Ubuntu
pango1.0 package

Firefox crashes opening pages that use webfonts

Bug #655707 reported by selectstar on 2010-10-06

This bug affects 6 people

	Status	Importance	Assigned to
Pango	Fix Released	Medium	gnome-bugs #626966
pango1.0 (Ubuntu)	Fix Released	High	Unassigned
Lucid	Fix Released	High	Chris Coulson
Maverick	Fix Released	High	Chris Coulson

Bug Description

=== Test case for SRU ===

**** Note that this next step will crash Firefox without any warning or confirmation ****
**** Please MAKE SURE you have saved ALL WORK you might have open in Firefox BEFORE proceeding ****

1) With the current pango version installed (1.28.0-0ubuntu2 in lucid and 1.28.1-1ubuntu3 in maverick), navigate Firefox to http://people.canonical.com/~chrisccoulson/bug655707/
2) Note that Firefox crashes with a SIGFPE
3) Install the updated packages (1.28.0-0ubuntu2.1 from lucid-proposed or 1.28.2-0ubuntu1 from maverick-proposed)
4) Test again, and confirm that Firefox doesn't crash. You will either see some unstyled text or nothing at all, because the font is broken

==========================

Binary package hint: firefox

Firefox crashes any time I access a page that makes use of webfonts.
For example if I access the Google webfont page code.google.com/webfonts
I have tried to disable all my Firefox plugins and still got the same issue.
I tried launching Firefox from a terminal window and the error message I get once it crashes is: Floating point exception

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic i686
Architecture: i386
Date: Wed Oct 6 13:58:24 2010
ExecutablePath: /usr/lib/firefox-3.6.10/firefox
FirefoxPackages:
firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
firefox-gnome-support N/A
firefox-branding 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
abroswer N/A
abrowser-branding N/A
InterpreterPath: /bin/dash
ProcEnviron:
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: firefox

See original description

Tags:

Related branches

lp:~ubuntu-desktop/pango/ubuntu

lp:~chrisccoulson/pango/maverick-proposed

lp:ubuntu/maverick-proposed/pango1.0

lp:ubuntu/lucid-proposed/pango1.0

Revision history for this message

selectstar (martinsarsini) wrote on 2010-10-06:

Dependencies.txt Edit (3.4 KiB, text/plain; charset="utf-8")
ExtensionSummary.txt Edit (360 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (1.0 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (756 bytes, text/plain; charset="utf-8")
profile_default_pluginreg.dat.txt Edit (9.3 KiB, text/plain; charset="utf-8")
profiles.ini.txt Edit (94 bytes, text/plain; charset="utf-8")

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-10-06:

Did you submit your crash report to Mozilla? Please provide the crash ID from about:crashes

Thanks

Changed in firefox (Ubuntu):
status:	New → Incomplete

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-10-06:

Ok, I submitted this, but the stacktrace isn't useful due to a bug in breakpad: http://crash-stats.mozilla.com/report/index/3b7f5056-23ad-48a1-9c27-655422101006

There's already a few reports there, all from Ubuntu users

Changed in firefox (Ubuntu):
importance:	Undecided → High
status:	Incomplete → Triaged

Revision history for this message

selectstar (martinsarsini) wrote on 2010-10-06:

thanks for your prompt response
yes I did, here is one of the reports
http://crash-stats.mozilla.com/report/index/bp-62dd5781-8f7c-4384-90f8-f5e8e2101006

Chris Coulson (chrisccoulson) on 2010-10-06

Changed in firefox (Ubuntu):
assignee:	nobody → Chris Coulson (chrisccoulson)

Revision history for this message

selectstar (martinsarsini) wrote on 2010-10-07:

I am having the exact same issue on another machine.
The configuration of this machine is pretty much the same of the one having initially the issue except this one is Ubuntu 64bit version.

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-10-07:

This is actually a bug in pango, and fixed in git already

affects:

firefox (Ubuntu) → pango1.0 (Ubuntu)

Bug Watch Updater (bug-watch-updater) on 2010-10-08

Changed in pango:
importance:	Unknown → Medium
status:	Unknown → Fix Released

Revision history for this message

Alborz (alborz) wrote on 2010-10-14:

Same here,

my crash report:
http://crash-stats.mozilla.com/report/index/ebc5aa37-e1b7-4abb-93e0-d44d02101014

Revision history for this message

selectstar (martinsarsini) wrote on 2010-10-14:

if the fix has been released for Pango is it possible that Ubuntu will send the update using the auto update system?
I have no idea about how to update Pango and I am sure most of other people who are having this issue visiting websites.

Revision history for this message

z3z (z3z) wrote on 2010-10-20:

This is happening to me also. When I visit http://code.google.com/webfonts, Firefox immediately crashes, even with all extensions disabled. I too would appreciate any info on how to update Pango. Here's my Firefox crash report:
http://crash-stats.mozilla.com/report/index/0e5b11b9-65c8-4318-92b7-755b32101020
Thanks!

Revision history for this message

jbob (jbobspam) wrote on 2010-11-13:

#10

So, the upstream patch is now more than one month old. Any plans when it will be avaiable in Ubuntu, espacially Lucid?

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-11-13:

#11

Oh, sorry about that. We'll get this SRU'd when I start work again on Monday

Chris Coulson (chrisccoulson) on 2010-11-13

Changed in pango1.0 (Ubuntu):
status:	Triaged → Fix Released
Changed in pango1.0 (Ubuntu Lucid):
status:	New → Triaged
Changed in pango1.0 (Ubuntu Maverick):
status:	New → Triaged
Changed in pango1.0 (Ubuntu Lucid):
importance:	Undecided → High
Changed in pango1.0 (Ubuntu Maverick):
importance:	Undecided → High
Changed in pango1.0 (Ubuntu Lucid):
assignee:	nobody → Chris Coulson (chrisccoulson)
Changed in pango1.0 (Ubuntu Maverick):
assignee:	nobody → Chris Coulson (chrisccoulson)
Changed in pango1.0 (Ubuntu):
assignee:	Chris Coulson (chrisccoulson) → nobody

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-11-19:

#12

debdiff Edit (1013.1 KiB, text/plain)

Maverick update to 1.28.2 pushed to bzr. Here is a debdiff, minus documentation and autotools cruft

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-11-19:

#13

(Note, the bzr branch for maverick is lp:~chrisccoulson/pango/maverick-proposed

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-11-19:

#14

lucid_debdiff Edit (2.4 KiB, text/plain)

Here is a complete debdiff for Lucid

Chris Coulson (chrisccoulson) on 2010-11-19

description:

updated

Revision history for this message

Martin Pitt (pitti) wrote on 2010-11-19: Please test proposed package

#15

Accepted pango1.0 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in pango1.0 (Ubuntu Lucid):
status:	Triaged → Fix Committed
tags:	added: verification-needed
Changed in pango1.0 (Ubuntu Maverick):
status:	Triaged → Fix Committed

Revision history for this message

Martin Pitt (pitti) wrote on 2010-11-19:

#16

Accepted pango1.0 into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message

Rolf Leggewie (r0lf) wrote on 2010-11-25:

#17

Verified the problem in lucid and the fix in lucid-proposed. Please release.

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-26:

#18

This bug was fixed in the package pango1.0 - 1.28.0-0ubuntu2.1

---------------
pango1.0 (1.28.0-0ubuntu2.1) lucid-proposed; urgency=low

  * Backport change from GIT to fix a SIGFPE in _hb_sanitize_array
    (LP: #655707)
    - add debian/patches/13_SIGFPE_fix_from_GIT.patch
    - update debian/patches/series
-- Chris Coulson <email address hidden> Fri, 19 Nov 2010 11:53:11 +0000

Changed in pango1.0 (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

Martin Pitt (pitti) wrote on 2010-11-26:

#19

Setting back to v-needed as the maverick update still needs to be tested.

tags:

added: verification-needed
removed: verification-done

Revision history for this message

madbiologist (me-again) wrote on 2010-11-26:

#20

I'm running Maverick and have not installed the fix. My pango version is 1.28.1-1ubuntu3. I cannot get Firefox 3.6.12+build1+nobinonly-0ubuntu0.10.10.1

Revision history for this message

madbiologist (me-again) wrote on 2010-11-26:

#21

.... to crash using the test case described above.

Revision history for this message

madbiologist (me-again) wrote on 2010-11-26:

#22

It also doesn't crash when navigating to the Google webfonts page mentioned in comment #9. I'm running the 32 bit version of Maverick.

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-11-26:

#23

The malformed font has been removed from the Google page, but it does exist in the test case. If you can't get it to crash, then it's likely that you have changed some font related options in Firefox that stops it from loading the font

Revision history for this message

madbiologist (me-again) wrote on 2010-11-26:

#24

Screenshot.png Edit (30.1 KiB, image/png)

I haven't changed any font related options (or any other options for that matter) in Firefox. I have attached a screenshot showing how the test page looks on my system.

Revision history for this message

madbiologist (me-again) wrote on 2010-11-27:

#25

The vanilla Maverick packages (pango 1.28.1-1ubuntu3 and Firefox 3.6.10+build1+nobinonly-0ubuntu3) don't crash for me either.

Revision history for this message

madbiologist (me-again) wrote on 2010-11-27:

#26

Interestingly, if I navigate to the test page and then reload it, I can briefly see the words "This is a test.", as well as the left-bracket ( after the 8. On completion of the reload I can only see the 8 as in the screenshot attached to comment #24. I'm guessing this is the expected behaviour for a malformed web font, if the 8 is the only correctly formed glyph?

Revision history for this message

Martin Pitt (pitti) wrote on 2011-02-15:

#27

While the original crash cannot be reproduced any more because the relevant page has been fixed, it doesn't show regressions either, so I think we can proceed with this.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-02-15:

#28

This bug was fixed in the package pango1.0 - 1.28.2-0ubuntu1

---------------
pango1.0 (1.28.2-0ubuntu1) maverick-proposed; urgency=low

  * New upstream release
    - LP: #655707 - firefox-bin crashes with SIGFPE _hb_sanitize_array
  * Refresh debian/patches/13_fix_gir_build.patch
-- Chris Coulson <email address hidden> Fri, 19 Nov 2010 11:20:57 +0000

Changed in pango1.0 (Ubuntu Maverick):
status:	Fix Committed → Fix Released

Revision history for this message

Fabri Velas (fabrivelas) wrote on 2011-02-15:

#29

Fix works for me on maverick. I crashed firefox with code.google.com/webfonts and it did not crash anymore after installation of libpango from maverick-proposed. Thanks for fixing.

Revision history for this message

selectstar (martinsarsini) wrote on 2011-02-15:

#30

works for me as well already from some time
thank you to everyone, great job

Martin Pitt (pitti) on 2011-02-15

tags:

added: verification-done
removed: verification-needed