Closed
Bug 390234
Opened 17 years ago
Closed 17 years ago
Trunk mac-only topcrash at TextRunWordCache::CacheHashEntry::KeyEquals(TextRunWordCache::CacheHashKey const*) const
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha8
People
(Reporter: benjamin, Assigned: roc)
References
Details
(Keywords: crash, regression, topcrash)
Attachments
(1 file)
|
9.47 KB,
patch
|
vlad
:
review+
|
Details | Diff | Splinter Review |
There is a new trunk topcrash at TextRunWordCache::CacheHashEntry::KeyEquals(TextRunWordCache::CacheHashKey const*) const: mac-only, and appeared around 7/16 http://crash-stats.mozilla.com/report/list?range_unit=weeks&branch=1.9&range_value=2&signature=TextRunWordCache%3A%3ACacheHashEntry%3A%3AKeyEquals(TextRunWordCache%3A%3ACacheHashKey+const*)+const definitely a blocker-not sure whether it should block M7
Flags: blocking1.9+
|
||
Comment 1•17 years ago
|
||
Bonsai: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-07-18+03&maxdate=2007-07-19+06&cvsroot=%2Fcvsroot Looks like a regression from either bug 364786 or bug 364300.
|
Assignee | |
Comment 2•17 years ago
|
||
How are we going to fix this without a testcase? (I don't think I've seen it)
|
||
Comment 3•17 years ago
|
||
I think we can ship this in an alpha, especially given the absence of clear STR or a testcase...
Target Milestone: mozilla1.9 M7 → mozilla1.9 M8
It's often possible to fix topcrash bugs given stack + local variables.
|
||
Comment 5•17 years ago
|
||
al might have a test case, see bug #390736
|
|
||
Comment 7•17 years ago
|
||
from that bug, al writes: Steps to Reproduce 1. Open the History Sidebar. 2. Change view to 'Most Visited' there. 3. Grab the scroll bar for the History Sidebar and drag it up and down over and over again (you have to have a big enough history for this to work).
|
||
Comment 8•17 years ago
|
||
I hit this using today's build. I was scrolling rapidly through the Error Console, and then it crashed.
|
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → roc
|
||
Comment 9•17 years ago
|
||
Crashed while scrolling slowly through this table: http://keryx.se/resources/html-elements.xhtml Latest Camino trunk build, 10.4.10 ppc.
|
|
Assignee | |
Comment 10•17 years ago
|
||
What was happening is that ATSUI font fallback was creating textruns with multiple glyphruns, each with the same mFont. gfxTextRunWordCache::GetFontOrGroup was interpreting this as "must use group to index the cache, not font". But when we copy that textrun glyph data to the final textrun that actaully gets associated with the cache entry, that copy was coalescing all the glyphruns into one, and when we look up the copy in the cache, GetFontOrGroup was returning "must use the font to index the cache" and so we weren't finding the textrun's cache entry so we ended up with cache entries with dangling textrun pointers. This patch fixes the bug by having gfxTextRun::SortGlyphRuns coalesce glyph runs with the same font so we get into the canonical form we expect. The patch also adds some assertions to check that textrun construction has put glyphruns in canonical form. More importantly, it adds debug code to detect whenever a textrun has not been fully removed from the cache --- which makes these sorts of bugs much easier to detect and track down.
Attachment #277984 -
Flags: review?(vladimir)
Attachment #277984 -
Flags: review?(vladimir) → review+
|
|
Assignee | |
Comment 11•17 years ago
|
||
checked in
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 12•17 years ago
|
||
This is verified. My old test case doesn't crash and it used to be fairly easy to do.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•