Closed Bug 1523181 Opened 11 months ago Closed 10 months ago

Crash in nsFontFaceLoader::Cancel


(Core :: Layout, defect, P2, critical)




Tracking Status
firefox-esr60 --- unaffected
firefox65 --- unaffected
firefox66 --- fixed
firefox67 --- fixed


(Reporter: gsvelto, Assigned: emilio)



(Keywords: crash)

Crash Data


(1 file)

This bug is for crash report bp-089f7763-2ef4-439d-9e48-cf5800190126.

Top 10 frames of crashing thread:

0 XUL nsFontFaceLoader::Cancel layout/style/nsFontFaceLoader.cpp:321
1 XUL mozilla::dom::FontFaceSet::UpdateRules layout/style/FontFaceSet.cpp:743
2 XUL mozilla::dom::Document::FlushUserFontSet dom/base/Document.cpp:11629
3 XUL nsFontFaceUtils::MarkDirtyForFontChange dom/base/Document.cpp:11592
4 XUL nsFontFaceLoader::LoadTimerCallback layout/base/nsPresContext.cpp:1898
5 XUL nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:559
6 XUL mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:299
7 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1160
8 XUL NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:468
9 XUL mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:88

Duplicate of this bug: 1523184

It seems this is a diagnostic assertion added for bug 1522417 which I don't have access to. Let's mark it block that bug to inform people there.

Blocks: 1522417

Yup, looking at it as we speak. Unfortunately the fix is not as trivial as I had hoped.

Assignee: nobody → emilio
Flags: needinfo?(emilio)

Please re-prioritize if appropriate, Emilio.

Priority: -- → P2

Flushing it at a bad time can cancel loads whose timer / completion
handler is in progress, which makes no sense.

Blocks: 1523182
Flags: needinfo?(emilio)

I got the problem on at load time, but it's not happening at 100%, here's my report:

Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
No longer blocks: 1522417

Comment on attachment 9039612 [details]
Bug 1523181 - Don't implicitly flush the user font set.

Beta/Release Uplift Approval Request

Feature/Bug causing the regression

Bug 1519918

User impact if declined

Crashes, with bad signature.

Is this code covered by automated tests?


Has the fix been verified in Nightly?


Needs manual test from QE?


If yes, steps to reproduce

List of other uplifts needed


Risk to taking this patch


Why is the change risky/not risky? (and alternatives if risky)

Relatively non-isolated change. Alternative would be to back out bug 1519918 from beta.

String changes made/needed

Attachment #9039612 - Flags: approval-mozilla-beta?

Comment on attachment 9039612 [details]
Bug 1523181 - Don't implicitly flush the user font set.

[Triage Comment]
Fixes a new crash in 66, approved for 66.0b6.

Attachment #9039612 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.