Closed Bug 558925 Opened 15 years ago Closed 12 years ago

Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jdudley1123, Unassigned)

Details

(Keywords: crash, Whiteboard: [testday-20120831])

Crash Data

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a5pre) Gecko/20100412 Minefield/3.7a5pre GTBDFff GTB7.0 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a5pre) Gecko/20100412 Minefield/3.7a5pre GTBDFff GTB7.0 (.NET CLR 3.5.30729) If a page with the font 'Chunk Five' embedded using @fontface and a font-weight of 'normal' is zoomed in or out, Firefox crashes. The error appears only to occur with the font 'Chunk Five'. Whether this is an error caused by the font or Firefox is uncertain. However, all other major browsers (IE 8, Chrome, Opera and Safari) render the page correctly when zoomed. Reproducible: Always Steps to Reproduce: 1. Go to http://www.fontsquirrel.com/fonts/ChunkFive and download the @fontface kit 2. Edit the demo.html file and add the attribute 'normal' to the font property 3. View the page in Firefox and zoom in or out (ctrl + mouse wheel) Actual Results: Firefox will crash and close instantly, offering to send a crash report to Mozilla. Expected Results: Zoom the page in or out altering the text and other page elements accordingly.
i'm not able to reproduce. can you name a crash id? https://support.mozilla.com/en-US/kb/Firefox+crashes
Signature ClientData::GetOtlTable(long, unsigned char const**, unsigned long*) UUID 7aade4b1-5f21-413e-9d87-f36d42100412 Time 2010-04-12 17:53:38.824873 Uptime 17381 Last Crash 17384 seconds before submission Product Firefox Version 3.7a5pre Build ID 20100412040827 Branch 1.9.3 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 11 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x6 User Comments Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 usp10.dll ClientData::GetOtlTable 1 usp10.dll otlResourceMgr::getOtlTable 2 usp10.dll SubstituteOtlChars 3 usp10.dll OtlShape 4 xul.dll UniscribeItem::Shape gfx/thebes/src/gfxUniscribeShaper.cpp:121 5 xul.dll gfxUniscribeShaper::InitTextRun gfx/thebes/src/gfxUniscribeShaper.cpp:580 usp10.dll 1.420.2600.2180 14C8D7F8AB3C48A4B95A73BAC9A6B02C1 usp10.pdb
Component: General → Graphics
Product: Firefox → Core
QA Contact: general → thebes
Summary: Firefox crashes when a page with specific font styling is zoomed in or out. → Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable]
Version: unspecified → Trunk
per Crashstats this signature is being reported across all branches: 1.9.2.4: bp-a4d08663-1222-4a62-ae0c-a617f2100418 1.9.1.9: bp-7544bd07-4f25-4562-9594-3a2352100422 1.9.0.19: bp-214d7951-d115-46c7-9728-37df72100421 common factor is Windows XP with Service Pack 2 and usp10.dll with above mentioned version. per http://en.wikipedia.org/wiki/Uniscribe usp10.dll version 1.420.2600.2180 is updateable only either by applying non-public hotfixes provided by Microsoft support (didn't SP2 support end these days?) or (preferably) upgrading to Service Pack 3 and thus recieving version 1.420.2600.5512. unsure what Mozilla's option are in this case.
XtC4UaLL, were you able to reproduce this on XP SP2? I'd like to set up a testcase for this but I've already upgraded my XP machine to SP3.
Also, add 'text-rendering: optimizeLegibility;' to the testcase, that will force 3.5/3.6 code to use Uniscribe even at smaller sizes. Without that, the code only uses Uniscribe at font sizes 20px and greater, that may be why zooming seems to be a factor.
Sorry, but i'm on SR-3 too and thus can't repro. maybe QA can provide a SR-2 box?
same crash it seems ... ClientData::GetOtlTable(long, unsigned char const**, unsigned long*) bp-0014af2f-d563-4020-8f2c-095462110527 FF 3.6 bp-965fc05a-40d4-4e8a-8284-1e4922110527 FF 4.0 bp-e04ac1d2-17ab-4146-99a2-3f99a2110527 FF 5.0 EXCEPTION_ACCESS_VIOLATION_READ 0x6 0 usp10.dll ClientData::GetOtlTable 1 usp10.dll otlResourceMgr::getOtlTable 2 usp10.dll SubstituteOtlChars 3 usp10.dll OtlShape 4 xul.dll UniscribeItem::Shape gfx/thebes/gfxUniscribeShaper.cpp:137 5 xul.dll gfxUniscribeShaper::InitTextRun gfx/thebes/gfxUniscribeShaper.cpp:517 6 xul.dll gfxGDIFont::InitTextRun 7 xul.dll gfxFont::SplitAndInitTextRun gfx/thebes/gfxFont.cpp:1508 8 xul.dll gfxTextRun::AddGlyphRun gfx/thebes/gfxFont.cpp:3953 9 xul.dll AtomImpl::ToUTF8String xpcom/ds/nsAtomTable.cpp:346
Severity: normal → critical
Keywords: crash
Summary: Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable] → Firefox crashes when a page with specific font styling is zoomed in or out. [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
Crash Signature: [@ ClientData::GetOtlTable(long, unsigned char const**, unsigned long*)]
We have a spike in this showing up in 5.0 in this signature: see http://test.kairo.at/socorro/2011-06-28.firefox.5.explosiveness.html. Not sure whether to put this comment here or in Bug 585975 which seems to have the same signature.
I'm not getting any more reports for this signature (0 results within the last 4 weeks). I'm inclined to believe that this issue was fixed somehow. I will mark it WORKSFORME. Please see https://crash-stats.mozilla.com/query/query?product=Firefox&version=ALL%3AALL&range_value=4&range_unit=weeks&date=08%2F31%2F2012+11%3A08%3A24&query_search=signature&query_type=contains&query=[%40+ClientData%3A%3AGetOtlTable%28long%2C+unsigned+char+const**%2C+unsigned+long*%29]&reason=&build_id=&process_type=any&hang_type=any&do_query=1 for the filter query in Socorro.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Whiteboard: [testday-20120831]
You need to log in before you can comment on or make changes to this bug.