This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` as [defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 [...] 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Active` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```
Bug 1856637 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` [as defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 [...] 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Active` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```
This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` [as defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 [...] 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] ... 46 00000057`4adfe7f0 00007ffe`0722428c xul!NS_CreateServicesFromCategory+0x375 [/builds/worker/checkouts/gecko/xpcom/components/nsCategoryManager.cpp @ 684] 47 00000057`4adfea80 00007ffe`0722593c xul!XREMain::XRE_mainRun+0x46c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5412] 48 00000057`4adfeda0 00007ffe`04a0c935 xul!XREMain::XRE_main+0x31c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5874] 49 00000057`4adfee50 00007ff6`9eb8f2e4 xul!XRE_main+0x85 [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5930] 4a (Inline Function) --------`-------- firefox!do_main+0xce [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 227] 4b (Inline Function) --------`-------- firefox!NS_internal_main+0x4d0 [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 445] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Active` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```
This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` [as defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 ... 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] ... 46 00000057`4adfe7f0 00007ffe`0722428c xul!NS_CreateServicesFromCategory+0x375 [/builds/worker/checkouts/gecko/xpcom/components/nsCategoryManager.cpp @ 684] 47 00000057`4adfea80 00007ffe`0722593c xul!XREMain::XRE_mainRun+0x46c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5412] 48 00000057`4adfeda0 00007ffe`04a0c935 xul!XREMain::XRE_main+0x31c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5874] 49 00000057`4adfee50 00007ff6`9eb8f2e4 xul!XRE_main+0x85 [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5930] 4a (Inline Function) --------`-------- firefox!do_main+0xce [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 227] 4b (Inline Function) --------`-------- firefox!NS_internal_main+0x4d0 [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 445] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Active` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```
This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` [as defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 ... 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] 2c 00000057`4adfcc20 00007ffe`03925b91 xul!nsAppShellService::JustCreateTopWindow+0x673 [/builds/worker/checkouts/gecko/xpfe/appshell/nsAppShellService.cpp @ 671] 2d 00000057`4adfcde0 00007ffe`039b4049 xul!nsAppShellService::CreateTopLevelWindow+0xa1 [/builds/worker/checkouts/gecko/xpfe/appshell/nsAppShellService.cpp @ 178] 2e 00000057`4adfce90 00007ffe`039d3782 xul!nsAppStartup::CreateChromeWindow+0xf9 [/builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp @ 759] 2f 00000057`4adfcf30 00007ffe`039d83cf xul!nsWindowWatcher::CreateChromeWindow+0x72 [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 439] 30 00000057`4adfcfb0 00007ffe`039da757 xul!nsWindowWatcher::OpenWindowInternal+0x287f [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 1046] 31 00000057`4adfd560 00007ffe`04a08ea2 xul!nsWindowWatcher::OpenWindow+0xd7 [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 295] 32 00000057`4adfd640 00007ffe`042abb25 xul!XPTC__InvokebyIndex+0x72 33 (Inline Function) --------`-------- xul!NS_InvokeByIndex+0x5 [/builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/win32/xptcinvoke_x86_64.cpp @ 57] 34 (Inline Function) --------`-------- xul!CallMethodHelper::Invoke+0x24 [/builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNative.cpp @ 1627] ... 46 00000057`4adfe7f0 00007ffe`0722428c xul!NS_CreateServicesFromCategory+0x375 [/builds/worker/checkouts/gecko/xpcom/components/nsCategoryManager.cpp @ 684] 47 00000057`4adfea80 00007ffe`0722593c xul!XREMain::XRE_mainRun+0x46c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5412] 48 00000057`4adfeda0 00007ffe`04a0c935 xul!XREMain::XRE_main+0x31c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5874] 49 00000057`4adfee50 00007ff6`9eb8f2e4 xul!XRE_main+0x85 [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5930] 4a (Inline Function) --------`-------- firefox!do_main+0xce [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 227] 4b (Inline Function) --------`-------- firefox!NS_internal_main+0x4d0 [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 445] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Active` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```
This main process startup crash started spiking with the release of 118.0, coming from Windows users. We reach [`gfxDWriteFont::UpdateSystemTextVars`](https://searchfox.org/mozilla-central/source/gfx/thebes/gfxDWriteFonts.cpp#135-149) but `gfxVars::sInstance.mRawPtr` is still a `nullptr`, so we crash on `gfxVars::SystemTextQuality()` [as defined here](https://searchfox.org/mozilla-central/source/gfx/config/gfxVars.h#202-226). Example crash report: [here](https://crash-stats.mozilla.org/report/index/319aa5f8-7cfa-4973-9507-bad520231003) Crashing stack on the main thread: ``` # Child-SP RetAddr Call Site 00 00000057`4adfb1d0 00007ffe`0361d230 xul!gfxDWriteFont::UpdateSystemTextVars+0x66 [/builds/worker/checkouts/gecko/gfx/thebes/gfxDWriteFonts.cpp @ 139] 01 00000057`4adfb210 00007ffe`0361a568 xul!nsWindow::ProcessMessageInternal+0x23f0 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 5081] 02 (Inline Function) --------`-------- xul!nsWindow::ProcessMessage+0x1ca [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4890] 03 00000057`4adfb4b0 00007ffe`0361a234 xul!nsWindow::WindowProcInternal+0x2e8 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4842] 04 (Inline Function) --------`-------- xul!CallWindowProcCrashProtected+0x10 [/builds/worker/checkouts/gecko/xpcom/base/nsCrashOnException.cpp @ 27] 05 00000057`4adfb730 00007ffe`92f35c1d xul!nsWindow::WindowProc+0x34 [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 4795] 06 00000057`4adfb780 00007ffe`92f357ec user32!UserCallWinProcCheckWow+0x2bd 07 00000057`4adfb910 00007ffe`92f41f83 user32!DispatchClientMessage+0x9c 08 00000057`4adfb970 00007ffe`935c0464 user32!_fnDWORD+0x33 09 00000057`4adfb9d0 00007ffe`908010c4 ntdll!KiUserCallbackDispatcherContinue 0a 00000057`4adfba58 00007ffe`92f394f2 win32u!NtUserPeekMessage+0x14 0b 00000057`4adfba60 00007ffe`92f39459 user32!_PeekMessage+0x42 0c 00000057`4adfbad0 00007ffe`92dffab0 user32!PeekMessageW+0x149 0d 00000057`4adfbb40 00007ffe`92e00457 msctf!CCtfClientPort::SendAsync+0x400 ... 25 00000057`4adfc8c0 00007ffe`04a21f80 msctf!CThreadInputMgr::Activate+0x17 26 00000057`4adfc8f0 00007ffe`06687378 xul!mozilla::widget::TSFTextStore::Initialize+0xe0 [/builds/worker/checkouts/gecko/widget/windows/TSFTextStore.cpp @ 6796] 27 00000057`4adfc970 00007ffe`03611c8b xul!mozilla::widget::IMEHandler::Initialize+0x18 [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 69] 28 (Inline Function) --------`-------- xul!mozilla::widget::IMEHandler::InitInputContext+0x25d [/builds/worker/checkouts/gecko/widget/windows/WinIMEHandler.cpp @ 490] 29 00000057`4adfc9b0 00007ffe`035b99c8 xul!nsWindow::Create+0x71b [/builds/worker/checkouts/gecko/widget/windows/nsWindow.cpp @ 1203] 2a 00000057`4adfcb30 00007ffe`03926913 xul!nsIWidget::Create+0x128 [/builds/worker/checkouts/gecko/widget/nsIWidget.h @ 463] 2b (Inline Function) --------`-------- xul!mozilla::AppWindow::Initialize+0x172 [/builds/worker/checkouts/gecko/xpfe/appshell/AppWindow.cpp @ 212] 2c 00000057`4adfcc20 00007ffe`03925b91 xul!nsAppShellService::JustCreateTopWindow+0x673 [/builds/worker/checkouts/gecko/xpfe/appshell/nsAppShellService.cpp @ 671] 2d 00000057`4adfcde0 00007ffe`039b4049 xul!nsAppShellService::CreateTopLevelWindow+0xa1 [/builds/worker/checkouts/gecko/xpfe/appshell/nsAppShellService.cpp @ 178] 2e 00000057`4adfce90 00007ffe`039d3782 xul!nsAppStartup::CreateChromeWindow+0xf9 [/builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp @ 759] 2f 00000057`4adfcf30 00007ffe`039d83cf xul!nsWindowWatcher::CreateChromeWindow+0x72 [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 439] 30 00000057`4adfcfb0 00007ffe`039da757 xul!nsWindowWatcher::OpenWindowInternal+0x287f [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 1046] 31 00000057`4adfd560 00007ffe`04a08ea2 xul!nsWindowWatcher::OpenWindow+0xd7 [/builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp @ 295] 32 00000057`4adfd640 00007ffe`042abb25 xul!XPTC__InvokebyIndex+0x72 33 (Inline Function) --------`-------- xul!NS_InvokeByIndex+0x5 [/builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/win32/xptcinvoke_x86_64.cpp @ 57] 34 (Inline Function) --------`-------- xul!CallMethodHelper::Invoke+0x24 [/builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNative.cpp @ 1627] ... 46 00000057`4adfe7f0 00007ffe`0722428c xul!NS_CreateServicesFromCategory+0x375 [/builds/worker/checkouts/gecko/xpcom/components/nsCategoryManager.cpp @ 684] 47 00000057`4adfea80 00007ffe`0722593c xul!XREMain::XRE_mainRun+0x46c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5412] 48 00000057`4adfeda0 00007ffe`04a0c935 xul!XREMain::XRE_main+0x31c [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5874] 49 00000057`4adfee50 00007ff6`9eb8f2e4 xul!XRE_main+0x85 [/builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp @ 5930] 4a (Inline Function) --------`-------- firefox!do_main+0xce [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 227] 4b (Inline Function) --------`-------- firefox!NS_internal_main+0x4d0 [/builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp @ 445] ``` In all these crashes, the call to `gfxDWriteFont::UpdateSystemTextVars` seems to originate from a Windows-internal call to `PeekMessage` as part of `CThreadMgr::Activate` as [called from our `mozilla::widget::TSFTextStore::Initialize` function](https://searchfox.org/mozilla-central/source/widget/windows/TSFTextStore.cpp#6795). In order for `gfxVars::sInstance.mRawPtr` to be something different from `nullptr`, we would need to run after [`mDirProvider.DoStartup();`](https://searchfox.org/mozilla-central/source/toolkit/xre/nsAppRunner.cpp#5430) in `XREMain::XRE_mainRun`. However, the crash stack above occurs during the following call, which is right before that: ```c++ // "app-startup" is the name of both the category and the event NS_CreateServicesFromCategory("app-startup", cmdLine, "app-startup", nullptr); ```