Closed Bug 1581466 Opened 10 months ago Closed 10 months ago

Crash in [@ _cairo_dwrite_font_face_scaled_font_create]

Categories

(Core :: Graphics: Text, defect)

71 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- unaffected
firefox71 blocking fixed

People

(Reporter: calixte, Unassigned)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression, topcrash)

Crash Data

This bug is for crash report bp-1a683a8d-a7d4-45f5-bf52-806d60190915.

Top 10 frames of crashing thread:

0 xul.dll static _cairo_status _cairo_dwrite_font_face_scaled_font_create gfx/cairo/cairo/src/cairo-dwrite-font.cpp:462
1 xul.dll _moz_cairo_scaled_font_create gfx/cairo/cairo/src/cairo-scaled-font.c:1053
2 xul.dll static _cairo_status _cairo_gstate_ensure_scaled_font gfx/cairo/cairo/src/cairo-gstate.c:1808
3 xul.dll _cairo_gstate_glyph_extents gfx/cairo/cairo/src/cairo-gstate.c:1886
4 xul.dll _moz_cairo_glyph_extents gfx/cairo/cairo/src/cairo.c:3394
5 xul.dll void mozilla::gfx::DrawTargetCairo::GetGlyphRasterizationMetrics gfx/2d/DrawTargetCairo.cpp:1593
6 xul.dll gfxFont::SetupGlyphExtents gfx/thebes/gfxFont.cpp:3384
7 xul.dll gfxTextRun::FetchGlyphExtents gfx/thebes/gfxTextRun.cpp:1607
8 xul.dll gfxFontGroup::MakeTextRun gfx/thebes/gfxTextRun.cpp:2254
9 xul.dll BuildTextRunsScanner::BuildTextRunForFrames layout/generic/nsTextFrame.cpp:2499

There are 452 crashes (from 151 installations) in nightly 71 starting with buildid 20190915093655. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1547063.

[1] https://hg.mozilla.org/mozilla-central/rev?node=003f5a79c6a7

Flags: needinfo?(lsalzman)

Marking as sec sensitive based on the presence of possible UAF signatures, such as https://crash-stats.mozilla.org/report/index/91901957-6f32-4ce9-b678-f5f390190916.

Group: gfx-core-security

Bug 1547063 was already backed out, so there's no more issue.

Flags: needinfo?(lsalzman)

The reland of bug 1547063 will also have a fix for this issue included.

Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Group: gfx-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.