[Bug 681790] New: Division by zero in _hb_sanitize_array leads to infinite loop in Firefox caused by web fonts
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 3 09:14:08 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Division by zero in _hb_sanitize_array leads to infinite loop in Firefox caused by web fonts
https://bugzilla.redhat.com/show_bug.cgi?id=681790
Summary: Division by zero in _hb_sanitize_array leads to
infinite loop in Firefox caused by web fonts
Product: Fedora
Version: 14
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: pango
AssignedTo: behdad at fedoraproject.org
ReportedBy: nmiell at gmail.com
QAContact: extras-qa at fedoraproject.org
CC: behdad at fedoraproject.org,
fonts-bugs at lists.fedoraproject.org
Classification: Fedora
Description of problem:
Program received signal SIGFPE, Arithmetic exception.
0x000000352121baa1 in _hb_sanitize_array (this=0x7f8536e78fb0,
context=0x7fffda5d5df0) at hb-open-type-private.hh:202
202 bool overflows = len >= ((unsigned int) -1) / record_size;
(gdb) info args
len = 56
record_size = 0
base = 0x7f8536e78fc0 ""
context = <value optimized out>
Version-Release number of selected component (if applicable):
pango-1.28.1-4.fc14.x86_64
How reproducible:
Always.
Steps to Reproduce:
1. Visit www.google.com/webfonts in Firefox
Actual results:
Firefox goes into an infinite loop because its SIGFPE handler endlessly
restarts the division instruction.
Expected results:
No SIGFPE in the first place.
Additional info:
firefox-3.6.13-1.fc14.x86_64
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list