crash in gfxFontGroup::FindNonItalicFaceForChar

RESOLVED FIXED in Firefox 41

Status

()

defect
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: jtd, Assigned: jtd)

Tracking

Trunk
mozilla43
Points:
---

Firefox Tracking Flags

(firefox41 fixed, firefox42 fixed, firefox43 fixed)

Details

(crash signature)

Attachments

(1 attachment, 1 obsolete attachment)

Assignee

Description

4 years ago
Searching through gfx-related top crashers for 41.b builds, #9 is a null-deref within gfxFontGroup::FindNonItalicFaceForChar. The problem here is that the Valid() check already occurs within FindOrMakeFont. If !Valid() a nullptr is returned. So the code here just needs to do a null-check rather than calling Valid() again.

https://crash-stats.mozilla.com/report/index/bf1c51b5-5bcc-4bb8-be6f-62e1a2150818
Assignee

Updated

4 years ago
Summary: crash in → crash in gfxFontGroup::FindNonItalicFaceForChar
Assignee

Updated

4 years ago
Crash Signature: gfxFontGroup::FindNonItalicFaceForChar(gfxFontFamily*, unsigned int)
Assignee

Comment 1

4 years ago
Attachment #8651568 - Flags: review?(m_kato)
Assignee

Comment 2

4 years ago
The Valid() check has already been done within FindOrMakeFont, so just pass the result up (either valid or null).
Attachment #8651568 - Attachment is obsolete: true
Attachment #8651568 - Flags: review?(m_kato)
Attachment #8651570 - Flags: review?(m_kato)
Attachment #8651570 - Flags: review?(m_kato) → review+
https://hg.mozilla.org/mozilla-central/rev/c9a6e3c257bc
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Duplicate of this bug: 1198945
Crash Signature: gfxFontGroup::FindNonItalicFaceForChar(gfxFontFamily*, unsigned int) → [@ gfxFontGroup::FindNonItalicFaceForChar(gfxFontFamily*, unsigned int)]
This showed up on the beta 41 crash charts. Could you request an uplift?
Assignee

Comment 7

4 years ago
Comment on attachment 8651570 [details] [diff] [review]
patch, skip duplicate call to Valid()

Approval Request Comment
[Feature/regressing bug #]: crasher caused by null dereference
[User impact if declined]: small number of crashes
[Describe test coverage new/current, TreeHerder]: landed on central monday
[Risks and why]: very minor fix
[String/UUID change made/needed]: none
Attachment #8651570 - Flags: approval-mozilla-beta?
Attachment #8651570 - Flags: approval-mozilla-aurora?
Comment on attachment 8651570 [details] [diff] [review]
patch, skip duplicate call to Valid()

Crash fix that is simple and safe. Aurora42+, Beta41+.
Attachment #8651570 - Flags: approval-mozilla-beta?
Attachment #8651570 - Flags: approval-mozilla-beta+
Attachment #8651570 - Flags: approval-mozilla-aurora?
Attachment #8651570 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.