Closed Bug 1672931 Opened 4 years ago Closed 4 years ago

Crash in [@ mozilla::fontlist::FontList::FindFamily]

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
All
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
84 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox81 --- unaffected
firefox82 --- unaffected
firefox83 --- wontfix
firefox84 --- fixed

People

(Reporter: aryx, Assigned: jfkthame)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1672931 - Bail out of InitSharedFontListForPlatform before attempting to look up substitutions, if we failed to initialize the list at all. r=lsalzman
47 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/ed3c9432-f90b-4522-8efd-9bdd90201023

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll mozilla::fontlist::FontList::FindFamily gfx/thebes/SharedFontList.cpp:924
1 xul.dll gfxDWriteFontList::GetDirectWriteSubstitutes gfx/thebes/gfxDWriteFontList.cpp:1812
2 xul.dll gfxDWriteFontList::InitSharedFontListForPlatform gfx/thebes/gfxDWriteFontList.cpp:1434
3 xul.dll gfxPlatformFontList::InitFontList gfx/thebes/gfxPlatformFontList.cpp:497
4 xul.dll gfxWindowsPlatform::CreatePlatformFontList gfx/thebes/gfxWindowsPlatform.cpp:569
5 xul.dll static gfxPlatform::Init gfx/thebes/gfxPlatform.cpp:991
6 xul.dll static gfxPlatform::InitChild gfx/thebes/gfxPlatform.cpp:525
7 xul.dll mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes dom/ipc/ContentChild.cpp:628
8 xul.dll mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:11306
9 xul.dll mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2074
Severity: -- → S3

Ah, I see how this could happen: if the parent process failed to initialize the shared list for any reason, and falls back to an in-process font list, then content processes will crash here because GetDirectWriteSubstitutes (and GetFontSubstitutes, which follows) will attempt family-name lookups, but the list isn't valid. So we should bail out before calling those functions, as the content process is also going to have to fall back to a non-shared list anyway.

Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dd8ad0c23114
Bail out of InitSharedFontListForPlatform before attempting to look up substitutions, if we failed to initialize the list at all. r=lsalzman

https://hg.mozilla.org/mozilla-central/rev/dd8ad0c23114

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox84: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 84 Branch

The patch landed in nightly and beta is affected.
:jfkthame, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(jfkthame)

This is preffed-off by default from late-beta onwards, so probably not important to uplift at this point.

status-firefox83: affectedwontfix
Flags: needinfo?(jfkthame)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: