Closed Bug 1523182 Opened 5 years ago Closed 5 years ago

Crash in gfxUserFontEntry::LoadPlatformFont

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1522417

Tracking Flags:

Tracking

Status

firefox66

fix-optional

firefox67

fix-optional

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Gabriele Svelto [:gsvelto] (PTO)

Reporter

Description

•

5 years ago

This bug is for crash report bp-c52d99d7-35e9-4c42-9b9a-2f4180190126.

Top 10 frames of crashing thread:

0 libxul.so gfxUserFontEntry::LoadPlatformFont gfx/thebes/gfxUserFontSet.cpp:747
1 libxul.so gfxUserFontEntry::FontDataDownloadComplete gfx/thebes/gfxUserFontSet.cpp:805
2 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:267
3 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:94
4 libxul.so nsCORSListenerProxy::OnStopRequest netwerk/protocol/http/nsCORSListenerProxy.cpp:615
5 libxul.so mozilla::extensions::ChannelWrapper::RequestListener::OnStopRequest toolkit/components/extensions/webrequest/ChannelWrapper.cpp:948
6 libxul.so mozilla::net::nsStreamListenerTee::OnStopRequest netwerk/base/nsStreamListenerTee.cpp:42
7 libxul.so mozilla::net::nsHttpChannel::ContinueOnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7787
8 libxul.so mozilla::net::nsHttpChannel::ContinueOnStopRequestAfterAuthRetry netwerk/protocol/http/nsHttpChannel.cpp:7618
9 libxul.so mozilla::net::nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7552

The crash addresses make this seems like an UAF.

Andrew Osmond [:aosmond] (he/him)

Comment 1

•

5 years ago

Bug 1519918 landed in build 20190121175139 where the crash rate surges in nightly. Seems like it might be related. Any ideas Emilio?

Flags: needinfo?(emilio)

Priority: -- → P3

Emilio Cobos Álvarez (:emilio)

Comment 2

•

5 years ago

Yes, I'm investigating issues around this code now... It's quite messy. My patch trying to fix all this trips some SVG tests I need to debug:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=84d605a46d95a0875ddab6a08d72a45d7c29a08f

Emilio Cobos Álvarez (:emilio)

Comment 3

•

5 years ago

I think bug 1523181 should take care of this. I'll cycle back if it does not.

Depends on: 1523181

Flags: needinfo?(emilio)

Emilio Cobos Álvarez (:emilio)

Updated

•

5 years ago

tracking-firefox66: --- → ?

tracking-firefox67: --- → ?

Emilio Cobos Álvarez (:emilio)

Comment 4

•

5 years ago

Actually let's track this in bug 1522417.

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

Liz Henry (:lizzard) (relman/hg->git project)

Comment 5

•

5 years ago

Tracking in the duplicate bug.

status-firefox66: --- → fix-optional

status-firefox67: --- → fix-optional

tracking-firefox66: ? → -

tracking-firefox67: ? → -

Chris Peterson [:cpeterson]

Comment 6

•

5 years ago

Curiously, I see 16x more crash reports with this signature from ARM64 builds of Fennec 67 Nightly than from ARMv7 builds.

Liz, can you please CC me on the duplicate bug 1522417 so I can track this bug for the ARM64 Fennec release?

Flags: needinfo?(lhenry)

Hardware: Unspecified → All

Chris Peterson [:cpeterson]

Updated

•

5 years ago

Flags: needinfo?(lhenry)

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Crash in gfxUserFontEntry::LoadPlatformFont

Categories

(Core :: Graphics, defect, P3)

Tracking

()

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Updated