Closed Bug 1656017 Opened 4 years ago Closed 4 years ago

Assertion failure: faceMap, at /builds/worker/checkouts/gecko/gfx/thebes/SharedFontList.cpp:483

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox79 --- unaffected
firefox80 --- unaffected
firefox81 --- fixed

People

(Reporter: jkratzer, Assigned: jfkthame)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression, Whiteboard: [fuzzblocker])

Attachments

(2 files)

prefs.js
7.64 KB, application/x-javascript
Details
Bug 1656017 - Don't assert on possible failures in InitializeFamily, just return safely and leave the family empty. r=jwatt
47 bytes, text/x-phabricator-request
Details | Review
Attached file prefs.js

Found while fuzzing mozilla-central rev 3059084abf6e (built with --enable-debug) with the pref gfx.e10s.font-list.shared enabled. Firefox must be run using XVFB in order to trigger. Further, I am only able to reproduce this issue on my local machine. I've tried several other instances of Ubuntu 18 without luck.

I bisected this bug to the following build range:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=c8f201bd3c0c551f8735a4a6a8ed9bcd34052af2&tochange=2f8d4f1f660836c1c7b71a573dfe015694d30c86

It appears that this may be a regression from bug 1647573 or bug 1648355.

Assertion failure: faceMap, at /builds/worker/checkouts/gecko/gfx/thebes/SharedFontList.cpp:483

#0 0x7f399829c10e in AnnotateMozCrashReason /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:42:19
#1 0x7f399829c10e in mozilla::fontlist::Family::SetupFamilyCharMap(mozilla::fontlist::FontList*) /builds/worker/checkouts/gecko/gfx/thebes/SharedFontList.cpp:483:5
#2 0x7f39982f5ce4 in gfxPlatformFontList::InitializeFamily(mozilla::fontlist::Family*, bool) /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatformFontList.cpp:1341:14
#3 0x7f399829ba5f in mozilla::fontlist::Family::SearchAllFontsForChar(mozilla::fontlist::FontList*, GlobalFontMatch*) /builds/worker/checkouts/gecko/gfx/thebes/SharedFontList.cpp:354:51
#4 0x7f399830a720 in FindFallbackFaceForChar /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:2801:12
#5 0x7f399830a720 in gfxFontGroup::FindFallbackFaceForChar(gfxFontGroup::FamilyFace const&, unsigned int) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:2812:12
#6 0x7f3998308144 in gfxFontGroup::FindFontForChar(unsigned int, unsigned int, unsigned int, mozilla::unicode::Script, gfxFont*, FontMatchType*) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp
#7 0x7f399831d2e9 in void gfxFontGroup::ComputeRanges<char16_t>(nsTArray<gfxFontGroup::TextRange>&, char16_t const*, unsigned int, mozilla::unicode::Script, mozilla::gfx::ShapedTextFlags) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:3186:11
#8 0x7f399831b9ee in void gfxFontGroup::InitScriptRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, gfxMissingFontRecorder*) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:2567:3
#9 0x7f3998309f24 in void gfxFontGroup::InitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, gfxMissingFontRecorder*) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:2489:9
#10 0x7f3998309a7a in gfxFontGroup::MakeTextRun(char16_t const*, unsigned int, gfxTextRunFactory::Parameters const*, mozilla::gfx::ShapedTextFlags, nsTextFrameUtils::Flags, gfxMissingFontRecorder*) /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:2361:3
#11 0x7f399b4e5936 in BuildTextRunsScanner::BuildTextRunForFrames(void*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:2536:28
#12 0x7f399b4e3015 in BuildTextRunsScanner::FlushFrames(bool, bool) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1649:17
#13 0x7f399b4e9e1e in BuildTextRuns /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1573:11
#14 0x7f399b4e9e1e in nsTextFrame::EnsureTextRun(nsTextFrame::TextRunType, mozilla::gfx::DrawTarget*, nsIFrame*, nsLineList_iterator const*, unsigned int*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:2990:7
#15 0x7f399b50302d in nsTextFrame::AddInlinePrefISizeForFlow(gfxContext*, nsIFrame::InlinePrefISizeData*, nsTextFrame::TextRunType) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:8476:7
#16 0x7f399b5039e2 in nsTextFrame::AddInlinePrefISize(gfxContext*, nsIFrame::InlinePrefISizeData*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:8614:10
#17 0x7f399b3ade41 in nsBlockFrame::GetPrefISize(gfxContext*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:898:16
#18 0x7f399b47e9d7 in nsIFrame::RefreshSizeCache(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsIFrame.cpp:9889:11
#19 0x7f399b47f9fd in nsIFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsIFrame.cpp:9960:5
#20 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#21 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#22 0x7f399b41e616 in nsXULScrollFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:1678:41
#23 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#24 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#25 0x7f399b5da6ff in nsBoxFrame::GetPrefISize(gfxContext*) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:421:21
#26 0x7f399b34bb81 in nsLayoutUtils::IntrinsicForAxis(mozilla::PhysicalAxis, gfxContext*, nsIFrame*, nsLayoutUtils::IntrinsicISizeType, mozilla::Maybe<mozilla::LogicalSize> const&, unsigned int, int) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:5725:45
#27 0x7f399b4478eb in ContentContribution(nsGridContainerFrame::GridItemInfo const&, nsGridContainerFrame::GridReflowInput const&, gfxContext*, mozilla::WritingMode, mozilla::LogicalAxis, mozilla::Maybe<mozilla::LogicalSize> const&, nsLayoutUtils::IntrinsicISizeType, int, unsigned int) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:5146:18
#28 0x7f399b443afb in MaxContentContribution(nsGridContainerFrame::GridItemInfo const&, nsGridContainerFrame::GridReflowInput const&, gfxContext*, mozilla::WritingMode, mozilla::LogicalAxis, CachedIntrinsicSizes*) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:5319:15
#29 0x7f399b4434d5 in nsGridContainerFrame::Tracks::ResolveIntrinsicSizeStep1(nsGridContainerFrame::GridReflowInput&, nsGridContainerFrame::TrackSizingFunctions const&, int, nsGridContainerFrame::SizingConstraint, nsGridContainerFrame::LineRange const&, nsGridContainerFrame::GridItemInfo const&) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:5470:13
#30 0x7f399b4410c8 in nsGridContainerFrame::Tracks::ResolveIntrinsicSize(nsGridContainerFrame::GridReflowInput&, nsTArray<nsGridContainerFrame::GridItemInfo>&, nsGridContainerFrame::TrackSizingFunctions const&, nsGridContainerFrame::LineRange nsGridContainerFrame::GridArea::*, int, nsGridContainerFrame::SizingConstraint) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:6132:11
#31 0x7f399b4366e5 in CalculateSizes /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:5409:3
#32 0x7f399b4366e5 in nsGridContainerFrame::GridReflowInput::CalculateTrackSizesForAxis(mozilla::LogicalAxis, nsGridContainerFrame::Grid const&, int, nsGridContainerFrame::SizingConstraint) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:3642:12
#33 0x7f399b45a285 in nsGridContainerFrame::IntrinsicISize(gfxContext*, nsLayoutUtils::IntrinsicISizeType) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:9191:9
#34 0x7f399b45ad38 in nsGridContainerFrame::GetPrefISize(gfxContext*) /builds/worker/checkouts/gecko/layout/generic/nsGridContainerFrame.cpp:9230:30
#35 0x7f399b47e9d7 in nsIFrame::RefreshSizeCache(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsIFrame.cpp:9889:11
#36 0x7f399b47f9fd in nsIFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsIFrame.cpp:9960:5
#37 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#38 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#39 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#40 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#41 0x7f399b41e616 in nsXULScrollFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:1678:41
#42 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#43 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#44 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#45 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#46 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#47 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#48 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#49 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#50 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#51 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#52 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#53 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#54 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#55 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#56 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#57 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#58 0x7f399b60a0b5 in nsSprocketLayout::GetXULPrefSize(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:1215:28
#59 0x7f399b5dafc2 in nsBoxFrame::GetXULPrefSize(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:566:43
#60 0x7f399b6099dd in nsSprocketLayout::PopulateBoxSizes(nsIFrame*, nsBoxLayoutState&, nsBoxSize*&, int&, int&, int&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:668:21
#61 0x7f399b607efe in nsSprocketLayout::XULLayout(nsIFrame*, nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsSprocketLayout.cpp:195:3
#62 0x7f399b5db403 in nsBoxFrame::DoXULLayout(nsBoxLayoutState&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:679:26
#63 0x7f399b5dac67 in XULLayout /builds/worker/checkouts/gecko/layout/xul/nsBox.cpp:251:8
#64 0x7f399b5dac67 in nsBoxFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/xul/nsBoxFrame.cpp:512:3
#65 0x7f399b3bedd9 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /builds/worker/checkouts/gecko/layout/generic/nsBlockReflowContext.cpp:294:11
#66 0x7f399b3bad18 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:3761:11
#67 0x7f399b3b8aa6 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:3110:5
#68 0x7f399b3b39cd in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:2648:7
#69 0x7f399b3af958 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:1365:3
#70 0x7f399b3d75c0 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1076:14
#71 0x7f399b3d6916 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsCanvasFrame.cpp:749:5
#72 0x7f399b3a5358 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1116:14
#73 0x7f399b3a4eba in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/ViewportFrame.cpp:297:7
#74 0x7f399b2afd2f in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9602:11
#75 0x7f399b2b980e in mozilla::PresShell::ProcessReflowCommands(bool) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9775:24
#76 0x7f399b2b8ef6 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4233:11
#77 0x7f399b284068 in FlushPendingNotifications /builds/worker/workspace/obj-build/dist/include/mozilla/PresShell.h:1421:5
#78 0x7f399b284068 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2064:20
#79 0x7f399b28bd9e in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:373:13
#80 0x7f399b28bd9e in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:350:7
#81 0x7f399b28bc10 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:367:5
#82 0x7f399b29138b in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:819:5
#83 0x7f399b29138b in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:737:16
#84 0x7f399b290c4f in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:639:7
#85 0x7f399b289d8d in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:538:20
#86 0x7f39967261a4 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:242:16
#87 0x7f3996723f6d in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:512:26
#88 0x7f3996722d54 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:371:15
#89 0x7f3996722f46 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:168:36
#90 0x7f399672ab66 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:83:37
#91 0x7f399672ab66 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
#92 0x7f399673e909 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1234:14
#93 0x7f399674442a in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:513:10
#94 0x7f399705058f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
#95 0x7f3996fc1843 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#96 0x7f3996fc175d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#97 0x7f3996fc175d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#98 0x7f399b009f48 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#99 0x7f399c70b0fe in nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:270:30
#100 0x7f399c8199aa in XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:4778:22
#101 0x7f399c81ac78 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:4968:8
#102 0x7f399c81b610 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5022:21
#103 0x563b4c675ec4 in do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:217:22
#104 0x563b4c675ec4 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:331:16
#105 0x7f39b1cd4b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
Flags: needinfo?(jfkthame)
Whiteboard: [fuzzblocker]

This would be from bug 1648355, though I haven't yet dug in to figure out why you're hitting it.

Flags: needinfo?(jfkthame)
Regressed by: 1648355
Has Regression Range: --- → yes

A pernosco session for this issue can be found at the following URL:
https://pernos.co/debug/rjsJoRGR7_4k54zjSXDx4Q/index.html

OK, I see what's happening here: when gfxPlatformFontList::InitializeFamily is called with aLoadCmaps=true, it then unconditionally calls SetupFamilyCharMap (unless initialization failed); and SetupFamilyCharMap assumes all faces have their mCharacterMap pointer set. But this may not actually be true, in the case of non-OpenType fonts where ReadCMAP will fail; in this case the font entry just keeps an (empty) map and we don't set up mCharacterMap on the shared Face record.

I checked the above pernosco session, and indeed, the issue is arising when it tries to look at a legacy Type-1 (non-OpenType) font (Nimbus Sans L, to be exact) during font fallback.

So we shouldn't assert here, we should just bail out safely from SetupFamilyCharMap when the faces don't have mCharacterMap pointers.

Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Blocks: 1533462

Set release status flags based on info from the regressing bug 1648355

status-firefox79: --- → unaffected
status-firefox80: --- → unaffected
status-firefox-esr68: --- → unaffected
status-firefox-esr78: --- → unaffected
Pushed by jkew@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/949cf077f748 Don't assert on possible failures in InitializeFamily, just return safely and leave the family empty. r=jwatt

https://hg.mozilla.org/mozilla-central/rev/949cf077f748

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox81: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: