Firefox crashes opening pages that use webfonts

Bug #655707 reported by selectstar on 2010-10-06
38
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Pango
Fix Released
Medium
pango1.0 (Ubuntu)
High
Unassigned
Lucid
High
Chris Coulson
Maverick
High
Chris Coulson

Bug Description

=== Test case for SRU ===

**** Note that this next step will crash Firefox without any warning or confirmation ****
**** Please MAKE SURE you have saved ALL WORK you might have open in Firefox BEFORE proceeding ****

1) With the current pango version installed (1.28.0-0ubuntu2 in lucid and 1.28.1-1ubuntu3 in maverick), navigate Firefox to http://people.canonical.com/~chrisccoulson/bug655707/
2) Note that Firefox crashes with a SIGFPE
3) Install the updated packages (1.28.0-0ubuntu2.1 from lucid-proposed or 1.28.2-0ubuntu1 from maverick-proposed)
4) Test again, and confirm that Firefox doesn't crash. You will either see some unstyled text or nothing at all, because the font is broken

==========================

Binary package hint: firefox

Firefox crashes any time I access a page that makes use of webfonts.
For example if I access the Google webfont page code.google.com/webfonts
I have tried to disable all my Firefox plugins and still got the same issue.
I tried launching Firefox from a terminal window and the error message I get once it crashes is: Floating point exception

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic i686
Architecture: i386
Date: Wed Oct 6 13:58:24 2010
ExecutablePath: /usr/lib/firefox-3.6.10/firefox
FirefoxPackages:
 firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 firefox-gnome-support N/A
 firefox-branding 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 abroswer N/A
 abrowser-branding N/A
InterpreterPath: /bin/dash
ProcEnviron:
 LANG=en_GB.utf8
 SHELL=/bin/bash
SourcePackage: firefox

selectstar (martinsarsini) wrote :
Chris Coulson (chrisccoulson) wrote :

Did you submit your crash report to Mozilla? Please provide the crash ID from about:crashes

Thanks

Changed in firefox (Ubuntu):
status: New → Incomplete
Chris Coulson (chrisccoulson) wrote :

Ok, I submitted this, but the stacktrace isn't useful due to a bug in breakpad: http://crash-stats.mozilla.com/report/index/3b7f5056-23ad-48a1-9c27-655422101006

There's already a few reports there, all from Ubuntu users

Changed in firefox (Ubuntu):
importance: Undecided → High
status: Incomplete → Triaged
selectstar (martinsarsini) wrote :

thanks for your prompt response
yes I did, here is one of the reports
http://crash-stats.mozilla.com/report/index/bp-62dd5781-8f7c-4384-90f8-f5e8e2101006

Changed in firefox (Ubuntu):
assignee: nobody → Chris Coulson (chrisccoulson)
selectstar (martinsarsini) wrote :

I am having the exact same issue on another machine.
The configuration of this machine is pretty much the same of the one having initially the issue except this one is Ubuntu 64bit version.

Chris Coulson (chrisccoulson) wrote :

This is actually a bug in pango, and fixed in git already

affects: firefox (Ubuntu) → pango1.0 (Ubuntu)
Changed in pango:
importance: Unknown → Medium
status: Unknown → Fix Released
selectstar (martinsarsini) wrote :

if the fix has been released for Pango is it possible that Ubuntu will send the update using the auto update system?
I have no idea about how to update Pango and I am sure most of other people who are having this issue visiting websites.

z3z (z3z) wrote :

This is happening to me also. When I visit http://code.google.com/webfonts, Firefox immediately crashes, even with all extensions disabled. I too would appreciate any info on how to update Pango. Here's my Firefox crash report:
http://crash-stats.mozilla.com/report/index/0e5b11b9-65c8-4318-92b7-755b32101020
Thanks!

jbob (jbobspam) wrote :

So, the upstream patch is now more than one month old. Any plans when it will be avaiable in Ubuntu, espacially Lucid?

Chris Coulson (chrisccoulson) wrote :

Oh, sorry about that. We'll get this SRU'd when I start work again on Monday

Changed in pango1.0 (Ubuntu):
status: Triaged → Fix Released
Changed in pango1.0 (Ubuntu Lucid):
status: New → Triaged
Changed in pango1.0 (Ubuntu Maverick):
status: New → Triaged
Changed in pango1.0 (Ubuntu Lucid):
importance: Undecided → High
Changed in pango1.0 (Ubuntu Maverick):
importance: Undecided → High
Changed in pango1.0 (Ubuntu Lucid):
assignee: nobody → Chris Coulson (chrisccoulson)
Changed in pango1.0 (Ubuntu Maverick):
assignee: nobody → Chris Coulson (chrisccoulson)
Changed in pango1.0 (Ubuntu):
assignee: Chris Coulson (chrisccoulson) → nobody
Chris Coulson (chrisccoulson) wrote :

Maverick update to 1.28.2 pushed to bzr. Here is a debdiff, minus documentation and autotools cruft

Chris Coulson (chrisccoulson) wrote :

(Note, the bzr branch for maverick is lp:~chrisccoulson/pango/maverick-proposed

Chris Coulson (chrisccoulson) wrote :

Here is a complete debdiff for Lucid

description: updated

Accepted pango1.0 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in pango1.0 (Ubuntu Lucid):
status: Triaged → Fix Committed
tags: added: verification-needed
Changed in pango1.0 (Ubuntu Maverick):
status: Triaged → Fix Committed
Martin Pitt (pitti) wrote :

Accepted pango1.0 into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Rolf Leggewie (r0lf) wrote :

Verified the problem in lucid and the fix in lucid-proposed. Please release.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pango1.0 - 1.28.0-0ubuntu2.1

---------------
pango1.0 (1.28.0-0ubuntu2.1) lucid-proposed; urgency=low

  * Backport change from GIT to fix a SIGFPE in _hb_sanitize_array
    (LP: #655707)
    - add debian/patches/13_SIGFPE_fix_from_GIT.patch
    - update debian/patches/series
 -- Chris Coulson <email address hidden> Fri, 19 Nov 2010 11:53:11 +0000

Changed in pango1.0 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Setting back to v-needed as the maverick update still needs to be tested.

tags: added: verification-needed
removed: verification-done
madbiologist (me-again) wrote :

I'm running Maverick and have not installed the fix. My pango version is 1.28.1-1ubuntu3. I cannot get Firefox 3.6.12+build1+nobinonly-0ubuntu0.10.10.1

madbiologist (me-again) wrote :

.... to crash using the test case described above.

madbiologist (me-again) wrote :

It also doesn't crash when navigating to the Google webfonts page mentioned in comment #9. I'm running the 32 bit version of Maverick.

Chris Coulson (chrisccoulson) wrote :

The malformed font has been removed from the Google page, but it does exist in the test case. If you can't get it to crash, then it's likely that you have changed some font related options in Firefox that stops it from loading the font

madbiologist (me-again) wrote :

I haven't changed any font related options (or any other options for that matter) in Firefox. I have attached a screenshot showing how the test page looks on my system.

madbiologist (me-again) wrote :

The vanilla Maverick packages (pango 1.28.1-1ubuntu3 and Firefox 3.6.10+build1+nobinonly-0ubuntu3) don't crash for me either.

madbiologist (me-again) wrote :

Interestingly, if I navigate to the test page and then reload it, I can briefly see the words "This is a test.", as well as the left-bracket ( after the 8. On completion of the reload I can only see the 8 as in the screenshot attached to comment #24. I'm guessing this is the expected behaviour for a malformed web font, if the 8 is the only correctly formed glyph?

Martin Pitt (pitti) wrote :

While the original crash cannot be reproduced any more because the relevant page has been fixed, it doesn't show regressions either, so I think we can proceed with this.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pango1.0 - 1.28.2-0ubuntu1

---------------
pango1.0 (1.28.2-0ubuntu1) maverick-proposed; urgency=low

  * New upstream release
    - LP: #655707 - firefox-bin crashes with SIGFPE _hb_sanitize_array
  * Refresh debian/patches/13_fix_gir_build.patch
 -- Chris Coulson <email address hidden> Fri, 19 Nov 2010 11:20:57 +0000

Changed in pango1.0 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Fabri Velas (fabrivelas) wrote :

Fix works for me on maverick. I crashed firefox with code.google.com/webfonts and it did not crash anymore after installation of libpango from maverick-proposed. Thanks for fixing.

selectstar (martinsarsini) wrote :

works for me as well already from some time
thank you to everyone, great job

Martin Pitt (pitti) on 2011-02-15
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.