097" (but never did). Are you still seeing this warning?

Looks like the Pango GPOS warnings are due to a Pango version prior to 1.13.4, and are not Mozilla-related: http://bugs.freedesktop.org/show_bug.cgi?id=7455 http://bugzilla.gnome.org/show_bug.cgi?id=347073 resolution->WFM. Please reopen if you still see a problem.