Closed Bug 1511131 Opened 7 years ago Closed 6 years ago

WR on Android crashes at fivethirtyeight.com (GetScaledFont)

Categories

(Core :: Graphics: WebRender, defect, P3)

Product:
Core
Component:
Graphics: WebRender
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: bholley, Assigned: jnicol)

References

(Blocks 1 open bug)

Details

(Whiteboard: [wr-amvp][wr-q2][wr-april])

Crash Data

Attachments

(1 file)

Bug 1511131 - init UnscaledFontFreeType's face from file when creating scaled fonts. r?jnicol
47 bytes, text/x-phabricator-request
Details | Review
STR: (1) install https://queue.taskcluster.net/v1/task/ZbOcpf3VShmdkeESusiGMg/runs/0/artifacts/public/build/geckoview_example.apk (2) enable WR in about:config (3) visit fivethirtyeight.com and scroll around
Crash stack (from a debug build) indicates GetScaledFont is failing mozilla::gfx::Log<1, mozilla::gfx::CriticalLogger>::WriteLog(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&) Logging.h:729 mozilla::gfx::Log<1, mozilla::gfx::CriticalLogger>::Flush() Logging.h:285 mozilla::gfx::Log<1, mozilla::gfx::CriticalLogger>::~Log() Logging.h:277 mozilla::wr::GetScaledFont(mozilla::gfx::Translator*, mozilla::wr::FontInstanceKey) Moz2DImageRenderer.cpp:315 mozilla::wr::Moz2DRenderCallback(mozilla::Range<unsigned char const>, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::SurfaceFormat, unsigned short const*, mozilla::wr::TypedPoint2D<int, mozilla::wr::TileCoordinate> const*, mozilla::wr::TypedRect<int, mozilla::wr::LayoutPixel> const*, mozilla::Range<unsigned char>) Moz2DImageRenderer.cpp:444 ::wr_moz2d_render_cb(const mozilla::wr::ByteSlice, int32_t, int32_t, mozilla::wr::ImageFormat, const uint16_t *, const mozilla::wr::TileOffset *, const mozilla::wr::LayoutIntRect *, mozilla::wr::MutByteSlice) Moz2DImageRenderer.cpp:492 webrender_bindings::moz2d_renderer::rasterize_blob::h54ec110feb7eacfd moz2d_renderer.rs:524 core::ops::function::Fn::call::h9e8549b76fb51131 0x00000000cd9b263c _$LT$rayon..iter..map..MapFolder$LT$$u27$f$C$$u20$C$C$$u20$F$GT$$u20$as$u20$rayon..iter..plumbing..Folder$LT$T$GT$$GT$::consume::h28a76e6450a634b1 map.rs:225 rayon::iter::plumbing::Folder::consume_iter::h7fd3b261eeac17d2 mod.rs:176 rayon::iter::plumbing::Producer::fold_with::h6e9357f3175fef83 mod.rs:108 rayon::iter::plumbing::bridge_producer_consumer::helper::hcd65b4a7df5847da mod.rs:418 rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::h84bcb5495f816a9b mod.rs:413 rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h45c2983b02c503ac mod.rs:122 _$LT$rayon_core..job..StackJob$LT$L$C$$u20$F$C$$u20$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::_$u7b$$u7b$closure$u7d$$u7d$::h41c8a13eaa330a08 job.rs:113 _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::had8f91c179a19c5b 0x00000000cdaeed6a std::panicking::try::do_call::hf63a757f3396b05b 0x00000000cdaf06a4 __rust_maybe_catch_panic 0x00000000cd931848 std::panicking::try::h80441830b3ade85f 0x00000000cdaf021c std::panic::catch_unwind::h55150b62a74ba1d9 0x00000000cdaef7be rayon_core::unwind::halt_unwinding::had9d5669c49c30af unwind.rs:18 _$LT$rayon_core..job..StackJob$LT$L$C$$u20$F$C$$u20$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::hb28617915177a865 job.rs:113 rayon_core::registry::WorkerThread::execute::h23042e8e03e0d8e3 registry.rs:583 rayon_core::registry::WorkerThread::wait_until_cold::h7f8d811cab851a27 registry.rs:567 rayon_core::registry::WorkerThread::wait_until::h1e6b5c9b30af02a9 registry.rs:543 rayon_core::registry::main_loop::h2f81b64a878fcefb registry.rs:674 std::sys_common::backtrace::__rust_begin_short_backtrace::h924b74c5c0f66386 0x00000000cd8d7c8c std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h6d97af3329bfa2f1 0x00000000cd8d8c8c _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::hdc6b9547884cdac3 0x00000000cd8d8a8e std::panicking::try::do_call::haddd4265a65441d6 0x00000000cdab2148 __rust_maybe_catch_panic 0x00000000cd931848 std::panicking::try::hf8e06d6d6e15052a 0x00000000cdab20ae std::panic::catch_unwind::h1418cc43a1c667ce 0x00000000cd8d8c6e std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::hdf2fe538e1c38a95 0x00000000cd8dc036 _$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h1135cafb8dfe26ad 0x00000000cd8dc43a _$LT$alloc..boxed..Box$LT$$LP$dyn$u20$alloc..boxed..FnBox$LT$A$C$$u20$Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$RP$$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h0361671c8243d617 0x00000000cd9114a6 std::sys_common::thread::start_thread::hd1b180dd2fa4010c 0x00000000cd9114a2 std::sys::unix::thread::Thread::new::thread_start::h63a610b507ecb711 0x00000000cd91149c __pthread_start(void*) 0x00000000eb2898d8 __start_thread 0x00000000eb25d342
This is the relevant entry in sBlobFontTable: second = { mFontKey = { mNamespace = (mHandle = 3) mHandle = 65 } mSize = 73.050003 mOptions = (mStorage = unsigned char [16] @ 0x00007fbc5c3ff2c4, mIsSome = 1 '\x01') mPlatformOptions = (mStorage = unsigned char [2] @ 0x00007fbc5c3ff2d8, mIsSome = 1 '\x01') mVariations = { mTuple = { mozilla::detail::PairHelper<mozilla::gfx::FontVariation *, mozilla::DefaultDelete<mozilla::gfx::FontVariation []>, mozilla::detail::AsMember, mozilla::detail::AsBase> = { mFirstA = 0x00000000 } } } mNumVariations = 0 mScaledFont = { mRawPtr = 0x00000000 } } } And the thing in data.mOptions: (mozilla::wr::FontInstanceOptions) $5 = { render_mode = Alpha flags = (bits = 0) bg_color = (r = 0 '\0', g = 0 '\0', b = 0 '\0', a = 0 '\0') synthetic_italics = (angle = 0) } and the thing in data.mPlatformOptions: (mozilla::wr::FontInstancePlatformOptions) $6 = (lcd_filter = None, hinting = None)
Just realized this is the same problem that Jamie was seeing, bug 1509870.
Blocks: 1508737
See Also: → 1509870
Summary: WR on Android crashes at fivethirtyeight.com → WR on Android crashes at fivethirtyeight.com (GetScaledFont)
Priority: -- → P3
Assignee: nobody → jnicol

Here is my understanding of the lead up to the crash:

When we are preparing a blob image we call process_fonts(), and process a FontTemplate::Native. So we call AddNativeFontHandle() which constructs an UnscaledFontFreeType using the (const char* aHandle, uint32_t aIndex) constructor, which means mFace is nullptr. And it adds an item to sFontDataTable with mUnscaledFont set rather than mData etc.

Then when rasterizing the blob we call GetScaledFont(). This calls GetUnscaledFont(), which finds the matching item in sFontDataTable. Because mUnscaledFont has been set it simpply returns that (rather than creating a font resource from the data). Then it calls unscaled->CreateScaledFontFromWRFont, which leads to UnscaledFontFreeType::CreateScaledFont(). This returns nullptr because mFace is nullptr.

Lee, where are we going wrong here? I can see that in UnscaledFontFontconfig::CreateScaledFont() we have code that creates the scaled font even if mFace == nullptr. Are we missing an implementation of that for android? Or should we not be getting that far in the first place?

Flags: needinfo?(lsalzman)

Theoretically this patch should fix it. Can you test it?

Flags: needinfo?(lsalzman)

This fixes it, thanks Lee

Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5505ed4893d6 init UnscaledFontFreeType's face from file when creating scaled fonts. r=jnicol
Whiteboard: [wr-amvp][wr-q2]
Whiteboard: [wr-amvp][wr-q2] → [wr-amvp][wr-q2][wr-april]

https://hg.mozilla.org/mozilla-central/rev/5505ed4893d6

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Crash Signature: [@ wr_moz2d_render_cb]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: