530061 - [apple] crash in ATS [@ TLWFNType1Font::TLWFNType1Font]

Status: RESOLVED INCOMPLETE

(Core :: Graphics, defect)

Description

[John Daggett (:jtd)]

We're seeing a lot of crashes in Apple code for handling Type1 fonts recently.  All the crashes appear to be in 10.6.2 code which added "fixes" for Type1 handling:

http://crash-stats.mozilla.com/report/list?product=Firefox&platform=mac&query_search=signature&query_type=exact&query=TLWFNType1Font%3A%3ATLWFNType1Font%28TResourceForkSurrogate%20const%26%2C%20TResourceFileDataSurrogate%20const%26%2C%20TResourceFileDataSurrogate%20const%26%29&date=&range_value=1&range_unit=weeks&do_query=1&signature=TLWFNType1Font%3A%3ATLWFNType1Font%28TResourceForkSurrogate%20const%26%2C%20TResourceFileDataSurrogate%20const%26%2C%20TResourceFileDataSurrogate%20const%26%29

Example stack crawl:

0|0|libFontParser.dylib|TLWFNType1Font::TLWFNType1Font(TResourceForkSurrogate const&, TResourceFileDataSurrogate const&, TResourceFileDataSurrogate const&)|||0x1e7
0|1|libFontParser.dylib|TFont::CreateFontEntitiesForFile(char const*, bool, TSimpleArray<TFont*>&, bool, short, char const*)|||0xc26
0|2|libFontParser.dylib|TFont::CreateFontFileFont(char const*, unsigned int, bool, short, char const*)|||0x5c
0|3|libFontParser.dylib|CreateFontForScaler|||0x37
0|4|ATS|HandleOFAScalerMessage|||0x1cf
0|5|ATS|SendStrikeMessage|||0xa1
0|6|ATS|_eOFARegisterStrike|||0xed
0|7|ATS|_eGetGlyphVectorIndex|||0x3b7
0|8|ATS|OldGlyphsCacheStrike(TStrike*, void (*)(StrikeSpecs const*, void const*), void*)|||0x87
0|9|ATS|_eGCGetStrikeMetrics|||0x40
0|10|ATS|_eATSFontGetHorizontalMetrics|||0xac
0|11|ATS|ATSFontGetHorizontalMetrics|||0x4b
0|12|XUL|gfxCoreTextFont::InitMetrics()|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxCoreTextFonts.cpp:3405d57427a5|314|0x19
0|13|XUL|gfxCoreTextFont::InitMetrics()|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxCoreTextFonts.cpp:3405d57427a5|131|0x7
0|14|XUL|GetOrMakeCTFont|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxCoreTextFonts.cpp:3405d57427a5|208|0x19
0|15|XUL|gfxCoreTextFontGroup::FindCTFont(nsAString_internal const&, nsACString_internal const&, void*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxCoreTextFonts.cpp:3405d57427a5|665|0xd
0|16|XUL|gfxFontGroup::IsInvalidChar(unsigned short)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxFont.cpp:3405d57427a5|1522|0x15
0|17|XUL|gfxPlatformMac::ResolveFontName(nsAString_internal const&, int (*)(nsAString_internal const&, void*), void*, int&)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxPlatformMac.cpp:3405d57427a5|152|0xc
0|18|XUL|gfxFontGroup::ForEachFontInternal(nsAString_internal const&, nsACString_internal const&, int, int, int (*)(nsAString_internal const&, nsACString_internal const&, void*), void*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxFont.cpp:3405d57427a5|1488|0x2c
0|19|XUL|gfxFontGroup::ForEachFont(int (*)(nsAString_internal const&, nsACString_internal const&, void*), void*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxFont.cpp:3405d57427a5|1357|0x33
0|20|XUL|gfxCoreTextFontGroup::WhichPrefFontSupportsChar(unsigned int)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxCoreTextFonts.cpp:3405d57427a5|597|0x15
0|21|XUL|gfxPlatformMac::CreateFontGroup(nsAString_internal const&, gfxFontStyle const*, gfxUserFontSet*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/src/gfxPlatformMac.cpp:3405d57427a5|173|0x27

Post on Apple discussions board noting console messages about FontWorker crashing:

http://discussions.apple.com/thread.jspa?messageID=10144920

This is almost certainly an Apple issue but I just wanted to log this so we can track the issue if Apple doesn't fix it.

Comment 1

[Joe Drew (not getting mail)]

The only crashes we get with this signature are in 10.6.2, and our users are very heavily weighted towards the latest OS X releases, so I have to believe that this was fixed in the latest OS X releases.