Crash in gfxUserFontEntry::LoadPlatformFont
Categories
(Core :: Graphics, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox66 | - | fix-optional |
firefox67 | - | fix-optional |
People
(Reporter: gsvelto, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug is for crash report bp-c52d99d7-35e9-4c42-9b9a-2f4180190126.
Top 10 frames of crashing thread:
0 libxul.so gfxUserFontEntry::LoadPlatformFont gfx/thebes/gfxUserFontSet.cpp:747
1 libxul.so gfxUserFontEntry::FontDataDownloadComplete gfx/thebes/gfxUserFontSet.cpp:805
2 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:267
3 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:94
4 libxul.so nsCORSListenerProxy::OnStopRequest netwerk/protocol/http/nsCORSListenerProxy.cpp:615
5 libxul.so mozilla::extensions::ChannelWrapper::RequestListener::OnStopRequest toolkit/components/extensions/webrequest/ChannelWrapper.cpp:948
6 libxul.so mozilla::net::nsStreamListenerTee::OnStopRequest netwerk/base/nsStreamListenerTee.cpp:42
7 libxul.so mozilla::net::nsHttpChannel::ContinueOnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7787
8 libxul.so mozilla::net::nsHttpChannel::ContinueOnStopRequestAfterAuthRetry netwerk/protocol/http/nsHttpChannel.cpp:7618
9 libxul.so mozilla::net::nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7552
The crash addresses make this seems like an UAF.
Comment 1•5 years ago
|
||
Bug 1519918 landed in build 20190121175139 where the crash rate surges in nightly. Seems like it might be related. Any ideas Emilio?
Comment 2•5 years ago
|
||
Yes, I'm investigating issues around this code now... It's quite messy. My patch trying to fix all this trips some SVG tests I need to debug:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=84d605a46d95a0875ddab6a08d72a45d7c29a08f
Comment 3•5 years ago
|
||
I think bug 1523181 should take care of this. I'll cycle back if it does not.
Updated•5 years ago
|
Comment 4•5 years ago
|
||
Actually let's track this in bug 1522417.
Comment 5•5 years ago
|
||
Tracking in the duplicate bug.
Comment 6•5 years ago
|
||
Curiously, I see 16x more crash reports with this signature from ARM64 builds of Fennec 67 Nightly than from ARMv7 builds.
Liz, can you please CC me on the duplicate bug 1522417 so I can track this bug for the ARM64 Fennec release?
Updated•5 years ago
|
Description
•