Closed Bug 1684846 Opened 3 years ago Closed 3 years ago

Geckoview example crashes when loading mozilla.org

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox84 --- unaffected
firefox85 --- unaffected
firefox86 --- fixed

People

(Reporter: jnicol, Assigned: jfkthame)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1684846 - Bail out of font-info loader if the platform doesn't actually care about loading any info. r=lsalzman
48 bytes, text/x-phabricator-request
Details | Review

Occurs on both emulator and device. Happens on mozilla.org but not on other websites I tested, such as bbc.co.uk.

Mozregression gives this: bug 1669855

Backtrace:

RefPtr<FontInfoData>::operator->() const RefPtr.h:314
gfxPlatformFontList::InitLoader() gfxPlatformFontList.cpp:2269
gfxFontInfoLoader::StartLoader(unsigned int) gfxFontInfoLoader.cpp:198
gfxPlatformFontList::InitOtherFamilyNamesInternal(bool) gfxPlatformFontList.cpp:2536
gfxPlatformFontList::InitOtherFamilyNamesRunnable::Run() gfxPlatformFontList.h:536
mozilla::RunnableTask::Run() TaskController.cpp:459
mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) TaskController.cpp:739
mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) TaskController.cpp:621
mozilla::TaskController::ProcessPendingMTTask(bool) TaskController.cpp:382
mozilla::TaskController::InitializeInternal()::$_3::operator()() const TaskController.cpp:123
mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() nsThreadUtils.h:534
nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:1200
NS_ProcessNextEvent(nsIThread*, bool) nsThreadUtils.cpp:548
mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) MessagePump.cpp:87
MessageLoop::RunInternal() message_loop.cc:334
MessageLoop::RunHandler() message_loop.cc:327
MessageLoop::Run() message_loop.cc:309
nsBaseAppShell::Run() nsBaseAppShell.cpp:137
nsAppStartup::Run() nsAppStartup.cpp:271
XREMain::XRE_mainRun() nsAppRunner.cpp:5138
XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:5330
XRE_main(int, char**, mozilla::BootstrapConfig const&) nsAppRunner.cpp:5389
::GeckoStart(JNIEnv *, char **, int, const mozilla::StaticXREAppData &) nsAndroidStartup.cpp:38
mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&) Bootstrap.cpp:77
::Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun(JNIEnv *, jclass, jobjectArray, int, int, int, int, int) APKOpen.cpp:375
nativeRun 0x000075f6e135ddc3
art_quick_invoke_static_stub 0x000075f6f9243597
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x000075f6f925146d
art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::DexFile::CodeItem const*, art::ShadowFrame*, art::JValue*) 0x000075f6f941cb80
bool art::interpreter::DoCall<true, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x000075f6f9416402
bool art::interpreter::DoInvoke<(art::InvokeType)0, true, false>(art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*) 0x000075f6f944f223
art::JValue art::interpreter::ExecuteSwitchImpl<false, false>(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x000075f6f943f798
art::interpreter::Execute(art::Thread*, art::DexFile::CodeItem const*, art::ShadowFrame&, art::JValue, bool) 0x000075f6f93ed0c3
artQuickToInterpreterBridge 0x000075f6f9716461
art_quick_to_interpreter_bridge 0x000075f6f924dcdd
art_quick_invoke_stub 0x000075f6f9243235
art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*) 0x000075f6f9251448
art::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::ArgArray*, art::JValue*, char const*) 0x000075f6f95e20e8
art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue*) 0x000075f6f95e36ea
art::Thread::CreateCallback(void*) 0x000075f6f9604eee
__pthread_start(void*) 0x000075f6fa3f9772
__start_thread 0x000075f6fa3999ec
__bionic_clone 0x000075f6fa38ca66
Flags: needinfo?(jfkthame)

Set release status flags based on info from the regressing bug 1669855

status-firefox84: --- → unaffected
status-firefox85: --- → unaffected
status-firefox86: --- → affected
status-firefox-esr78: --- → unaffected

Oh, I see.... the Android platform doesn't have an override of CreateFontInfoData(), as it doesn't care about any auxiliary info loaded this way, and so the mFontInfo field remains null. In that case the loader we're trying to trigger should just bail out, there's nothing to do.

(At a glance, it looks like it might be possible to trigger this on Linux, too; the same fix will ensure it's also safe there.)

Flags: needinfo?(jfkthame)
Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/585c85986b92
Bail out of font-info loader if the platform doesn't actually care about loading any info. r=lsalzman
Crash Signature: [@ gfxPlatformFontList::GetFontFamilyNames]

https://hg.mozilla.org/mozilla-central/rev/585c85986b92

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox86: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch

I just got this crash by opening 360.cn website.
I had about 31 tabs opened, uBlock origin add-on installed and enabled, I was signed in with a valid account.
I tried to re-open Fenix, but until I closed the 360.cn website, I couldn't.
Disabling the uBlock origin add-on, let me use the app without issues.

https://crash-stats.mozilla.org/report/index/7558457d-f83a-4a3c-84a8-7344c0210105
https://crash-stats.mozilla.org/report/index/7eebbf03-51f3-46f9-abef-63c6e0210105

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

(In reply to miralobontiu from comment #7)

I just got this crash by opening 360.cn website.
I had about 31 tabs opened, uBlock origin add-on installed and enabled, I was signed in with a valid account.
I tried to re-open Fenix, but until I closed the 360.cn website, I couldn't.
Disabling the uBlock origin add-on, let me use the app without issues.

https://crash-stats.mozilla.org/report/index/7558457d-f83a-4a3c-84a8-7344c0210105
https://crash-stats.mozilla.org/report/index/7eebbf03-51f3-46f9-abef-63c6e0210105

The patch here landed on 2021-01-05, but your crash reports are for a build from 2021-01-03, which means it did not include this fix.

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
Resolution: --- → FIXED
Crash Signature: [@ gfxPlatformFontList::GetFontFamilyNames] → [@ gfxPlatformFontList::GetFontFamilyNames] [@ nsTArray_Impl<T>::AppendElementInternal<T> | gfxPlatformFontList::GetFontFamilyNames]
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: