Closed
Bug 1325813
Opened 7 years ago
Closed 1 year ago
JS-implemented (Adblock?) nsIContentPolicy can be called for fonts during TabChild::ForcePaint
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
mozilla53
Tracking | Status | |
---|---|---|
firefox50 | --- | unaffected |
firefox51 | --- | unaffected |
firefox52 | --- | fixed |
firefox53 | --- | fixed |
People
(Reporter: asqueella, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is report bp-8c5e9702-0eba-435a-9140-ef7f62161225. ============================================================= I had a crash in 2016-12-21 Nightly caused by, I guess, Adblock's implementation of content policy being called during TabChild::ForcePaint via * gfxFontGroup::GetFirstValidFont calling * gfxUserFontEntry::LoadNextSrc calling * gfxUserFontSet::UserFontCache::GetFont calling * FontFaceSet::UserFontSet::IsFontLoadAllowed calling * NS_CheckContentLoadPolicy As far as I understand it's caused by the change in bug 1279086.
Reporter | ||
Comment 1•7 years ago
|
||
This seems to be responsible for 47 crashes with this signature [2] out of 70 [1] for the last week. [1] 70 crashes with this signature https://crash-stats.mozilla.com/search/?signature=%3Djs%3A%3ABarrierMethods%3CT%3E%3A%3AexposeToJS&product=Firefox&date=%3E%3D2016-12-18T12%3A50%3A00.000Z&date=%3C2016-12-25T12%3A50%3A00.000Z&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature [2] 47 crashes with this signature and "ContentPolicy" and "FontFace" in the stack ("proto_signature" in soccoro's terms): <https://crash-stats.mozilla.com/signature/?product=Firefox&proto_signature=~ContentPolicy&proto_signature=~FontFace&signature=js%3A%3ABarrierMethods%3CT%3E%3A%3AexposeToJS&date=%3E%3D2016-12-18T12%3A50%3A00.000Z&date=%3C2016-12-25T12%3A50%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_sort=-date&page=1#reports>)
status-firefox52:
--- → affected
Comment 3•7 years ago
|
||
More specifically, bug 1308039 added the release assert that's being hit here.
Blocks: 1308039
status-firefox50:
--- → unaffected
status-firefox51:
--- → unaffected
Version: Trunk → 52 Branch
Comment 4•7 years ago
|
||
Bug 1328423 tracks backing out bug 1308039, which should resolve this at the same time.
Depends on: 1328423
Updated•7 years ago
|
Assignee: nobody → wmccloskey
Target Milestone: --- → mozilla53
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 7•7 years ago
|
||
This isn't fixed, for example: bf9f9505-d21c-481f-9944-d22512170312 Bill, what should we do about this?
Status: RESOLVED → REOPENED
Flags: needinfo?(wmccloskey)
Resolution: FIXED → ---
Comment 8•7 years ago
|
||
Looks like we are coming from this code: <https://hg.mozilla.org/mozilla-central/annotate/3e73fd638e68/gfx/thebes/gfxTextRun.cpp#l1878>. Jonathan, is it possible to somehow ensure that the font isn't used for painting while LoadState() returns gfxUserFontEntry::STATUS_NOT_LOADED?
Flags: needinfo?(jfkthame)
(In reply to :Ehsan Akhgari from comment #7) > This isn't fixed, for example: bf9f9505-d21c-481f-9944-d22512170312 > > Bill, what should we do about this? The buildid for that crash is 20161102030205. Someone was running a really old build. The fixes for this stuff landed in bug 1328423 (so January 2017).
Flags: needinfo?(wmccloskey)
Assignee: wmccloskey → nobody
Comment 10•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
Comment 11•2 years ago
|
||
The severity field for this bug is relatively low, S3. However, the bug has 3 duplicates.
:dholbert, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dholbert)
Comment 12•1 year ago
|
||
Extensions aren't allowed to reimplement nsIContentPolicy anymore
Status: REOPENED → RESOLVED
Closed: 7 years ago → 1 year ago
Flags: needinfo?(jfkthame)
Flags: needinfo?(dholbert)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•