424566 - topcrashes [@ Compare] called from gfxWindowsPlatform::FindFontForCharProc

Status: RESOLVED FIXED

(Core :: Graphics, defect, P1)

Description

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

The other font topcrashes (bug 424165) are fixed in today's builds, but there's one new one.

There are a bunch of null-dereferences (actually, crash accessing 0x4) at the following stack:

0  	Compare(nsAString_internal const&, nsAString_internal const&, nsStringComparator const&)  	 mozilla/xpcom/string/src/nsTStringComparator.cpp:49
1 	gfxWindowsPlatform::FindFontForCharProc(nsAString_internal const&, nsRefPtr<FontFamily>&, void*) 	mozilla/gfx/thebes/src/gfxWindowsPlatform.cpp:629
2 	nsBaseHashtable<nsStringHashKey, nsRefPtr<FontFamily>, nsRefPtr<FontFamily> >::s_EnumStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) 	nsBaseHashtable.h:346
3 	PL_DHashTableEnumerate 	pldhash.c:724
4 	nsBaseHashtable<nsStringHashKey, nsRefPtr<FontFamily>, nsRefPtr<FontFamily> >::Enumerate(PLDHashOperator (*)(nsAString_internal const&, nsRefPtr<FontFamily>&, void*), void*) 	nsBaseHashtable.h:221
5 	gfxWindowsPlatform::FindFontForChar(unsigned int, gfxWindowsFont*) 	mozilla/gfx/thebes/src/gfxWindowsPlatform.cpp:649

These were introduced in 2008-03-22 builds:

http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&range_unit=weeks&version=Firefox%3A3.0b5pre&signature=Compare(nsAString_internal+const%26%2C+nsAString_internal+const%26%2C+nsStringComparator+const%26)&range_value=2

Comment 1

[Stuart Parmenter]

Attachment: fix

big thakns to vlad for spotting that you could end up with rank == matchrank == 0 and not yet have a bestMatch

Comment 2

[Stuart Parmenter]

checked in