The used values are located inside testcase.zip called values.txt Execute the provided html file.

Can't reproduce on trunk with harfbuzz disabled, probably doesn't need to block 2.0

It's not reproducible against trunk on 10.6.5.

This will be fixed by the OTS sanitizer (bug 527276).

Now that OTS has landed, lets test this again, Marcia?

Note that this and many other fuzzed-font crashers were filed against 1.9.2, not trunk. OTS has landed on trunk and should ensure that the font here is blocked, but we haven't backported it to 1.9.2 yet. (I'm working on a backport but it's not quite ready yet - changes in both the font code and build config mean that it requires some reworking.)

Should be fixed on trunk, we'll use the status1.9.2 fields to track the branch landing.

Right now, Harfbuzz is on by default on OS X and Windows; the work for Linux is bug 569770. On Linux without Harfbuzz, we use Pango to shape AIUI.

What does comment 8 mean? That this bug is not fixed on trunk on Linux? Does OTS only work with harfbuzz? I thought they were independent. On the 1.9.2 branch, where we need this fixed, harfbuzz isn't used on any platform.

(In reply to comment #9) > What does comment 8 mean? That this bug is not fixed on trunk on Linux? Does > OTS only work with harfbuzz? I thought they were independent. On the 1.9.2 > branch, where we need this fixed, harfbuzz isn't used on any platform. This was a Mac OS X bug, not relevant to Linux or Windows. OTS blocks the corrupted font (on all platforms, trunk and 1.9.2).

Verified fixed in 1.9.2.13 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13pre) Gecko/20101118 Namoroka/3.6.13pre using testcase. Test no longer crashes as it does in 1.9.2.12.

OTS landed in 1.9.1 as well.