Firefox/SeaMonkey hangs when visiting that site (stacktrace shows functions in gfxWindowsTextRun)

RESOLVED FIXED

Status

()

--
major
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: mcsmurf, Assigned: pavlov)

Tracking

({perf, platform-parity, regression})

Trunk
x86
Windows 2000
perf, platform-parity, regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments, 1 obsolete attachment)

(Reporter)

Description

12 years ago
To reproduce fetch a trunk build and look at the attached testcase. It won't be a minimal testcase since the HTML is not that easy to simplify and maybe a simple testcase is not necessary here.
Firefox hangs with roughly 90-100% CPU usage, the GUI is not responsive anymore. When breaking in a debugger a stacktrace like this comes out (it's always similar to this one, the gfxWindowsTextRun:: frames stay):
>	thebes.dll!gfxWindowsTextRun::MeasureOrDrawUniscribe(gfxContext * aContext=0x04c74038, int aDraw=0, gfxPoint pt={...})  Line 763 + 0x3a bytes	C++
 	thebes.dll!gfxWindowsTextRun::Measure(gfxContext * aContext=0x04c74038)  Line 456 + 0x18 bytes	C++
 	gkgfxthebes.dll!nsThebesFontMetrics::GetWidth(const unsigned short * aString=0x04dd64c8, unsigned int aLength=66456696, int & aWidth=65700968, int * aFontID=0x00000000, nsThebesRenderingContext * aContext=0x04f9b848)  Line 309 + 0xe bytes	C++
 	gkgfxthebes.dll!nsThebesRenderingContext::GetWidth(const unsigned short * aString=0x04dd64c8, unsigned int aLength=9, int & aWidth=65700968, int * aFontID=0x00000000)  Line 1189	C++
 	gklayout.dll!nsImageFrame::MeasureString(const unsigned short * aString=0x00000001, int aLength=18, int aMaxWidth=1785, unsigned int & aMaxFit=0, nsIRenderingContext & aContext={...})  Line 1037	C++
 	gklayout.dll!nsImageFrame::DisplayAltText(nsPresContext * aPresContext=0x03867d28, nsIRenderingContext & aRenderingContext={...}, const nsString & aAltText={...}, const nsRect & aRect={...})  Line 1104	C++
 	gklayout.dll!nsImageFrame::DisplayAltFeedback(nsIRenderingContext & aRenderingContext={...}, imgIRequest * aRequest=0x04f70490, nsPoint aPt={...})  Line 1224	C++
 	gklayout.dll!PaintAltFeedback(nsIFrame * aFrame=0x03ea8468, nsIRenderingContext * aCtx=0x04f9b84c, const nsRect & aDirtyRect={...}, nsPoint aPt={...})  Line 1239	C++
 	gklayout.dll!nsDisplayGeneric::Paint(nsDisplayListBuilder * aBuilder=0x0012f794, nsIRenderingContext * aCtx=0x04f9b84c, const nsRect & aDirtyRect={...})  Line 805 + 0x23 bytes	C++
 	gklayout.dll!nsDisplayList::Paint(nsDisplayListBuilder * aBuilder=0x0012f794, nsIRenderingContext * aCtx=0x04f9b84c, const nsRect & aDirtyRect={...})  Line 304 + 0x13 bytes	C++

If someone can reproduce this bug, a profile would be nice.
(Reporter)

Comment 1

12 years ago
Created attachment 223811 [details]
Required image
(Reporter)

Comment 2

12 years ago
Created attachment 223812 [details]
Testcase (might hang your browser)
(Reporter)

Updated

12 years ago
Attachment #223812 - Attachment description: Testcase → Testcase (might hang your browser)
(Reporter)

Updated

12 years ago
Attachment #223812 - Attachment mime type: text/plain → text/html
It has not always been that way. It worked well in 1.9a1_2006030212 (verified cairo) but in 1.9a1_2006030220 it hangs.
(Reporter)

Comment 4

12 years ago
This bug here could then be caused by Bug 329170.
This doesn't seem to be an issue on Linux, so bug 334719 does look like a likely cause...
Blocks: 329170, 334719
Flags: blocking1.9a1?
Keywords: perf, pp, regression
(Assignee)

Updated

12 years ago
No longer blocks: 329170
(Assignee)

Comment 7

12 years ago
Created attachment 223844 [details] [diff] [review]
fix

we were passing in (unsigned int)-1 to alpha_blend as the width and it was getting upset ending us up with a cairo_nil_surface
Assignee: nobody → pavlov
Status: NEW → ASSIGNED
Attachment #223844 - Flags: review?(vladimir)
Comment on attachment 223844 [details] [diff] [review]
fix

just do | if (src_x >= src->extents.width) return CAIRO_STATUS_SUCCESS; | and similar for src_y/height before the subtraction happens; moving the unisgned ints into longs loses us potential precision (since it halves the max size for width/height on platforms where sizeof(int) == sizeof(long)).
Attachment #223844 - Flags: review?(vladimir) → review-
(Assignee)

Comment 9

12 years ago
Created attachment 228192 [details] [diff] [review]
fix2
Attachment #223844 - Attachment is obsolete: true
Attachment #228192 - Flags: review?(vladimir)
(Assignee)

Updated

12 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.