Closed Bug 1460543 Opened 8 years ago Closed 8 years ago

Crash @ gfxFontEntry::GetVariationsForStyle when loading @font face html

Categories

(Core :: Layout: Text and Fonts, defect, P2)

Product:
Core
Component:
Layout: Text and Fonts
Version:
62 Branch
Platform:
x86_64
Windows 10
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla62
Tracking Flags:
Tracking Status
firefox62 --- verified

People

(Reporter: roxana.leitan, Assigned: jfkthame)

References

(Blocks 1 open bug)

Details

Crash Data

Attachments

(2 files)

test font face.html
2.67 KB, text/html
Details
Check for null (default) style parameter in gfxDWriteFontEntry::CreateFontFace before dereferencing it
1.15 KB, patch
jwatt
: review+
Details | Diff | Splinter Review
Attached file test font face.html
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID:20180509220105 [Affected versions]: Nightly 62.0a1 [Affected platforms]: Windows 10 x64 [Steps to reproduce]: 1.Launch Nightly 62.0a1 with a new profile 2.Open the attached Html [Expected result]: The Html should be displayed correctly [Actual result]: Crash: https://crash-stats.mozilla.com/report/index/fb17dabd-99ac-4b5c-9654-b881d0180510
Confirmed this crashes on Win10 for me, too. On macOS, it doesn't crash, though the rendering is incorrect: it uses the bold weight even for the body text that should be regular.
Assignee: nobody → jfkthame
Priority: -- → P2
Oh, wait... the second @font-face rule doesn't have a font-weight descriptor, so it essentially overrides the first. So the bold rendering is expected, as all the content uses the rule with the font-variation-settings descriptor. Crashing is still just as bad, though.
The DW code uses gfxDWriteFontEntry::CreateFontFace without passing a specific gfxFontStyle when it just needs to instantiate a face to read font tables, etc., so we need to handle this safely.
Attachment #8974680 - Flags: review?(jwatt)
(In reply to Jonathan Kew (:jfkthame) from comment #1) > On macOS, it doesn't crash, > though the rendering is incorrect: it uses the bold weight even for the body > text that should be regular. Will you file a separate bug for that?
(In reply to Jonathan Kew (:jfkthame) from comment #2) > Oh, wait... Doh, jumped the gun there. ;)
Comment on attachment 8974680 [details] [diff] [review] Check for null (default) style parameter in gfxDWriteFontEntry::CreateFontFace before dereferencing it Review of attachment 8974680 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/thebes/gfxDWriteFontList.cpp @@ +784,5 @@ > > // Get the variation settings needed to instantiate the fontEntry > // for a particular fontStyle. > AutoTArray<gfxFontVariation,4> vars; > + GetVariationsForStyle(vars, aFontStyle ? *aFontStyle : gfxFontStyle()); Maybe expand the comment above these lines.
Attachment #8974680 - Flags: review?(jwatt) → review+
Pushed by jkew@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1819372b068a Check for null (default) style parameter in gfxDWriteFontEntry::CreateFontFace before dereferencing it. r=jwatt
https://hg.mozilla.org/mozilla-central/rev/1819372b068a
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox62: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID:20180510220127 I cannot reproduce the crash on the latest Nightly 62.0a1 on Windows 10 x64.
Status: RESOLVED → VERIFIED
status-firefox62: fixedverified
Version: 61 Branch → 62 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: