Closed Bug 1575474 Opened 5 years ago Closed 4 years ago

Selecting font crashes (segfault) firefox on wayland

Categories

(Core :: Widget: Gtk, defect, P2)

Product:
Core
Component:
Widget: Gtk
Version:
70 Branch
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: layus, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

crash-trace-verbose-wayland.log
240.42 KB, text/plain
Details
moz-log-widget
1.11 MB, text/plain
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Open the "default font" dropdown in the settings page ("Preferences" > "General"> "Language and Appearance" > "Fonts and Colors" > "Default font")

Actual results:

Firefox crashed with the following error message. At least the error is quite explicit. It looks like the number of fonts requires a too large surface to be created. Not to sure about the internal details of the issue beyond that.

(firefox:25203): Gdk-CRITICAL **: 10:05:30.566: ../gdk/wayland/gdkdisplay-wayland.c:1399: Unable to create Cairo image surface: invalid value (typically too big) for the size of the input (surface, pattern, etc.)
Exiting due to channel error.
Exiting due to channel error.
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=258.095) Exiting due to channel error.
zsh: segmentation fault  firefox
Exiting due to channel error.

Expected results:

Well, no segfault, and no crash, just the normal dropdown.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core
Blocks: wayland
Priority: -- → P2

Can you please run with WAYLAND_DEBUG=1 env variable set and attach the log here?
Thanks.

Flags: needinfo?(layus.on)

Here is the interesting part, starting from the click on the select list. Full log attached.

[2218040,794] wl_pointer@11.button(152239, 1119348341, 272, 1)
[2218040,829] wl_pointer@11.frame()
[2218052,067]  -> wl_surface@39.damage_buffer(881, 57, 222, 40)
[2218052,824]  -> wl_surface@39.damage_buffer(531, 791, 288, 41)
[2218052,966]  -> wl_surface@39.frame(new id wl_callback@65)
[2218053,025]  -> wl_surface@39.attach(wl_buffer@52, 0, 0)
[2218053,105]  -> wl_surface@39.commit()
[2218053,155]  -> wl_display@1.sync(new id wl_callback@111)
[2218055,917] wl_display@1.delete_id(111)
[2218056,004] wl_buffer@52.release()
[2218056,055] wl_callback@111.done(152239)
[2218088,292]  -> wl_surface@66.set_buffer_scale(1)
[2218088,350]  -> wl_surface@66.frame(new id wl_callback@111)
[2218088,379]  -> xdg_wm_base@27.create_positioner(new id xdg_positioner@110)
[2218088,387]  -> xdg_positioner@110.set_size(280, 32766)
[2218088,394]  -> xdg_positioner@110.set_anchor_rect(535, 828, 280, 32766)
[2218088,405]  -> xdg_positioner@110.set_offset(0, 0)
[2218088,412]  -> xdg_positioner@110.set_anchor(5)
[2218088,418]  -> xdg_positioner@110.set_gravity(8)
[2218088,423]  -> xdg_positioner@110.set_constraint_adjustment(63)
[2218088,431]  -> xdg_wm_base@27.get_xdg_surface(new id xdg_surface@109, wl_surface@66)
[2218088,441]  -> xdg_surface@109.get_popup(new id xdg_popup@108, xdg_surface@40, xdg_positioner@110)
[2218088,452]  -> xdg_positioner@110.destroy()
[2218088,458]  -> wl_surface@66.commit()
[2218099,576] wl_display@1.delete_id(65)
[2218099,792]  -> wl_shm@45.create_pool(new id wl_shm_pool@107, fd 42, 36697920)
[2218099,820]  -> wl_shm_pool@107.create_buffer(new id wl_buffer@106, 0, 280, 32766, 1120, 0)
[2218099,917] wl_display@1.delete_id(110)
[2218099,931] wl_surface@66.enter(wl_output@25)
[2218099,972] xdg_popup@108.configure(535, -21, 280, 63612)
[2218100,023]  -> wl_surface@66.set_buffer_scale(1)
[2218100,074] xdg_surface@109.configure(152240)
[2218100,087]  -> xdg_surface@109.ack_configure(152240)
[2218100,298]  -> wl_shm@4.create_pool(new id wl_shm_pool@110, fd 43, 71245440)
[2218100,314]  -> wl_shm_pool@110.create_buffer(new id wl_buffer@105, 0, 280, 63612, 1120, 0)

(firefox:9101): Gdk-CRITICAL **: 10:41:44.213: ../gdk/wayland/gdkdisplay-wayland.c:1400: Unable to create Cairo image surface: invalid value (typically too big) for the size of the input (surface, pattern, etc.)
Exiting due to channel error.
Exiting due to channel error.
Flags: needinfo?(layus.on)

I guess it relates to https://gitlab.gnome.org/GNOME/gtk/issues/1896.

Flags: needinfo?(stransky)

This one looks even closer, but has no comments: https://gitlab.gnome.org/GNOME/gtk/issues/1332

Thanks a lot. Looks like underlying GtkWindow is created so big, nsWindow::Create should be involved here.
Please run with MOZ_LOG="Widget:5, WidgetWayland:5" env variable (without WAYLAND_DEBUG) and attach the log here, we need to check how is the widget/window created.
Thanks.

(In reply to Guillaume Maudoux [:layus] from comment #5)

I guess it relates to https://gitlab.gnome.org/GNOME/gtk/issues/1896.

You're right, that's it. We may add a workaround on Firefox side to trim maximal GtkWindow size here, the widget log from comment 7 should help me to diagnose it better.

Flags: needinfo?(stransky) → needinfo?(layus.on)
Attached file moz-log-widget

Here is the asked log. A bit longuer, not sure what part is relevant.

Flags: needinfo?(layus.on) → needinfo?(stransky)

This appears to be solved in the recent 72 release. I could not test in the 71 release because of another bug.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
status-firefox72: --- → fixed
Resolution: --- → WONTFIX
Version: 68 Branch → 70 Branch

Okay, Thanks.

Flags: needinfo?(stransky)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: