Closed Bug 1545177 Opened 4 years ago Closed 4 years ago

Assertion failure: thisName.Equals(entryName), at /builds/worker/workspace/build/src/gfx/thebes/gfxUserFontSet.h:162

Categories

(Core :: Layout: Text and Fonts, defect, P3)

Product:
Core
Component:
Layout: Text and Fonts
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: jkratzer, Assigned: jfkthame)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [gfx-noted][wptsync upstream])

Attachments

(4 files)

testcase.html
333 bytes, text/html
Details
Bug 1545177 - If descriptors of a FontFace are modified after creation, update the associated font entry so that face selection will respect the new values, and mark font sets as dirty. r=heycam
47 bytes, text/x-phabricator-request
Details | Review
Bug 1545177 - Add crashtest. r=heycam
47 bytes, text/x-phabricator-request
Details | Review
Bug 1545177 - Add WPT test for modifications to FontFace descriptors after initial creation. r=heycam
47 bytes, text/x-phabricator-request
Details | Review
Attached file testcase.html

Testcase found while fuzzing mozilla-central rev bbca68b2af26.

Assertion failure: thisName.Equals(entryName), at /builds/worker/workspace/build/src/gfx/thebes/gfxUserFontSet.h:162

rax = 0x00005611faf59e20 rdx = 0x0000000000000000
rcx = 0x00007f3457e49dec rbx = 0x00007f344a1992c0
rsi = 0x00007f34630e88b0 rdi = 0x00007f34630e7680
rbp = 0x00007fff6b243930 rsp = 0x00007fff6b2438e0
r8 = 0x00007f34630e88b0 r9 = 0x00007f3464245740
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x00007fff6b2438e8 r13 = 0x00007fff6b2438f8
r14 = 0x00007f3448d04100 r15 = 0x00007fff6b243a68
rip = 0x00007f34531d361e
OS|Linux|0.0.0 Linux 4.18.0-17-generic #18~18.04.1-Ubuntu SMP Fri Mar 15 15:27:12 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|0
0|0|libxul.so|gfxUserFontFamily::AddFontEntry(gfxFontEntry*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxUserFontSet.h:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|162|0x38
0|1|libxul.so|gfxUserFontSet::AddUserFontEntry(nsTString<char> const&, gfxUserFontEntry*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxUserFontSet.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|937|0xb
0|2|libxul.so|mozilla::dom::FontFaceSet::InsertNonRuleFontFace(mozilla::dom::FontFace*, bool&)|hg:hg.mozilla.org/mozilla-central:layout/style/FontFaceSet.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|827|0x1f
0|3|libxul.so|mozilla::dom::FontFaceSet::UpdateRules(nsTArray<nsFontFaceRuleContainer> const&)|hg:hg.mozilla.org/mozilla-central:layout/style/FontFaceSet.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|734|0x13
0|4|libxul.so|mozilla::dom::Document::FlushUserFontSet()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|11868|0x17
0|5|libxul.so|mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|4113|0xd
0|6|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|1921|0xe
0|7|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|325|0xb
0|8|libxul.so|mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|342|0xf
0|9|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|708|0xf
0|10|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|603|0xf
0|11|libxul.so|mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&)|hg:hg.mozilla.org/mozilla-central:layout/ipc/VsyncChild.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|65|0x8
0|12|libxul.so|mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:77ce59d8b2c7052469c47c063657e9de1ccc8108986d35814c718a6919e13f00c69b96f485bc73c2590f51f3ea688a95fac179d8497a06fdf9265adfe5cefbb3/ipc/ipdl/PVsyncChild.cpp:|168|0xb
0|13|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|2151|0x6
0|14|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|2078|0xb
0|15|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|1937|0xb
0|16|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|1968|0xc
0|17|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|1180|0x15
0|18|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|486|0x11
0|19|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|88|0xa
0|20|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|315|0x17
0|21|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|290|0x8
0|22|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|137|0xd
0|23|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|919|0x11
0|24|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|238|0x5
0|25|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|315|0x17
0|26|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|290|0x8
0|27|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|757|0xc
0|28|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|56|0x14
0|29|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:bbca68b2af262ffbbf2e3a2d2e77a16c999f479a|263|0x11
0|30|libc-2.27.so|__libc_start_main|||0xe7
0|31|firefox-bin|_start|||0x29

Flags: in-testsuite?

Depends on D27980

Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Component: Graphics → Layout: Text and Fonts
Priority: -- → P3
Whiteboard: [gfx-noted]
Attachment #9059124 - Attachment description: Bug 1545177 - Ensure the family name stored in the gfxFontEntry is updated if the family descriptor of a FontFace is modified after creation. r=heycam → Bug 1545177 - If descriptors of a FontFace are modified after creation, ensure the obsolete user font entry is discarded, and any font sets using the face are marked dirty. r=heycam
Attachment #9059124 - Attachment description: Bug 1545177 - If descriptors of a FontFace are modified after creation, ensure the obsolete user font entry is discarded, and any font sets using the face are marked dirty. r=heycam → Bug 1545177 - If descriptors of a FontFace are modified after creation, update the associated font entry so that face selection will respect the new values, and mark font sets as dirty. r=heycam
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3a8c6048c5d0
If descriptors of a FontFace are modified after creation, update the associated font entry so that face selection will respect the new values, and mark font sets as dirty. r=heycam
https://hg.mozilla.org/integration/autoland/rev/9b9b19e53c3e
Add WPT test for modifications to FontFace descriptors after initial creation. r=heycam
https://hg.mozilla.org/integration/autoland/rev/81ac850f683c
Add crashtest. r=heycam
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/16872 for changes under testing/web-platform/tests
Whiteboard: [gfx-noted] → [gfx-noted][wptsync upstream]
status-firefox67: --- → wontfix
status-firefox-esr60: --- → wontfix
Flags: in-testsuite? → in-testsuite+
Regressions: 1580690
Regressions: 1588418
You need to log in before you can comment on or make changes to this bug.