Crash in [@ arena_dalloc | gfxFcPlatformFontList::ReadSystemFontList::$_0::operator()]
Categories
(Core :: Graphics: Text, defect, P3)
Tracking
()
People
(Reporter: lizzard, Assigned: lsalzman)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
jcristau
:
approval-mozilla-release+
jcristau
:
approval-mozilla-esr68+
|
Details | Review |
This bug is for crash report bp-975d398c-708e-4bc3-b054-ef1520190521.
Early results from the initial nightly 69 builds. Low volume so far.
Top 10 frames of crashing thread:
0 firefox-bin arena_dalloc memory/build/mozjemalloc.cpp:3283
1 libxul.so gfxFcPlatformFontList::ReadSystemFontList const gfx/thebes/gfxFcPlatformFontList.cpp:1659
2 libxul.so void gfxFontconfigFontFamily::AddFacesToFontList<gfxFcPlatformFontList::ReadSystemFontList gfx/thebes/gfxFcPlatformFontList.cpp:1366
3 libxul.so gfxFcPlatformFontList::ReadSystemFontList gfx/thebes/gfxFcPlatformFontList.cpp:1650
4 libxul.so mozilla::dom::ContentParent::InitInternal dom/ipc/ContentParent.cpp:2389
5 libxul.so mozilla::dom::ContentParent::LaunchSubprocessInternal const dom/ipc/ContentParent.cpp:2145
6 libxul.so mozilla::dom::ContentParent::LaunchSubprocessInternal dom/ipc/ContentParent.cpp:2184
7 libxul.so mozilla::dom::ContentParent::GetNewOrUsedBrowserProcess dom/ipc/ContentParent.cpp:898
8 libxul.so mozilla::dom::ContentParent::CreateBrowser dom/ipc/ContentParent.cpp:1142
9 libxul.so nsFrameLoader::TryRemoteBrowser dom/base/nsFrameLoader.cpp:2736
|
||
Updated•6 years ago
|
|
Assignee | |
Comment 2•6 years ago
|
||
It looks like all these reports are coming from one single ancient Linux installation (kernel 3.13). Other than that, it just looks like Fontconfig is handing off some bad data to us, which may be related to the weird/ancient Linux setup of this user. Offhand, I am not sure there is anything we can do about it right now.
|
||
Comment 3•6 years ago
|
||
this crash is showing up more commonly with the [@ free | gfxFcPlatformFontList::ReadSystemFontList::$_0::operator() ] signature which seems to be newly regressing in 68. could this be related to bug 1514869?
|
||
Comment 4•6 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
|
||
Comment 6•6 years ago
|
||
(In reply to Lee Salzman [:lsalzman] from comment #2)
It looks like all these reports are coming from one single ancient Linux installation (kernel 3.13). Other than that, it just looks like Fontconfig is handing off some bad data to us, which may be related to the weird/ancient Linux setup of this user. Offhand, I am not sure there is anything we can do about it right now.
We're getting some reports from other 3.x kernels as well; I've seen 3.2.0, 3.8.0, 3.11.0, and maybe more. I think it's quite likely this relates to old fontconfig versions, but we really should try to figure out what's breaking and how we can work around it (and why it's spiking...)
|
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 7•6 years ago
•
|
||
I tracked this down to a patch in bug 1514869 causing us to erroneously free Fontconfig data that we should not be freeing... Oops. This will cause us to crash pretty badly on any Fontconfig version < 2.9.
|
|
Assignee | |
Comment 8•6 years ago
|
||
|
||
Comment 10•6 years ago
|
||
|
|
Assignee | |
Comment 11•6 years ago
|
||
Comment on attachment 9078320 [details]
Bug 1553228 - Don't free result of FcPatternGetString. r?jfkthame
Beta/Release Uplift Approval Request
- User impact if declined: Consistent start-up crashes on older Linux distros (i.e. Ubuntu 12.04)
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Just removes a free() of memory that was never supposed to be freed.
- String changes made/needed:
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Consistent start-up crashes on older Linux distros (i.e. Ubuntu 12.04)
- User impact if declined:
- Fix Landed on Version:
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Just removes a free() of memory that was never supposed to be freed.
- String or UUID changes made by this patch:
|
||
Comment 12•6 years ago
|
||
| bugherder | ||
|
|
||
Updated•6 years ago
|
|
||
Comment 13•6 years ago
•
|
||
Comment on attachment 9078320 [details]
Bug 1553228 - Don't free result of FcPatternGetString. r?jfkthame
linux crash fix, approved for 69.0b6, 68.0.1, 68.1esr
|
||
Comment 14•6 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 15•6 years ago
|
||
| bugherder uplift | ||
|
||
Comment 16•6 years ago
|
||
Per discussion with jcristau, we're uplifting this to 68.0.1esr also to maintain parity with the non-ESR 68.0.1 release and hopefully avoid some confusion.
|
|
||
Comment 17•6 years ago
|
||
| uplift | ||
default (68.1esr): https://hg.mozilla.org/releases/mozilla-esr68/rev/f5a32a8e545a11a3086b2ece93c6c60c16eadf4f
FIREFOX_ESR_68_0_X_RELBRANCH (68.0.1esr): https://hg.mozilla.org/releases/mozilla-esr68/rev/7202b37a05ff486a2932e1dd1d65fbbb8df25e5e
|
|
||
Updated•3 years ago
|
Description
•