Comment 5 for bug 421375

This bug is a result of a bug in pango. I have only managed to reproduce the bug once and have had a heck of a time tracking it down from there. To reproduce it, run unr in a virtual machine and keep resizing the VM's screen for 20 or 30 minutes. Eventually it will die, hopefully with this.

The issue is in pango-layout.c in the pango source dir. There are two distinct blocks of code that act on width == -1. The first one recursively calls the extents call again, we dont see this in the trace however so likely this is not the issue. The second block is bigger and does a max on some structures, one of them is a pointer to a place on the heap. I believe this structure is somehow ending up as garbage, but looking at the code I do not see how.

To look at where I *think* the problem is, pango-layout.c:2538