1896647 - Crash in [@ strlen | _cairo_output_stream_vprintf]

Status: RESOLVED DUPLICATE of bug 1896173

(Core :: Graphics, defect)

Description

[BugBot [:suhaib / :marco/ :calixte]]

Crash report: https://crash-stats.mozilla.org/report/index/5bdd70fd-6762-4f67-9e05-be8930240509

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  ucrtbase.dll  strlen  
1  xul.dll  _cairo_output_stream_vprintf  gfx/cairo/cairo/src/cairo-output-stream.c:512
2  xul.dll  _cairo_output_stream_printf  gfx/cairo/cairo/src/cairo-output-stream.c:545
3  xul.dll  _cairo_pdf_operators_tag_begin  gfx/cairo/cairo/src/cairo-pdf-operators.c:1572
4  xul.dll  _cairo_pdf_interchange_command_id  gfx/cairo/cairo/src/cairo-pdf-interchange.c:2048
5  xul.dll  _cairo_recording_surface_replay_internal  gfx/cairo/cairo/src/cairo-recording-surface.c:2115
6  xul.dll  _cairo_recording_surface_replay_region  gfx/cairo/cairo/src/cairo-recording-surface.c:2598
7  xul.dll  _paint_page  gfx/cairo/cairo/src/cairo-paginated-surface.c:484
8  xul.dll  _cairo_paginated_surface_show_page  gfx/cairo/cairo/src/cairo-paginated-surface.c:602
9  xul.dll  _moz_cairo_surface_show_page  gfx/cairo/cairo/src/cairo-surface.c:2583

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

• First crash report: 2024-05-09
• Process type: Parent
• Is startup crash: No
• Has user comments: No
• Is null crash: Yes - all crashes happened on null or near null memory address

By analyzing the backtrace, the regression may have been introduced by a patch [1] to fix Bug 1892913.

[1] https://hg.mozilla.org/mozilla-central/rev?node=3cdfb39376b7

:jfkthame, since you are the author of the potential regressor, could you please take a look?

Comment 1

[Jonathan Kew [:jfkthame]]

Looks like a dupe of 1896173, recently found by the fuzzers.