Closed Bug 1890204 Opened 8 months ago Closed 8 months ago

Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.h:541:37 in GetFontExtents | single tracking bug

Categories

(Core :: Graphics: Text, defect)

defect

Tracking

()

RESOLVED FIXED
126 Branch
Tracking Status
firefox-esr115 --- wontfix
firefox124 --- wontfix
firefox125 --- wontfix
firefox126 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jfkthame)

References

Details

(4 keywords, Whiteboard: [adv-main126+r])

Attachments

(2 files)

Filed by: imoraru [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=453837083&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/fmS2vRGPSS-5UnyrHYuKNg/runs/0/artifacts/public/logs/live_backing.log


TEST-START | /html/canvas/offscreen/manual/draw-generic-family/2d.text.draw.generic.family.w.html
PID 25154 | ==================
PID 25154 | WARNING: ThreadSanitizer: data race (pid=25387)
PID 25154 |   Read of size 2 at 0x7b5400002748 by thread T24:
PID 25154 |     #0 GetFontExtents /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.h:541:37 (libxul.so+0x45d1eaf) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #1 gfxFont::Draw(gfxTextRun const*, unsigned int, unsigned int, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>*, TextRunDrawParams&, mozilla::gfx::ShapedTextFlags) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:2520:46 (libxul.so+0x45d1eaf)
PID 25154 |     #2 DrawGlyphs /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:435:10 (libxul.so+0x4642d34) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #3 gfxTextRun::Draw(gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>, gfxTextRun::DrawParams const&) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:689:5 (libxul.so+0x4642d34)
PID 25154 |     #4 mozilla::dom::CanvasBidiProcessor::DrawText(int) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4617:15 (libxul.so+0x5dc0b9e) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #5 nsBidiPresUtils::ProcessSimpleRun(char16_t const*, unsigned long, mozilla::intl::BidiEmbeddingLevel, nsPresContext*, nsBidiPresUtils::BidiProcessor&, nsBidiPresUtils::Mode, nsBidiPositionResolve*, int, int*) /builds/worker/checkouts/gecko/layout/base/nsBidiPresUtils.cpp:2405:16 (libxul.so+0x81b6f90) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
[...]
PID 25154 |   Previous write of size 2 at 0x7b5400002748 by main thread:
PID 25154 |     #0 gfxFontEntry::UnitsPerEm() /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:272:17 (libxul.so+0x45d5476) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #1 gfxFontEntry::TryGetSVGData(gfxFont const*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:326:9 (libxul.so+0x45d291e) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #2 gfxFont::SetupGlyphExtents(mozilla::gfx::DrawTarget*, unsigned int, bool, gfxGlyphExtents*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4045:19 (libxul.so+0x45e30d8) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #3 gfxGlyphExtents::GetTightGlyphExtentsAppUnitsLocked(gfxFont*, mozilla::gfx::DrawTarget*, unsigned int, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, double>*) /builds/worker/checkouts/gecko/gfx/thebes/gfxGlyphExtents.cpp:56:12 (libxul.so+0x461e5a2) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #4 gfxFont::MeasureGlyphs(gfxTextRun const*, unsigned int, unsigned int, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxFont::Spacing*, gfxGlyphExtents*, bool, bool, gfxFont::RunMetrics&, double*, double*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:2886:26 (libxul.so+0x45d7537) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #5 gfxFont::Measure(gfxTextRun const*, unsigned int, unsigned int, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxFont::Spacing*, mozilla::gfx::ShapedTextFlags) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:3094:26 (libxul.so+0x45d81f3) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #6 gfxTextRun::AccumulateMetricsForRun(gfxFont*, gfxTextRun::Range, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxTextRun::PropertyProvider const*, gfxTextRun::Range, mozilla::gfx::ShapedTextFlags, gfxFont::RunMetrics*) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:766:28 (libxul.so+0x4643e77) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #7 gfxTextRun::MeasureText(gfxTextRun::Range, gfxFont::BoundingBoxType, mozilla::gfx::DrawTarget*, gfxTextRun::PropertyProvider const*) const /builds/worker/checkouts/gecko/gfx/thebes/gfxTextRun.cpp:832:5 (libxul.so+0x46431f2) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #8 MeasureText /builds/worker/workspace/obj-build/dist/include/gfxTextRun.h:317:12 (libxul.so+0x5dbfc8d) (BuildId: 2558a0b4024a1b90194f92d1f32b4055e65de840)
PID 25154 |     #9 mozilla::dom::CanvasBidiProcessor::GetWidth() /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4431:52 (libxul.so+0x5dbfc8d)
Group: core-security → gfx-core-security
Component: Graphics → Graphics: Text
Duplicate of this bug: 1890248

This means that by the time we potentially call GetFontExtents() when drawing,
the extents fields are guaranteed to have been been initialized, and there's no
risk of the (read-only) access here racing with setting them in UnitsPerEm().

Assignee: nobody → jfkthame
Status: NEW → ASSIGNED

Hmm, tryserver didn't like this.... will look at the failures, and adjust.

Pushed by jkew@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2c0b934193cb Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman
Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → 126 Branch
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Whiteboard: [adv-main126+r]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: