tag 406698 confirmed clone 406698 -1 clone 406698 -2 reassign -1 libxul0d reassign -1 iceweasel thanks
On Sat, Jan 13, 2007 at 02:32:40AM +0100, Eric Van Buggenhaut <[EMAIL PROTECTED]> wrote: > Package: iceape-browser > Version: 1.0.7-2 > Severity: normal > > When I try to open: > > http://www.archivodefamosas.com > > iceape-browser hangs and I have to kill -9 it I can confirm this behaviour with epiphany (using libxul0d) and iceweasel, too, though I had to scroll before it hanged. They seem to freeze in the "crash recovery", and the backtrace traces back to the same array of code, though not exactly the same. libxul0d traces back to a "delete[] utf8_spacing;" in nsFontMetricsPango::DrawStringSlowly while iceweasel and iceape trace back to the preceding "gdk_draw_layout_line(aDrawable, aGC, aX, aY, aLine);" line. Running all these through gdb reveals various glibc warnings. I even got a segmentation fault with iceape... Anyways, I ran this through valgrind, and after a while, I got this interesting information that may be the cause of the problem: ==8089== Invalid write of size 4 ==8089== at 0x77E4598: nsFontMetricsPango::DrawStringSlowly(char const*, unsigned short const*, unsigned, _GdkDrawable*, _GdkGC*, int, int, _PangoLayoutLine*, int const*) (nsFontMetricsPango.cpp:1338) ==8089== by 0x77E76A5: nsFontMetricsPango::DrawString(unsigned short const*, unsigned, int, int, int, int const*, nsRenderingContextGTK*, nsDrawingSurfaceGTK*) (nsFontMetricsPango.cpp:788) ==8089== by 0x77D9CF9: nsRenderingContextGTK::DrawString(unsigned short const*, unsigned, int, int, int, int const*) (nsRenderingContextGTK.cpp:1324) ==8089== by 0x5F2ACCD: nsTextFrame::RenderString(nsIRenderingContext&, nsStyleContext*, nsPresContext*, nsTextFrame::TextPaintStyle&, unsigned short*, int, int, int, int, int, SelectionDetails*) (nsTextFrame.cpp:3083) ==8089== by 0x5F2D4B4: nsTextFrame::PaintTextSlowly(nsPresContext*, nsIRenderingContext&, nsStyleContext*, nsTextFrame::TextPaintStyle&, int, int) (nsTextFrame.cpp:3364) ==8089== by 0x5F2F6A2: nsTextFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsTextFrame.cpp:1604) ==8089== by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) (nsContainerFrame.cpp:282) ==8089== by 0x5ECC5C6: nsBlockFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) (nsBlockFrame.h:286) ==8089== by 0x5ED1137: nsBlockFrame::PaintChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsBlockFrame.cpp:6470) ==8089== by 0x5EF727D: nsHTMLContainerFrame::PaintDecorationsAndChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, int, unsigned) (nsHTMLContainerFrame.cpp:136) ==8089== by 0x5ED0CD6: nsBlockFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsBlockFrame.cpp:6364) ==8089== by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) (nsContainerFrame.cpp:282) ==8089== Address 0x967EFEC is 0 bytes after a block of size 44 alloc'd ==8089== at 0x401D7C1: operator new[](unsigned) (vg_replace_malloc.c:195) ==8089== by 0x77E4545: nsFontMetricsPango::DrawStringSlowly(char const*, unsigned short const*, unsigned, _GdkDrawable*, _GdkGC*, int, int, _PangoLayoutLine*, int const*) (nsFontMetricsPango.cpp:1329) ==8089== by 0x77E76A5: nsFontMetricsPango::DrawString(unsigned short const*, unsigned, int, int, int, int const*, nsRenderingContextGTK*, nsDrawingSurfaceGTK*) (nsFontMetricsPango.cpp:788) ==8089== by 0x77D9CF9: nsRenderingContextGTK::DrawString(unsigned short const*, unsigned, int, int, int, int const*) (nsRenderingContextGTK.cpp:1324) ==8089== by 0x5F2ACCD: nsTextFrame::RenderString(nsIRenderingContext&, nsStyleContext*, nsPresContext*, nsTextFrame::TextPaintStyle&, unsigned short*, int, int, int, int, int, SelectionDetails*) (nsTextFrame.cpp:3083) ==8089== by 0x5F2D4B4: nsTextFrame::PaintTextSlowly(nsPresContext*, nsIRenderingContext&, nsStyleContext*, nsTextFrame::TextPaintStyle&, int, int) (nsTextFrame.cpp:3364) ==8089== by 0x5F2F6A2: nsTextFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsTextFrame.cpp:1604) ==8089== by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) (nsContainerFrame.cpp:282) ==8089== by 0x5ECC5C6: nsBlockFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) (nsBlockFrame.h:286) ==8089== by 0x5ED1137: nsBlockFrame::PaintChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsBlockFrame.cpp:6470) ==8089== by 0x5EF727D: nsHTMLContainerFrame::PaintDecorationsAndChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, int, unsigned) (nsHTMLContainerFrame.cpp:136) ==8089== by 0x5ED0CD6: nsBlockFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) (nsBlockFrame.cpp:6364) I got this with iceape and epiphany. Haven't tried with iceweasel, but that may be the same. This also means this is a pango backend related problem, and indeed, running with MOZ_DISABLE_PANGO=1 doesn't freeze. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

