Closed
Bug 1890204
Opened 8 months ago
Closed 8 months ago
Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.h:541:37 in GetFontExtents | single tracking bug
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
FIXED
126 Branch
People
(Reporter: intermittent-bug-filer, Assigned: jfkthame)
References
Details
(4 keywords, Whiteboard: [adv-main126+r])
Attachments
(2 files)
Filed by: imoraru [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=453837083&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/fmS2vRGPSS-5UnyrHYuKNg/runs/0/artifacts/public/logs/live_backing.log
TEST-START | /html/canvas/offscreen/manual/draw-generic-family/2d.text.draw.generic.family.w.html
PID 25154 | ==================
PID 25154 | WARNING: ThreadSanitizer: data race (pid=25387)
PID 25154 | Read of size 2 at 0x7b5400002748 by thread T24:
PID 25154 | #0 GetFontExtents /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.h:541:37 (libxul.so+0x45d1eaf) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #1 gfxFont::Draw(gfxTextRun const*, unsigned int, unsigned int, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>*, TextRunDrawParams&, mozilla::gfx::ShapedTextFlags) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:2520:46 (libxul.so+0x45d1eaf)
PID 25154 | #2 DrawGlyphs /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:435:10 (libxul.so+0x4642d34) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #3 gfxTextRun::Draw(gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>, gfxTextRun::DrawParams const&) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:689:5 (libxul.so+0x4642d34)
PID 25154 | #4 mozilla::dom::CanvasBidiProcessor::DrawText(int) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4617:15 (libxul.so+0x5dc0b9e) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #5 nsBidiPresUtils::ProcessSimpleRun(char16_t const*, unsigned long, mozilla::intl::BidiEmbeddingLevel, nsPresContext*, nsBidiPresUtils::BidiProcessor&, nsBidiPresUtils::Mode, nsBidiPositionResolve*, int, int*) /builds/worker/checkouts/gecko/layout/base/nsBidiPresUtils.cpp:2405:16 (libxul.so+0x81b6f90) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
[...]
PID 25154 | Previous write of size 2 at 0x7b5400002748 by main thread:
PID 25154 | #0 gfxFontEntry::UnitsPerEm() /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:272:17 (libxul.so+0x45d5476) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #1 gfxFontEntry::TryGetSVGData(gfxFont const*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:326:9 (libxul.so+0x45d291e) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #2 gfxFont::SetupGlyphExtents(mozilla::gfx::DrawTarget*, unsigned int, bool, gfxGlyphExtents*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4045:19 (libxul.so+0x45e30d8) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #3 gfxGlyphExtents::GetTightGlyphExtentsAppUnitsLocked(gfxFont*, mozilla::gfx::DrawTarget*, unsigned int, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, double>*) /builds/worker/checkouts/gecko/gfx/thebes/gfxGlyphExtents.cpp:56:12 (libxul.so+0x461e5a2) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #4 gfxFont::MeasureGlyphs(gfxTextRun const*, unsigned int, unsigned int, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxFont::Spacing*, gfxGlyphExtents*, bool, bool, gfxFont::RunMetrics&, double*, double*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:2886:26 (libxul.so+0x45d7537) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #5 gfxFont::Measure(gfxTextRun const*, unsigned int, unsigned int, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxFont::Spacing*, mozilla::gfx::ShapedTextFlags) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:3094:26 (libxul.so+0x45d81f3) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #6 gfxTextRun::AccumulateMetricsForRun(gfxFont*, gfxTextRun::Range, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxTextRun::PropertyProvider const*, gfxTextRun::Range, mozilla::gfx::ShapedTextFlags, gfxFont::RunMetrics*) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:766:28 (libxul.so+0x4643e77) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #7 gfxTextRun::MeasureText(gfxTextRun::Range, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxTextRun::PropertyProvider const*) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:832:5 (libxul.so+0x46431f2) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #8 MeasureText /builds/worker/workspace/obj-build/dist/include/gfxTextRun.h:317:12 (libxul.so+0x5dbfc8d) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 | #9 mozilla::dom::CanvasBidiProcessor::GetWidth() /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4431:52 (libxul.so+0x5dbfc8d)
Updated•8 months ago
|
Group: core-security → gfx-core-security
Component: Graphics → Graphics: Text
Keywords: csectype-race,
sec-moderate
Comment 1•8 months ago
|
||
Assignee | ||
Comment 3•8 months ago
|
||
This means that by the time we potentially call GetFontExtents() when drawing,
the extents fields are guaranteed to have been been initialized, and there's no
risk of the (read-only) access here racing with setting them in UnitsPerEm().
Updated•8 months ago
|
Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•8 months ago
|
||
Hmm, tryserver didn't like this.... will look at the failures, and adjust.
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2c0b934193cb
Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman
Comment 6•8 months ago
|
||
Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
status-firefox126:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 126 Branch
Updated•8 months ago
|
status-firefox124:
--- → wontfix
status-firefox125:
--- → wontfix
status-firefox-esr115:
--- → wontfix
Updated•8 months ago
|
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Updated•7 months ago
|
Whiteboard: [adv-main126+r]
Updated•3 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•