FS#59578 - [chromium] Coredump involving libharfbuzz (x-bug: firefox)

Attached to Project: Arch Linux
Opened by Anonymous Submitter - Wednesday, 08 August 2018, 20:08 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 09 August 2018, 11:04 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 9
Private No



On some web pages (possibly those using JS for layout), Chromium's tab crashes with the the following coredump:

Aug 08 21:55:17 wismut systemd-coredump[2456]: Process 2183 (chromium) of user 1000 dumped core.

Stack trace of thread 8:
#0 0x00007f83bbeeab5f raise (libc.so.6)
#1 0x00007f83bbed5452 abort (libc.so.6)
#2 0x00007f83bbed5328 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007f83bbee3176 __assert_fail (libc.so.6)
#4 0x00007f83c122d0f4 n/a (libharfbuzz.so.0)
#5 0x00007f83c124e6b8 n/a (libharfbuzz.so.0)
#6 0x00007f83c1213c92 hb_shape_plan_create2 (libharfbuzz.so.0)
#7 0x00007f83c1214756 hb_shape_plan_create_cached2 (libharfbuzz.so.0)
#8 0x00007f83c1213a20 hb_shape_full (libharfbuzz.so.0)
#9 0x000055de3aa66ca4 n/a (chromium)
#10 0x000055de3aa677fb n/a (chromium)
#11 0x000055de3aa632fe n/a (chromium)
#12 0x000055de3aa649e9 n/a (chromium)
#13 0x000055de3aa63571 n/a (chromium)
#14 0x000055de3ba912b5 n/a (chromium)
#15 0x000055de3ba90dd0 n/a (chromium)
#16 0x000055de3ba903cc n/a (chromium)
#17 0x000055de3a7d3ec9 n/a (chromium)
#18 0x000055de3a7657fc n/a (chromium)
#19 0x000055de3a780acd n/a (chromium)
#20 0x000055de3a781a96 n/a (chromium)
#21 0x000055de3a784d93 n/a (chromium)
#22 0x00007f83c3faa368 g_main_context_dispatch (libglib-2.0.so.0)
#23 0x00007f83c3faa5b1 n/a (libglib-2.0.so.0)
#24 0x00007f83c3faa63e g_main_context_iteration (libglib-2.0.so.0)
#25 0x000055de3a784ad3 n/a (chromium)
#26 0x000055de3a7a5ae4 n/a (chromium)
#27 0x000055de3a4544c0 n/a (chromium)
#28 0x000055de39206e9e n/a (chromium)
#29 0x000055de392091c3 n/a (chromium)
#30 0x000055de39202507 n/a (chromium)
#31 0x000055de3a42fd0a n/a (chromium)
#32 0x000055de3a439231 n/a (chromium)
#33 0x000055de3a42dcc4 n/a (chromium)
#34 0x000055de388a2b57 cfree (chromium)
#35 0x00007f83bbed7003 __libc_start_main (libc.so.6)
#36 0x000055de3876302e _start (chromium)

Interestingly, the a similar error (crashing tabs) occurs in Firefox on the same web sites, involving libharfbuzz too:

Aug 08 21:58:03 wismut systemd-coredump[3570]: Process 3529 (Web Content) of user 1000 dumped core.

Stack trace of thread 3529:
#0 0x00007f5bc8282b5f raise (libc.so.6)
#1 0x00007f5bc826d452 abort (libc.so.6)
#2 0x00007f5bc826d328 __assert_fail_base.cold.0 (libc.so.6)
#3 0x00007f5bc827b176 __assert_fail (libc.so.6)
#4 0x00007f5bc19de0f4 n/a (libharfbuzz.so.0)
#5 0x00007f5bc19ff6b8 n/a (libharfbuzz.so.0)
#6 0x00007f5bc19db790 n/a (libharfbuzz.so.0)
#7 0x00007f5bc19db8ef hb_ot_layout_table_find_script (libharfbuzz.so.0)
#8 0x00007f5bc19dcc52 hb_ot_layout_collect_features (libharfbuzz.so.0)
#9 0x00007f5bc19dd27d hb_ot_layout_collect_lookups (libharfbuzz.so.0)
#10 0x00007f5bc2e74802 n/a (libfreetype.so.6)
#11 0x00007f5bc2e74d4d n/a (libfreetype.so.6)
#12 0x00007f5bc2e75649 n/a (libfreetype.so.6)
#13 0x00007f5bc2e27818 FT_Load_Glyph (libfreetype.so.6)
#14 0x00007f5bbc81bffe n/a (libxul.so)

Additional info:
* package version(s): chromium 68.0.3440.84-2, harfbuzz 1.8.6-1, firefox 61.0.1-2

Steps to reproduce:

* A package that triggers the issue is for example the qbittorrent web interface, in Firefox as well as Chromium.
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Thursday, 09 August 2018, 11:04 GMT
Reason for closing:  Fixed
Additional comments about closing:  Reportedly fixed by upgrading to harfbuzz 1.8.7-1.
Comment by Jay Little (jaylittle) - Wednesday, 08 August 2018, 23:44 GMT
I appear to be seeing this issue as well. The following URL causes the browser/tab to consistently crash in both Chromium and Firefox for me:


Downgrading to the following package versions works around the issue for me (though Chromium still complains about broken Plasma integration, it works without crashing):

Comment by Jay Little (jaylittle) - Thursday, 09 August 2018, 02:02 GMT
I was able to resolve this issue by removing my custom fonts from the equation:

mv ~/.fonts ~/.fonts.old
fc-cache -vf

I was then able to restore those fonts and replicate the problem consistently again. My firefox crash dump actually listed a few specific ttf files so I started with removing those one by one. I managed to pick the right ones on the first try: tahoma.ttf and tahomabd.ttf. Adding either one of those back allows me to replicate the crash scenario. YMMV of course.
Comment by anonymous (Austaras) - Thursday, 09 August 2018, 03:09 GMT
same here,
https://ng.ant.design crashes my firefox
after remove Ping Fang Sc, everything works fine
Comment by Piotr Dziwinski (piotrdz) - Thursday, 09 August 2018, 06:08 GMT
I am also experiencing this bug, and I can also confirm that removing specific TTF fonts fixes the issue. In my case, I was using ttf-ms-win10 from AUR and removing this package fixed the problem for me.
Comment by Mike Javorski (javmorin) - Thursday, 09 August 2018, 06:43 GMT
I am encountering this issue when attempting to open an excel doc with libreoffice (both -still and -fresh versions). I have ttf-ms-win10 installed, and removing it allows libreoffice to run. I have to work with MS fonts for work so I need to have that font package installed.

I was not experiencing issues yesterday, prior to today's pacman -Syu run which updated harfbuzz* and icu packages
Comment by M. Ham. (MHami) - Thursday, 09 August 2018, 07:18 GMT
Same for me. I also have ttf-ms-win10 installed. I created a ~/.fonts.conf with the following content to work around this issue. Don't know if this works around all issues

<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<patelt name="family" >
Comment by David Roth (V1del) - Thursday, 09 August 2018, 07:35 GMT
There's a new harfbuzz release that is likely to be the fix for this: https://github.com/harfbuzz/harfbuzz/releases/tag/1.8.7
Comment by Darkhan K (darkhan) - Thursday, 09 August 2018, 08:37 GMT
After upgrading harfbuzz to 1.8.7 the issue was resolved for me. Thanks @V1del
Version 1.8.7 is already available in some of the mirrors https://www.archlinux.org/packages/extra/x86_64/harfbuzz/
Comment by Anonymous Submitter - Thursday, 09 August 2018, 09:49 GMT
I can confirm that the upgrade to harfbuzz 1.8.7 solves the issue for me in both Firefox 61.0.2 and Chromium 68.0.3440.106-1.

Requesting closure on this bug as it appears to be solved by upstream.
Comment by Jay Little (jaylittle) - Thursday, 09 August 2018, 10:28 GMT
harfbuzz upgrade resolves the issue for me as well