Bug#406698: iceape-browser hangs when opening a specific webpage

2007-01-13 Thread Mike Hommey 
On Sat, Jan 13, 2007 at 10:00:48AM +0100, Mike Hommey <[EMAIL PROTECTED]> wrote:
> tag 406698 confirmed
> clone 406698 -1
> clone 406698 -2
> reassign -1 libxul0d
> reassign -1 iceweasel
> thanks
> 
> On Sat, Jan 13, 2007 at 02:32:40AM +0100, Eric Van Buggenhaut <[EMAIL 
> PROTECTED]> wrote:
> > Package: iceape-browser
> > Version: 1.0.7-2
> > Severity: normal
> > 
> > When I try to open:
> > 
> > http://www.archivodefamosas.com
> > 
> > iceape-browser hangs and I have to kill -9 it
> 
> I can confirm this behaviour with epiphany (using libxul0d) and
> iceweasel, too, though I had to scroll before it hanged.
> 
> They seem to freeze in the "crash recovery", and the backtrace traces
> back to the same array of code, though not exactly the same.
> 
> libxul0d traces back to a "delete[] utf8_spacing;" in
> nsFontMetricsPango::DrawStringSlowly while iceweasel and iceape trace
> back to the preceding "gdk_draw_layout_line(aDrawable, aGC, aX, aY, aLine);"
> line.
> 
> Running all these through gdb reveals various glibc warnings. I even got
> a segmentation fault with iceape...
> 
> Anyways, I ran this through valgrind, and after a while, I got this
> interesting information that may be the cause of the problem:
> 
(...)

which, in turn, may be due to the fact that the page contains null
characters. Replacing them with spaces makes iceape and friends stop
freezing.

The problem seems then to be in nsFontMetricsPango::DrawString where
g_utf16_to_utf8 will stop at null characters, in which case the string
length passed to DrawStringSlowly is much longer than what the utf8
string passed is. And utf8_spacing is created depending on the size of
this utf8 string...

Mike


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#406698: iceape-browser hangs when opening a specific webpage

2007-01-13 Thread Mike Hommey 
tag 406698 confirmed
clone 406698 -1
clone 406698 -2
reassign -1 libxul0d
reassign -1 iceweasel
thanks

On Sat, Jan 13, 2007 at 02:32:40AM +0100, Eric Van Buggenhaut <[EMAIL 
PROTECTED]> wrote:
> Package: iceape-browser
> Version: 1.0.7-2
> Severity: normal
> 
> When I try to open:
> 
> http://www.archivodefamosas.com
> 
> iceape-browser hangs and I have to kill -9 it

I can confirm this behaviour with epiphany (using libxul0d) and
iceweasel, too, though I had to scroll before it hanged.

They seem to freeze in the "crash recovery", and the backtrace traces
back to the same array of code, though not exactly the same.

libxul0d traces back to a "delete[] utf8_spacing;" in
nsFontMetricsPango::DrawStringSlowly while iceweasel and iceape trace
back to the preceding "gdk_draw_layout_line(aDrawable, aGC, aX, aY, aLine);"
line.

Running all these through gdb reveals various glibc warnings. I even got
a segmentation fault with iceape...

Anyways, I ran this through valgrind, and after a while, I got this
interesting information that may be the cause of the problem:

==8089== Invalid write of size 4
==8089==at 0x77E4598: nsFontMetricsPango::DrawStringSlowly(char const*, 
unsigned short const*, unsigned, _GdkDrawable*, _GdkGC*, int, int, 
_PangoLayoutLine*, int const*) (nsFontMetricsPango.cpp:1338)
==8089==by 0x77E76A5: nsFontMetricsPango::DrawString(unsigned short const*, 
unsigned, int, int, int, int const*, nsRenderingContextGTK*, 
nsDrawingSurfaceGTK*) (nsFontMetricsPango.cpp:788)
==8089==by 0x77D9CF9: nsRenderingContextGTK::DrawString(unsigned short 
const*, unsigned, int, int, int, int const*) (nsRenderingContextGTK.cpp:1324)
==8089==by 0x5F2ACCD: nsTextFrame::RenderString(nsIRenderingContext&, 
nsStyleContext*, nsPresContext*, nsTextFrame::TextPaintStyle&, unsigned short*, 
int, int, int, int, int, SelectionDetails*) (nsTextFrame.cpp:3083)
==8089==by 0x5F2D4B4: nsTextFrame::PaintTextSlowly(nsPresContext*, 
nsIRenderingContext&, nsStyleContext*, nsTextFrame::TextPaintStyle&, int, int) 
(nsTextFrame.cpp:3364)
==8089==by 0x5F2F6A2: nsTextFrame::Paint(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) 
(nsTextFrame.cpp:1604)
==8089==by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) 
(nsContainerFrame.cpp:282)
==8089==by 0x5ECC5C6: nsBlockFrame::PaintChild(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) 
(nsBlockFrame.h:286)
==8089==by 0x5ED1137: nsBlockFrame::PaintChildren(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) 
(nsBlockFrame.cpp:6470)
==8089==by 0x5EF727D: 
nsHTMLContainerFrame::PaintDecorationsAndChildren(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, int, unsigned) 
(nsHTMLContainerFrame.cpp:136)
==8089==by 0x5ED0CD6: nsBlockFrame::Paint(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) 
(nsBlockFrame.cpp:6364)
==8089==by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) 
(nsContainerFrame.cpp:282)
==8089==  Address 0x967EFEC is 0 bytes after a block of size 44 alloc'd
==8089==at 0x401D7C1: operator new[](unsigned) (vg_replace_malloc.c:195)
==8089==by 0x77E4545: nsFontMetricsPango::DrawStringSlowly(char const*, 
unsigned short const*, unsigned, _GdkDrawable*, _GdkGC*, int, int, 
_PangoLayoutLine*, int const*) (nsFontMetricsPango.cpp:1329)
==8089==by 0x77E76A5: nsFontMetricsPango::DrawString(unsigned short const*, 
unsigned, int, int, int, int const*, nsRenderingContextGTK*, 
nsDrawingSurfaceGTK*) (nsFontMetricsPango.cpp:788)
==8089==by 0x77D9CF9: nsRenderingContextGTK::DrawString(unsigned short 
const*, unsigned, int, int, int, int const*) (nsRenderingContextGTK.cpp:1324)
==8089==by 0x5F2ACCD: nsTextFrame::RenderString(nsIRenderingContext&, 
nsStyleContext*, nsPresContext*, nsTextFrame::TextPaintStyle&, unsigned short*, 
int, int, int, int, int, SelectionDetails*) (nsTextFrame.cpp:3083)
==8089==by 0x5F2D4B4: nsTextFrame::PaintTextSlowly(nsPresContext*, 
nsIRenderingContext&, nsStyleContext*, nsTextFrame::TextPaintStyle&, int, int) 
(nsTextFrame.cpp:3364)
==8089==by 0x5F2F6A2: nsTextFrame::Paint(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) 
(nsTextFrame.cpp:1604)
==8089==by 0x5EDF368: nsContainerFrame::PaintChild(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) 
(nsContainerFrame.cpp:282)
==8089==by 0x5ECC5C6: nsBlockFrame::PaintChild(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) 
(nsBlockFrame.h:286)
==8089==by 0x5ED1137: nsBlockFrame::PaintChildren(nsPresContext*, 
nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) 
(nsBlockFrame.cpp:

Bug#406698: iceape-browser hangs when opening a specific webpage

2007-01-13 Thread Andreas Metzler 
In article <[EMAIL PROTECTED]> (gmane.linux.debian.devel.mozilla) you wrote:
> Package: iceape-browser
> Version: 1.0.7-2
> Severity: normal

> When I try to open:

> http://www.archivodefamosas.com

> iceape-browser hangs and I have to kill -9 it

It indeed seems to hang, however a regular "killall iceape-bin" does
the trick for me, i.e. SIGTERM instead of SIGKILL.
cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.(c) Jasper Ffforde


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#406698: iceape-browser hangs when opening a specific webpage

2007-01-12 Thread Eric Van Buggenhaut 
Package: iceape-browser
Version: 1.0.7-2
Severity: normal

When I try to open:

http://www.archivodefamosas.com

iceape-browser hangs and I have to kill -9 it


-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.7n
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: 
LC_ALL set to [EMAIL PROTECTED])

Versions of packages iceape-browser depends on:
ii  libatk1.0-0  1.12.3-1The ATK accessibility toolkit
ii  libc62.3.6.ds1-8 GNU C Library: Shared libraries
ii  libcairo21.2.4-4 The Cairo 2D vector graphics libra
ii  libfontconfig1   2.4.1-2 generic font configuration library
ii  libgcc1  1:4.1.1-19  GCC support library
ii  libglib2.0-0 2.12.4-2The GLib library of C routines
ii  libgtk2.0-0  2.8.20-3The GTK+ graphical user interface 
ii  libjpeg626b-13   The Independent JPEG Group's JPEG 
ii  libmyspell3c21:3.1-17MySpell spellchecking library
ii  libpango1.0-01.14.8-2Layout and rendering of internatio
ii  libpng12-0   1.2.13-4PNG library - runtime
ii  libstdc++6   4.1.1-19The GNU Standard C++ Library v3
ii  libx11-6 2:1.0.3-4   X11 client-side library
ii  libxcursor1  1.1.7-4 X cursor management library
ii  libxext6 1:1.0.1-2   X11 miscellaneous extension librar
ii  libxfixes3   1:4.0.1-5   X11 miscellaneous 'fixes' extensio
ii  libxft2  2.1.8.2-8   FreeType-based font drawing librar
ii  libxi6   1:1.0.1-4   X11 Input extension library
ii  libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library
ii  libxrandr2   2:1.1.0.2-5 X11 RandR extension library
ii  libxrender1  1:0.9.1-3   X Rendering Extension client libra
ii  libxt6   1:1.0.2-2   X11 toolkit intrinsics library
ii  zlib1g   1:1.2.3-13  compression library - runtime

Versions of packages iceape-browser recommends:
pn  iceape-gnome-support   (no description available)

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]