Crash in [@ InvalidArrayIndex_CRASH | gfxUserFontEntry::GetFamilyNameAndURIForLogging]
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox87 | --- | unaffected |
firefox88 | --- | unaffected |
firefox89 | --- | fixed |
People
(Reporter: calixte, Assigned: jfkthame)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
Crash report: https://crash-stats.mozilla.org/report/index/3c7e9329-42e2-4e52-9d44-bd7160210407
MOZ_CRASH Reason: ElementAt(aIndex = 6, aLength = 5)
Top 10 frames of crashing thread:
0 libxul.so InvalidArrayIndex_CRASH xpcom/ds/nsTArray.cpp:28
1 libxul.so gfxUserFontEntry::GetFamilyNameAndURIForLogging gfx/thebes/gfxUserFontSet.cpp:275
2 libxul.so mozilla::dom::FontFaceSet::LogMessage layout/style/FontFaceSet.cpp:1206
3 libxul.so gfxUserFontEntry::DoLoadNextSrc gfx/thebes/gfxUserFontSet.cpp:586
4 libxul.so gfxUserFontEntry::FontLoadFailed gfx/thebes/gfxUserFontSet.cpp:905
5 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:285
6 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:89
7 libxul.so nsCORSListenerProxy::OnStopRequest netwerk/protocol/http/nsCORSListenerProxy.cpp:610
8 libxul.so std::_Function_handler<void /builds/worker/fetches/clang/include/c++/7.4.0/bits/std_function.h:316
9 libxul.so mozilla::net::ChannelEventQueue::FlushQueue netwerk/ipc/ChannelEventQueue.cpp:90
There is 1 crash in nightly 89 with buildid 20210407094544. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1694123.
[1] https://hg.mozilla.org/mozilla-central/rev?node=43764851d067
Assignee | ||
Comment 1•3 years ago
|
||
Ahh... I guess it's possible for a font-load operation that ends up failing to race with a style update that ends up shortening the source list in the rule, and that could result in the index here being out of range by the time we try to log the message. We check for at the end, but not beyond it.
Assignee | ||
Comment 2•3 years ago
|
||
Updated•3 years ago
|
Pushed by jkew@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e31c17c4b0a5 Check for out-of-range source index when logging a font-load failure. r=emilio
Comment 4•3 years ago
|
||
bugherder |
Comment 5•3 years ago
|
||
I was looking at some old crashes, and it looks like this showed up on Android with a slightly different signature.
Updated•3 years ago
|
Description
•