Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
9 years ago
6 years ago

People

(Reporter: jdudley1123, Unassigned)

Tracking

({crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [testday-20120831], crash signature)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a5pre) Gecko/20100412 Minefield/3.7a5pre GTBDFff GTB7.0 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a5pre) Gecko/20100412 Minefield/3.7a5pre GTBDFff GTB7.0 (.NET CLR 3.5.30729)

If a page with the font 'Chunk Five' embedded using @fontface and a font-weight of 'normal' is zoomed in or out, Firefox crashes. The error appears only to occur with the font 'Chunk Five'. Whether this is an error caused by the font or Firefox is uncertain. However, all other major browsers (IE 8, Chrome, Opera and Safari) render the page correctly when zoomed.

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.fontsquirrel.com/fonts/ChunkFive and download the @fontface kit
2. Edit the demo.html file and add the attribute 'normal' to the font property
3. View the page in Firefox and zoom in or out (ctrl + mouse wheel)
Actual Results:  
Firefox will crash and close instantly, offering to send a crash report to Mozilla.

Expected Results:  
Zoom the page in or out altering the text and other page elements accordingly.
i'm not able to reproduce.
can you name a crash id?
https://support.mozilla.com/en-US/kb/Firefox+crashes

Comment 3

9 years ago
Signature	ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)
UUID	7aade4b1-5f21-413e-9d87-f36d42100412
Time 	2010-04-12 17:53:38.824873
Uptime	17381
Last Crash	17384 seconds before submission
Product	Firefox
Version	3.7a5pre
Build ID	20100412040827
Branch	1.9.3
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 6 model 15 stepping 11
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0x6
User Comments	
Processor Notes 	
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	usp10.dll 	ClientData::GetOtlTable 	
1 	usp10.dll 	otlResourceMgr::getOtlTable 	
2 	usp10.dll 	SubstituteOtlChars 	
3 	usp10.dll 	OtlShape 	
4 	xul.dll 	UniscribeItem::Shape 	gfx/thebes/src/gfxUniscribeShaper.cpp:121
5 	xul.dll 	gfxUniscribeShaper::InitTextRun 	gfx/thebes/src/gfxUniscribeShaper.cpp:580

usp10.dll 	1.420.2600.2180 	14C8D7F8AB3C48A4B95A73BAC9A6B02C1 	usp10.pdb
Component: General → Graphics
Product: Firefox → Core
QA Contact: general → thebes
Summary: Firefox crashes when a page with specific font styling is zoomed in or out. → Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable]
Version: unspecified → Trunk
per Crashstats this signature is being reported across all branches:

1.9.2.4: bp-a4d08663-1222-4a62-ae0c-a617f2100418
1.9.1.9: bp-7544bd07-4f25-4562-9594-3a2352100422
1.9.0.19: bp-214d7951-d115-46c7-9728-37df72100421

common factor is Windows XP with Service Pack 2 and usp10.dll with above mentioned version.
per http://en.wikipedia.org/wiki/Uniscribe usp10.dll version 1.420.2600.2180 is updateable only either by applying non-public hotfixes provided by Microsoft support (didn't SP2 support end these days?) or (preferably) upgrading to Service Pack 3 and thus recieving version 1.420.2600.5512.

unsure what Mozilla's option are in this case.

Comment 5

8 years ago
XtC4UaLL, were you able to reproduce this on XP SP2?  I'd like to set up a testcase for this but I've already upgraded my XP machine to SP3.

Comment 6

8 years ago
Also, add 'text-rendering: optimizeLegibility;' to the testcase, that will force 3.5/3.6 code to use Uniscribe even at smaller sizes.  Without that, the code only uses Uniscribe at font sizes 20px and greater, that may be why zooming seems to be a factor.
Sorry, but i'm on SR-3 too and thus can't repro. maybe QA can provide a SR-2 box?

Comment 8

7 years ago
same crash it seems ...
ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)

bp-0014af2f-d563-4020-8f2c-095462110527 FF 3.6
bp-965fc05a-40d4-4e8a-8284-1e4922110527 FF 4.0
bp-e04ac1d2-17ab-4146-99a2-3f99a2110527 FF 5.0
EXCEPTION_ACCESS_VIOLATION_READ
0x6
0	usp10.dll	ClientData::GetOtlTable	
1	usp10.dll	otlResourceMgr::getOtlTable	
2	usp10.dll	SubstituteOtlChars	
3	usp10.dll	OtlShape	
4	xul.dll	UniscribeItem::Shape	gfx/thebes/gfxUniscribeShaper.cpp:137
5	xul.dll	gfxUniscribeShaper::InitTextRun	gfx/thebes/gfxUniscribeShaper.cpp:517
6	xul.dll	gfxGDIFont::InitTextRun	
7	xul.dll	gfxFont::SplitAndInitTextRun	gfx/thebes/gfxFont.cpp:1508 
8 	xul.dll 	gfxTextRun::AddGlyphRun 	gfx/thebes/gfxFont.cpp:3953
9 	xul.dll 	AtomImpl::ToUTF8String 	xpcom/ds/nsAtomTable.cpp:346
Severity: normal → critical
Keywords: crash
Summary: Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable] → Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
(Assignee)

Updated

7 years ago
Crash Signature: [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
We have a spike in this showing up in 5.0 in this signature: see http://test.kairo.at/socorro/2011-06-28.firefox.5.explosiveness.html. Not sure whether to put this comment here or in Bug 585975 which seems to have the same signature.
I'm not getting any more reports for this signature (0 results within the last 4 weeks). I'm inclined to believe that this issue was fixed somehow. I will mark it WORKSFORME.

Please see https://crash-stats.mozilla.com/query/query?product=Firefox&version=ALL%3AALL&range_value=4&range_unit=weeks&date=08%2F31%2F2012+11%3A08%3A24&query_search=signature&query_type=contains&query=[%40+ClientData%3A%3AGetOtlTable%28long%2C+unsigned+char+const**%2C+unsigned+long*%29]&reason=&build_id=&process_type=any&hang_type=any&do_query=1 for the filter query in Socorro.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
Whiteboard: [testday-20120831]
You need to log in before you can comment on or make changes to this bug.