Closed Bug 1452467 Opened 4 years ago Closed 4 years ago

[@ OOM | large | ...] crashes in mozilla::gfx::DWriteFontFileStream::DWriteFontFileStream


(Core :: Graphics, defect, P3)




Tracking Status
firefox-esr52 --- wontfix
firefox59 --- wontfix
firefox60 --- verified
firefox61 --- verified


(Reporter: philipp, Assigned: aosmond)


(Keywords: crash, Whiteboard: [gfx-noted])

Crash Data


(1 file)

This bug was filed from the Socorro interface and is
report bp-7b912f82-abc2-4faa-bbc6-1c78a0180408.

Top 10 frames of crashing thread:

0 mozglue.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33
1 mozglue.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:54
2 mozglue.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:72
3 xul.dll std::_Allocate vs2017_15.4.2/VC/include/xmemory0:78
4 xul.dll std::vector<unsigned char, std::allocator<unsigned char> >::_Resize<<lambda_1c24340e0c23a1361b49dbc3231bff51> > vs2017_15.4.2/VC/include/vector:1491
5 xul.dll mozilla::gfx::DWriteFontFileStream::DWriteFontFileStream gfx/2d/NativeFontResourceDWrite.cpp:174
6 xul.dll mozilla::gfx::NativeFontResourceDWrite::Create gfx/2d/NativeFontResourceDWrite.cpp:236
7 xul.dll mozilla::gfx::Factory::CreateNativeFontResource gfx/2d/Factory.cpp:599
8 xul.dll mozilla::gfx::RecordedFontData::PlayEvent gfx/2d/RecordedEventImpl.h:2776
9 xul.dll mozilla::layout::PrintTranslator::TranslateRecording layout/printing/PrintTranslator.cpp:60


these crashes on windows have been around for a while. it appears to predominantly affect builds with asian locales (75% zh-cn, 5% ja).

the user comment to the report in question says: "Crashing while printing document with pdf", so perhaps url correlations could find some sites where this is reproducible.
I'm not sure if there is much else to be done besides gracefully failing the alloc, unless there is some font specific trick to avoiding an OOM? They can be quite large, 20M+, in some reports.
Assignee: nobody → aosmond
Attachment #8967441 - Flags: review?(lsalzman)
Priority: -- → P3
Whiteboard: [gfx-noted]
Attachment #8967441 - Flags: review?(lsalzman) → review+
Pushed by
Make native font resource memory allocations fallible. r=lsalzman
Backout by
Backed out changeset e5336e51b77f for Windows static analysis build bustage on a CLOSED TREE. r=aosmond
Pushed by
Make native font resource memory allocations fallible. r=lsalzman
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
could you request uplift to beta in case you deem fit to do so? thank you
Flags: needinfo?(aosmond)
Comment on attachment 8967441 [details] [diff] [review]
0001-Bug-1452467-Make-native-font-resource-memory-allocat.patch, v1

Approval Request Comment
[Feature/Bug causing the regression]: N/A
[User impact if declined]: May OOM crash when using very large fonts, e.g. asian locales.
[Is this code covered by automated tests?]: Yes, for the success condition. I don't think we ever hit the OOM in testing however.
[Has the fix been verified in Nightly?]: Yes, in so far that it hasn't caused any new problems. Rate of reproduction is too low on nightly.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: No.
[Why is the change risky/not risky?]: It is just a change from an vector to an nsTArray (for fallible allocations) and handling the alloc failure. The original methods could fail before, so minimal extra plumbing was required.
[String changes made/needed]: None.
Flags: needinfo?(aosmond)
Attachment #8967441 - Flags: approval-mozilla-beta?
Comment on attachment 8967441 [details] [diff] [review]
0001-Bug-1452467-Make-native-font-resource-memory-allocat.patch, v1

Fix for a long standing high volume crash, let's take this for beta 15.
Attachment #8967441 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
We should look back at crash-stats mid next week to verify the fix in beta.
Flags: qe-verify+
the signature itself is a fairly generic one and the crashes described here make up only a subset of it. 

i'd expect the volume of the signature to drop by half with a fix in beta & this query should stay without results:
I was not able to reproduce the crash with the steps provided.
Per Mozilla Crash reports, the number of crashes is significantly lower in the last week, 60.0b15 with 13 crashes reported and 60.0b16 with 4 crashes:
Andrew, can you please take a look at the crash stats and let me know if I can close this bug?
Flags: needinfo?(aosmond)
According to the stats reports no crashes were reported on the latest builds:
Marking bug as Verified.
Flags: qe-verify+
Flags: needinfo?(aosmond)
You need to log in before you can comment on or make changes to this bug.