Crash [@ gfxTextRun::FetchGlyphExtents ]

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: scoobidiver, Assigned: jfkthame)

Tracking

({crash, regression})

Trunk
x86_64
Mac OS X
crash, regression
Points:
---

Firefox Tracking Flags

(blocking2.0 final+)

Details

(Whiteboard: [hardblocker], crash signature)

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
It is a new crash signature that first appeared in 4.0b12pre/20110210, except two occurrences in 4.0b10.
It is #5 top crasher on Mac OS X in 4.0b12pre over the last week.

Signature	gfxTextRun::FetchGlyphExtents
UUID	6cdda644-4f3f-48e0-a3eb-6e4f32110210
Time 	2011-02-10 22:28:40.62157
Uptime	121
Last Crash	123 seconds before submission
Install Age	2657 seconds (44.3 minutes) since version was first installed.
Product	Firefox
Version	4.0b12pre
Build ID	20110210030400
Branch	2.0
OS	Mac OS X
OS Version	10.6.6 10J567
CPU	amd64
CPU Info	family 6 model 23 stepping 6
Crash Reason	EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address	0x1ce216f4
App Notes 	Renderers: 0x22600,0x20400

Frame 	Module 	Signature [Expand] 	Source
0 	XUL 	gfxTextRun::FetchGlyphExtents 	gfx/thebes/gfxFont.cpp:4218
1 	XUL 	gfxFontGroup::MakeTextRun 	gfx/thebes/gfxFont.cpp:2385
2 	XUL 	TextRunWordCache::MakeTextRun 	gfx/thebes/gfxTextRunWordCache.cpp:722
3 	XUL 	BuildTextRunsScanner::BuildTextRunForFrames 	layout/generic/nsTextFrameThebes.cpp:508
4 	XUL 	BuildTextRunsScanner::FlushFrames 	layout/generic/nsTextFrameThebes.cpp:1304
5 	XUL 	BuildTextRunsScanner::ScanFrame 	layout/generic/nsTextFrameThebes.cpp:1461
6 	XUL 	nsTextFrame::EnsureTextRun 	layout/generic/nsTextFrameThebes.cpp:1210
7 	XUL 	nsTextFrame::AddInlineMinWidthForFlow 	layout/generic/nsTextFrameThebes.cpp:5991
8 	XUL 	nsTextFrame::AddInlineMinWidth 	layout/generic/nsTextFrameThebes.cpp:6103
9 	XUL 	nsBlockFrame::GetMinWidth 	layout/generic/nsBlockFrame.cpp:762
10 	XUL 	nsLayoutUtils::IntrinsicForContainer 	layout/base/nsLayoutUtils.cpp:2136
11 	XUL 	GetWidthInfo 	layout/tables/BasicTableLayoutStrategy.cpp:113
12 	XUL 	BasicTableLayoutStrategy::ComputeColumnIntrinsicWidths 	layout/tables/BasicTableLayoutStrategy.cpp:238
13 	XUL 	BasicTableLayoutStrategy::ComputeIntrinsicWidths 	layout/tables/BasicTableLayoutStrategy.cpp:418
14 	XUL 	BasicTableLayoutStrategy::GetMinWidth 	layout/tables/BasicTableLayoutStrategy.cpp:72
15 	XUL 	nsTableFrame::ComputeAutoSize 	layout/tables/nsTableFrame.cpp:1556
16 	XUL 	nsFrame::ComputeSize 	layout/generic/nsFrame.cpp:3358
17 	XUL 	nsTableFrame::ComputeSize 	layout/tables/nsTableFrame.cpp:1541
18 	XUL 	nsTableOuterFrame::ComputeAutoSize 	layout/tables/nsTableOuterFrame.cpp:583
19 	XUL 	nsFrame::ComputeSize 	layout/generic/nsFrame.cpp:3358
20 	XUL 	nsBlockFrame::WidthToClearPastFloats 	layout/generic/nsBlockFrame.cpp:7094
21 	XUL 	nsBlockReflowState::ComputeBlockAvailSpace 	layout/generic/nsBlockReflowState.cpp:293
22 	XUL 	nsBlockFrame::ReflowBlockFrame 	layout/generic/nsBlockFrame.cpp:3148
23 	XUL 	nsBlockFrame::ReflowLine 	layout/generic/nsBlockFrame.cpp:2506
...

More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=4&range_unit=weeks&signature=gfxTextRun%3A%3AFetchGlyphExtents

Comment 1

8 years ago
4.0b12pre/20110210, new profile, visit http://forum.mozilla-russia.org/viewtopic.php?id=48154
=> crash
(Assignee)

Comment 2

8 years ago
This is a regression from the patch in bug 631035.
Assignee: nobody → jfkthame
Blocks: 631035
(Assignee)

Comment 3

8 years ago
Created attachment 511674 [details] [diff] [review]
patch, correctly check the last array element before deciding whether to append or insert

This was a silly error in the patch for bug 631035, which could lead to out-of-order entries in mOffsetToIndex and hence to failure in the Get() function.
Attachment #511674 - Flags: review?(roc)
(Assignee)

Comment 4

8 years ago
This should clearly block, IMO - it's a regression and crasher, and will probably be common in the wild.
blocking2.0: --- → ?
(Assignee)

Comment 5

8 years ago
Created attachment 511676 [details] [diff] [review]
crashtest extracted from the webpage in comment #1
Attachment #511676 - Flags: review?(roc)

Updated

8 years ago
blocking2.0: ? → final+
Whiteboard: [hardblocker]
(Assignee)

Comment 6

8 years ago
http://hg.mozilla.org/mozilla-central/rev/caffaf707958 (patch)
http://hg.mozilla.org/mozilla-central/rev/2e96d820f43f (crashtest)
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Crash Signature: [@ gfxTextRun::FetchGlyphExtents ]
You need to log in before you can comment on or make changes to this bug.