Closed Bug 1430552 Opened 2 years ago Closed 2 years ago

Crash in gfxFT2FontBase::GetFTGlyphAdvance

Categories

(Core :: Graphics: Text, defect, critical)

Unspecified
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- unaffected
firefox59 --- fixed

People

(Reporter: cyu, Assigned: jfkthame)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file, 1 obsolete file)

This bug was filed from the Socorro interface and is
report bp-8a875b3b-0189-4dcb-bcda-a422f0180114.
=============================================================

Top 10 frames of crashing thread:

0 libxul.so gfxFT2FontBase::GetFTGlyphAdvance gfx/thebes/gfxFT2FontBase.cpp:522
1 libxul.so gfxFT2FontBase::GetGlyphWidth 
2 libxul.so _hb_ot_shape 
3 libxul.so hb_shape_plan_execute 
4 libxul.so hb_shape_full gfx/harfbuzz/src/hb-shape.cc:132
5 libxul.so gfxHarfBuzzShaper::ShapeText 
6 libxul.so gfxFont::ShapeText 
7 libxul.so gfxFont::ShapeText 
8 libxul.so gfxFont::GetShapedWord<unsigned char> gfx/thebes/gfxFont.cpp:2693
9 libxul.so gfxFont::SplitAndInitTextRun<unsigned char> gfx/thebes/gfxFont.cpp:3109

=============================================================
3 crashes out of 2 installations on Android nightly build 20180112220334. The earliest build that has this crash is 20180108100050. Looks like null deref in face.get()->glyph->linearHoriAdvance: https://hg.mozilla.org/mozilla-central/annotate/f5b4481c9fd5/gfx/thebes/gfxFT2FontBase.cpp#l522
Correction: this is on Linux, not Android.

Any ideas, Jonathan? Thanks.
Flags: needinfo?(jfkthame)
I'm not sure exactly how error conditions would arise here, but we should add error checks and bail out if the font seems to be broken, rather than crashing. I've left assertions in here because if someone with a debug build could reproduce such a failure, it would be interesting to examine how it's actually happening, but in any case we want to handle it safely.
Attachment #8942637 - Flags: review?(lsalzman)
Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
I haven't reproduced a crash here locally (I'm guessing it may be associated with a bad/weird font of some kind?), but AFAICS this should avoid the risk of crashing.
Attachment #8942640 - Flags: review?(lsalzman)
Attachment #8942637 - Attachment is obsolete: true
Attachment #8942637 - Flags: review?(lsalzman)
(Sorry, didn't mean to attach the patch twice! But you get the idea, anyhow....)
Flags: needinfo?(jfkthame)
Attachment #8942640 - Flags: review?(lsalzman) → review+
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/b976970749f3
Handle possible freetype failures in gfxFT2FontBase::GetFTGlyphAdvance to avoid risk of crashes. r=lsalzman
https://hg.mozilla.org/mozilla-central/rev/b976970749f3
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.