1581466 - Crash in [@ _cairo_dwrite_font_face_scaled_font_create]

Status: RESOLVED FIXED

(Core :: Graphics: Text, defect)

Description

[Calixte Denizet (:calixte)]

This bug is for crash report bp-1a683a8d-a7d4-45f5-bf52-806d60190915.

Top 10 frames of crashing thread:

0 xul.dll static _cairo_status _cairo_dwrite_font_face_scaled_font_create gfx/cairo/cairo/src/cairo-dwrite-font.cpp:462
1 xul.dll _moz_cairo_scaled_font_create gfx/cairo/cairo/src/cairo-scaled-font.c:1053
2 xul.dll static _cairo_status _cairo_gstate_ensure_scaled_font gfx/cairo/cairo/src/cairo-gstate.c:1808
3 xul.dll _cairo_gstate_glyph_extents gfx/cairo/cairo/src/cairo-gstate.c:1886
4 xul.dll _moz_cairo_glyph_extents gfx/cairo/cairo/src/cairo.c:3394
5 xul.dll void mozilla::gfx::DrawTargetCairo::GetGlyphRasterizationMetrics gfx/2d/DrawTargetCairo.cpp:1593
6 xul.dll gfxFont::SetupGlyphExtents gfx/thebes/gfxFont.cpp:3384
7 xul.dll gfxTextRun::FetchGlyphExtents gfx/thebes/gfxTextRun.cpp:1607
8 xul.dll gfxFontGroup::MakeTextRun gfx/thebes/gfxTextRun.cpp:2254
9 xul.dll BuildTextRunsScanner::BuildTextRunForFrames layout/generic/nsTextFrame.cpp:2499

There are 452 crashes (from 151 installations) in nightly 71 starting with buildid 20190915093655. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1547063.

[1] https://hg.mozilla.org/mozilla-central/rev?node=003f5a79c6a7

Comment 1

[Marcia Knous [:marcia]]

Marking as sec sensitive based on the presence of possible UAF signatures, such as https://crash-stats.mozilla.org/report/index/91901957-6f32-4ce9-b678-f5f390190916.

Comment 2

[Lee Salzman [:lsalzman]]

Bug 1547063 was already backed out, so there's no more issue.

Comment 3

[Lee Salzman [:lsalzman]]

The reland of bug 1547063 will also have a fix for this issue included.