Open Bug 1869079 Opened 5 months ago Updated 4 months ago

Crash in [@ cf2_buf_readByte] from LoadFTGlyph

Categories

(Core :: Graphics: Text, defect)

Product:
Core
Component:
Graphics: Text
Type:
defect

Tracking

()

People

(Reporter: mccr8, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/a0342e8e-e027-45e7-85c0-692540231204

Reason: SIGBUS / BUS_ADRERR

Top 10 frames of crashing thread:

0  libfreetype.so.6  cf2_buf_readByte  src/psaux/psread.c:93
0  libfreetype.so.6  cf2_interpT2CharString  src/psaux/psintrp.c:642
1  libfreetype.so.6  cf2_getGlyphOutline  src/psaux/psfont.c:527
1  libfreetype.so.6  cf2_decoder_parse_charstrings  src/psaux/psft.c:435
2  libfreetype.so.6  cff_slot_load  src/cff/cffgload.c:441
3  libfreetype.so.6  FT_Load_Glyph  src/base/ftobjs.c:949
4  libxul.so  mozilla::gfx::Factory::LoadFTGlyph  gfx/2d/Factory.cpp:741
5  libxul.so  gfxFT2FontBase::GetFTGlyphExtents const  gfx/thebes/gfxFT2FontBase.cpp:660
6  libxul.so  gfxFT2FontBase::GetCachedGlyphMetrics const  gfx/thebes/gfxFT2FontBase.cpp:753
6  libxul.so  nsBaseHashtable<nsIntegralHashKey<unsigned int, 0>, gfxFT2FontBase::GlyphMetrics, gfxFT2FontBase::GlyphMetrics, nsDefaultConverter<gfxFT2FontBase::GlyphMetrics, gfxFT2FontBase::GlyphMetrics> >::EntryHandle::OrInsertWith<gfxFT2FontBase::GetCachedGlyphMetrics  xpcom/ds/nsBaseHashtable.h:726

Some kind of crash inside Linux font code. I see gfxFT2FontBase::GetCachedGlyphMetrics() in the stack twice but maybe that's normal. Lots of crashes from individual installations, but I do see a few different install times on Nightly and I don't see this much on other branches, so maybe there's a regression?

Summary: Crash in [@ cf2_buf_readByte] → Crash in [@ cf2_buf_readByte] from LoadFTGlyph

(In reply to Andrew McCreight [:mccr8] from comment #0)

I see gfxFT2FontBase::GetCachedGlyphMetrics() in the stack twice but maybe that's normal.

Yeah, I think that's fine - one stack frame is for GetCachedGlyphMetrics itself, and one is for the anonymous closure it uses at https://hg.mozilla.org/mozilla-central/file/8e959a7ded5f111e711c06a6728f76d3bd660699/gfx/thebes/gfxFT2FontBase.cpp#l750.

This is presumably a FreeType bug, most likely triggered by something anomalous in a specific font file. If it's a locally-installed font, and it's crashing the local distro version of freetype, there's not much we can do about it; OTOH if it's a webfont resource, then ideally OTS should be detecting whatever's broken about it and either fixing it or blocking the resource.

The severity field is not set for this bug.
:lsalzman, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(lsalzman)
Severity: -- → S3
Flags: needinfo?(lsalzman)
You need to log in before you can comment on or make changes to this bug.