1525351 - Crash in gfxOTSContext::Message

Status: RESOLVED DUPLICATE of bug 1524246

(Core :: Graphics: Text, defect)

Description

[Marcia Knous [:marcia]]

This bug is for crash report bp-33c80048-131b-4435-ab55-773a00190122.

Seen while looking at nightly crash stats: https://bit.ly/2DVaBHI. Marking as a possible UAF based on crash addresses. Goes back to at least when nightly was in 66, Build ID 20190122094123

Top 10 frames of crashing thread:

0 libxul.so gfxOTSContext::Message gfx/thebes/gfxUserFontSet.cpp:220
1 libxul.so ots::ParseScriptListTable gfx/ots/src/layout.cc:1221
2 libxul.so ots::OpenTypeGSUB::Parse gfx/ots/src/gsub.cc:642
3 libxul.so ots::Font::ParseTable gfx/ots/src/ots.cc:946
4 libxul.so  gfx/ots/src/ots.cc:697
5 libxul.so ots::OTSContext::Process gfx/ots/src/ots.cc:502
6 libxul.so gfxUserFontEntry::LoadPlatformFont gfx/thebes/gfxUserFontSet.cpp:252
7 libxul.so gfxUserFontEntry::FontDataDownloadComplete gfx/thebes/gfxUserFontSet.cpp:805
8 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:256
9 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:94

Comment 1

[Alex Gaynor [:Alex_Gaynor]]

Plausibly the same as bug 1524246?

Comment 2

[Emilio Cobos Álvarez (:emilio)]

Sounds pretty likely.

Comment 3

[Alex Gaynor [:Alex_Gaynor]]

Hasn't been seen on nightly since that patch landed -- not 100% confidence since it's low volume, but I'm going to go ahead and dupe this.

Comment 4

[Chris Peterson [:cpeterson]]

Removing regressionwindow-wanted keyword because this bug has been resolved.

Comment 5

[Chris Peterson [:cpeterson]]

Removing regressionwindow-wanted keyword because this bug has been resolved.

Comment 6

[Chris Peterson [:cpeterson]]

Removing regressionwindow-wanted keyword because this bug has been resolved.