Closed
Bug 418384
Opened 17 years ago
Closed 17 years ago
crash [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
Categories
(Core :: Graphics, defect, P2)
Tracking
()
VERIFIED
FIXED
People
(Reporter: samuel.sidler+old, Assigned: pavlov)
References
()
Details
(Keywords: crash, topcrash, Whiteboard: [needs minidump])
Crash Data
Attachments
(4 files, 2 obsolete files)
|
109 bytes,
text/html
|
Details | |
|
4.54 KB,
text/plain
|
Details | |
|
1.69 KB,
patch
|
Details | Diff | Splinter Review | |
|
6.99 KB,
patch
|
vlad
:
review+
beltzner
:
approval1.9b5+
|
Details | Diff | Splinter Review |
Firefox 3 beta 3 has a new topcrash. This still occurs on the trunk and appears
to be Windows-only.
See also: bp-20c7d41c-dedb-11dc-91aa-001a4bd43e5c
Crashing Thread
Frame Signature Source
0 ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)
1 otlResourceMgr::getOtlTable(long, unsigned char const**, unsigned char const**)
2 SubstituteOtlChars(otlRunProp const*, otlList*, otlFeatureSet const*, otlList const*, otlList*, otlList*, otlList*)
3 OtlShape(HDC__*, void**, unsigned short const*, int, int, tag_SCRIPT_ANALYSIS*, unsigned short*, unsigned short*, tag_SCRIPT_VISATTR*, int*)
4 UniscribeItem::Shape() mozilla/gfx/thebes/src/gfxWindowsFonts.cpp:939
5 gfxWindowsFontGroup::InitTextRunUniscribe(gfxContext*, gfxTextRun*, unsigned short const*, unsigned int) mozilla/gfx/thebes/src/gfxWindowsFonts.cpp:1695
6 gfxWindowsFontGroup::InitTextRunGDI(gfxContext*, gfxTextRun*, unsigned short const*, unsigned int) mozilla/gfx/thebes/src/gfxWindowsFonts.cpp:745
7 gfxWindowsFontGroup::MakeTextRun(unsigned short const*, unsigned int, gfxTextRunFactory::Parameters const*, unsigned int) mozilla/gfx/thebes/src/gfxWindowsFonts.cpp:570
8 TextRunWordCache::MakeTextRun(unsigned short const*, unsigned int, gfxFontGroup*, gfxTextRunFactory::Parameters const*, unsigned int) mozilla/gfx/thebes/src/gfxTextRunWordCache.cpp:526
9 gfxTextRunWordCache::MakeTextRun(unsigned short const*, unsigned int, gfxFontGroup*, gfxTextRunFactory::Parameters const*, unsigned int) mozilla/gfx/thebes/src/gfxTextRunWordCache.cpp:779
10 MakeTextRun mozilla/layout/generic/nsTextFrameThebes.cpp:387
11 BuildTextRunsScanner::BuildTextRunForFrames(void*) mozilla/layout/generic/nsTextFrameThebes.cpp:1603
12 BuildTextRunsScanner::FlushFrames(int, int) mozilla/layout/generic/nsTextFrameThebes.cpp:1053
13 BuildTextRuns mozilla/layout/generic/nsTextFrameThebes.cpp:992
14 nsTextFrame::EnsureTextRun(gfxContext*, nsIFrame*, nsLineList_iterator const*, unsigned int*) mozilla/layout/generic/nsTextFrameThebes.cpp:1786
15 nsTextFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsTextFrameThebes.cpp:5306
16 nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, int&) mozilla/layout/generic/nsLineLayout.cpp:856
17 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) mozilla/layout/generic/nsBlockFrame.cpp:3607
18 nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, int*, LineReflowStatus*, int) mozilla/layout/generic/nsBlockFrame.cpp:3429
19 nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3278
20 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2335
21 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
22 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
23 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
24 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3017
25 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2282
26 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
27 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
28 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
29 nsBlockFrame::ReflowFloat(nsBlockReflowState&, nsPlaceholderFrame*, nsMargin&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:5693
30 nsBlockReflowState::FlowAndPlaceFloat(nsFloatCache*, int*, unsigned int&, int) mozilla/layout/generic/nsBlockReflowState.cpp:756
31 nsBlockReflowState::AddFloat(nsLineLayout&, nsPlaceholderFrame*, int, unsigned int&) mozilla/layout/generic/nsBlockReflowState.cpp:556
32 nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, int&) mozilla/layout/generic/nsLineLayout.cpp:880
33 nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) mozilla/layout/generic/nsBlockFrame.cpp:3607
34 nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, int*, LineReflowStatus*, int) mozilla/layout/generic/nsBlockFrame.cpp:3429
35 nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3278
36 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2335
37 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
38 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
39 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
40 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3017
41 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2282
42 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
43 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
44 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
45 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3017
46 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2282
47 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
48 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
49 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
50 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3017
51 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2282
52 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
53 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
54 nsBlockReflowContext::ReflowBlock(nsRect const&, int, nsCollapsingMargin&, int, int, nsMargin&, nsLineBox*, nsHTMLReflowState&, unsigned int&, nsBlockReflowState&) mozilla/layout/generic/nsBlockReflowContext.cpp:339
55 nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:3017
56 nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, int*) mozilla/layout/generic/nsBlockFrame.cpp:2282
57 nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) mozilla/layout/generic/nsBlockFrame.cpp:1897
58 nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsBlockFrame.cpp:936
59 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) mozilla/layout/generic/nsContainerFrame.cpp:755
60 CanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsHTMLFrame.cpp:584
61 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) mozilla/layout/generic/nsContainerFrame.cpp:755
62 nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState*, int, int, nsHTMLReflowMetrics*, int) mozilla/layout/generic/nsGfxScrollFrame.cpp:485
63 nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) mozilla/layout/generic/nsGfxScrollFrame.cpp:569
64 nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsGfxScrollFrame.cpp:770
65 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) mozilla/layout/generic/nsContainerFrame.cpp:755
66 ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) mozilla/layout/generic/nsViewportFrame.cpp:286
67 PresShell::DoReflow(nsIFrame*) mozilla/layout/base/nsPresShell.cpp:6197
68 PresShell::ProcessReflowCommands(int) mozilla/layout/base/nsPresShell.cpp:6302
69 PresShell::DoFlushPendingNotifications(mozFlushType, int) mozilla/layout/base/nsPresShell.cpp:4510
70 PresShell::ReflowEvent::Run() mozilla/layout/base/nsPresShell.cpp:6064
71 nsThread::ProcessNextEvent(int, int*) mozilla/xpcom/threads/nsThread.cpp:510
72 NS_ProcessNextEvent_P(nsIThread*, int) nsThreadUtils.cpp:227
73 nsBaseAppShell::Run() mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:154
74 nsAppStartup::Run() mozilla/toolkit/components/startup/src/nsAppStartup.cpp:181
75 PR_GetEnv
76 NS_internal_main(int, char**) mozilla/browser/app/nsBrowserApp.cpp:158
77 wmain mozilla/toolkit/xre/nsWindowsWMain.cpp:55
78 __tmainCRTStartup crtexe.c:594
79 BaseProcessStart
Flags: blocking1.9?
|
Reporter | |
Updated•17 years ago
|
Priority: -- → P2
|
|
||
Updated•17 years ago
|
Flags: tracking1.9? → blocking1.9?
|
Assignee | |
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9-
|
||
Comment 1•17 years ago
|
||
have we been able to dig out any useful comments?
we should try and finish the analysis of this top 10 crash before we minus it.
Flags: blocking1.9- → blocking1.9?
This crash is inside uniscribe, and by the stack, I could guess it's due to a corrupt font. The only analysis I can think of to do would be to extract email addresses of the people who have hit this crash, figure out if there are one or two people who are constantly hitting it, and then email them asking for help. But for now, minusing (again), until/unless we get more information.
Flags: blocking1.9? → blocking1.9-
|
|
||
Comment 3•17 years ago
|
||
I'm not sure there is a way to dig e-mail addresses out of breakpad yet.
There were a couple of what look like test pages mentioned in comments that might be useful in trying to debug.
http://404.jodi.org/cgi-bin/bcd.cgi
http://404.jodi.org/bcd
a lot going on on the pages/site, but I couldn't turn any of it into crashes using winxp
Build identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3
every report we have for this bug indicates its on Windows NT 5.1.2600 Service Pack 2
Yeah, I think you'd need to ask luser or one of the other siccoro folks to look inside the db for the email addresses. For SP2, that either means that it's just that that's our most common OS, or that the version of Uniscribe that SP2 has has a bug (that's been fixed since)..
w/ access to a dump I'd expect we can figure out the name of the font, which should also work.
|
||
Comment 6•17 years ago
|
||
Protip: I don't have access to the db. Ask IT.
|
|
||
Updated•17 years ago
|
Whiteboard: [needs minidump]
Ok, I'm getting this crash a lot so I can provide an example font AND a steps to reproduce AND a testcase.
So the font that keeps crashing for me is Fontin. Currently using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4
The steps to reproduce:
1) Download and install the Opentype version (not the TrueType) version of Fontin from: http://www.josbuivenga.demon.nl/fontin.html
2) Either: a) Set Fontin as your default font in Tools>Options>Content and visit http://www.w3.org/Style/Examples/007/fonts or b) click on the testcase.(Weirdly, sometimes the testcase doesn't crash immediately when loading off my desktop and renders funny instead, in that case, just minimize and maximize your browser, switch tabs or change fontsize... instant crash.)
3) Crash.
I'm pretty sure there are other fonts out there, I'll see if it happens with any other OpenType fonts. But Fontin for sure crashes.
Ok, additional notes:
Crashes even with a completely clean profile.
Crashes also with the OpenType Delicious font from that site... but not on OpenType fonts from Adobe.
Hot. Thanks! Stuart, can you take a look at this?
Assignee: nobody → pavlov
Flags: blocking1.9- → blocking1.9+
|
|
||
Comment 10•17 years ago
|
||
Ha! it would help if I could use the right font name in the testcase.
Attachment #308567 -
Attachment is obsolete: true
|
||
Comment 11•17 years ago
|
||
cww: you should be able to get line numbers for the crashing frame using http://developer.mozilla.org/en/docs/How_to_get_a_stacktrace_with_WinDbg
although hopefully this is now easily reproducable (thanks)
|
|
||
Comment 12•17 years ago
|
||
Ok, here's what happens with a clean profile, clicking on testcase.
Attachment #308668 -
Attachment mime type: application/octet-stream → text/plain
|
|
Assignee | |
Comment 13•17 years ago
|
||
i have a sort of fix for this but want to fix it properly as part of a bigger patch. thanks for finding a font that breaks!
|
|
||
Comment 14•17 years ago
|
||
btw: someone should create a reduced testcase and file a bug against microsoft. microsoft.public.windbg has people who can gateway reports.
|
|
Assignee | |
Comment 15•17 years ago
|
||
yeah, i have some uniscribe test code around here somewhere. i'll post it or something
|
||
Comment 17•17 years ago
|
||
I removed both these fonts from my comp and rebooted and I'm still getting the same issue. So there must be a lot of OpenType fonts that have this problem. I remember a problem like this with early builds of Safari 3 and it went haywire when you had a lot of fonts installed.
|
|
Assignee | |
Comment 18•17 years ago
|
||
this will fix the crash, but i'd like to make it a a bit smarter...
|
|
Assignee | |
Comment 19•17 years ago
|
||
We already force GDI usage (over Uniscribe) for Type1 fonts, and the fonts that fail to place using Uniscribe will render properly if sent through GDI so force them to go through that route as well.
Attachment #310935 -
Flags: review?(vladimir)
|
|
Assignee | |
Comment 20•17 years ago
|
||
We already force GDI usage (over Uniscribe) for Type1 fonts, and the fonts that fail to place using Uniscribe will render properly if sent through GDI so force them to go through that route as well.
Attachment #310936 -
Flags: review?(vladimir)
Comment on attachment 310936 [details] [diff] [review]
v1.0
Looks fine, but get rid of the printf()
Attachment #310936 -
Flags: review?(vladimir) → review+
|
|
Assignee | |
Updated•17 years ago
|
Attachment #310935 -
Attachment is obsolete: true
Attachment #310935 -
Flags: review?(vladimir)
|
|
Assignee | |
Updated•17 years ago
|
Attachment #310936 -
Flags: approval1.9b5?
|
||
Comment 22•17 years ago
|
||
Comment on attachment 310936 [details] [diff] [review]
v1.0
a=beltzner
Attachment #310936 -
Flags: approval1.9b5? → approval1.9b5+
|
|
Assignee | |
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
||
Comment 23•17 years ago
|
||
verified fixed using the testcase from comment #10 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008041217 Minefield/3.0pre ID:2008041217. No crash on testcase -> Verified fixed
Status: RESOLVED → VERIFIED
|
||
Updated•14 years ago
|
Crash Signature: [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
You need to log in
before you can comment on or make changes to this bug.
Description
•