Closed Bug 643307 Opened 14 years ago Closed 14 years ago

Crash [@ nsThebesFontMetrics::GetMetrics ]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
fennec 4.0.1+ ---

People

(Reporter: scoobidiver, Assigned: dougt)

Details

(Keywords: crash, topcrash, Whiteboard: fixed-mozilla-2.1)

Crash Data

Attachments

(2 files, 1 obsolete file)

patch v.1
1.00 KB, patch
blassey
: review+
Details | Diff | Splinter Review
testcase with @font-face rule
268 bytes, text/html
Details
It is #6 top crasher in Fennec 4.0b6pre over the last 3 days. Signature nsThebesFontMetrics::GetMetrics UUID 65738150-a62c-4fc4-930d-5da262110317 Time 2011-03-17 21:02:32.926430 Uptime 24 Install Age 53808 seconds (14.9 hours) since version was first installed. Product Fennec Version 4.0b6pre Build ID 20110317040030 Branch 2.0 OS Linux OS Version 0.0.0 Linux 2.6.29 #1 PREEMPT Mon Nov 29 16:43:00 2010 armv7l CPU arm Crash Reason SIGSEGV Crash Address 0xffffffff Frame Module Signature [Expand] Source 0 libxul.so nsThebesFontMetrics::GetMetrics gfx/src/thebes/nsThebesFontMetrics.cpp:112 1 libxul.so nsThebesFontMetrics::GetExternalLeading gfx/src/thebes/nsThebesFontMetrics.cpp:190 2 libxul.so nsHTMLReflowState::CalcLineHeight layout/generic/nsHTMLReflowState.cpp:2100 3 libxul.so nsHTMLReflowState::CalcLineHeight layout/generic/nsHTMLReflowState.cpp:2160 4 libxul.so nsBlockReflowState::nsBlockReflowState layout/generic/nsBlockReflowState.cpp:147 5 libxul.so nsBlockFrame::Reflow layout/generic/nsIFrame.h:1282 6 libxul.so nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:744 7 libxul.so nsCanvasFrame::Reflow layout/generic/nsCanvasFrame.cpp:498 8 libxul.so nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:744 9 libxul.so nsHTMLScrollFrame::ReflowScrolledFrame layout/generic/nsGfxScrollFrame.cpp:547 10 libxul.so nsHTMLScrollFrame::ReflowContents layout/generic/nsGfxScrollFrame.cpp:638 11 libxul.so nsHTMLScrollFrame::Reflow layout/generic/nsGfxScrollFrame.cpp:879 12 libxul.so nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:744 13 libxul.so ViewportFrame::Reflow layout/generic/nsViewportFrame.cpp:294 14 libxul.so PresShell::DoReflow layout/base/nsPresShell.cpp:7880 15 libxul.so PresShell::ProcessReflowCommands layout/base/nsPresShell.cpp:7984 16 libxul.so PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4913 17 libxul.so nsRefreshDriver::Notify layout/base/nsRefreshDriver.cpp:327 18 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:429 19 libxul.so nsTimerEvent::Run nsAutoPtr.h:969 20 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 21 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 22 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 23 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 24 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 25 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 26 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:198 27 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:678 28 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 29 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 30 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 31 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:519 32 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:797 33 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 34 libc.so libc.so@0xc23a More reports at: https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=nsThebesFontMetrics%3A%3AGetMetrics
Attached patch patch (obsolete) — Splinter Review
Stuart, I'm asking for your review because you objected to this null check in bug 462908. I'm of the mind that its better to get bogus metrics and move on than to crash.
Assignee: nobody → blassey.bugs
Attachment #521317 - Flags: review?(pavlov)
tracking-fennec: --- → ?
I still don't understand how we end up with 0 fonts in the list
(In reply to comment #2) > I still don't understand how we end up with 0 fonts in the list no one does. There are no steps to reproduce, but I'd like to stop the crashing. I can add a NS_ABORT_IF_FALSE(f, "there are no fonts") in there so we can catch the condition in the future.
sorry, if this is a distraction... are we absolutely sure that the ipc serialization of the font list happens before the use of any font in the child?
Given the distribution of uptimes (between 7 and >1000) I don't think that's the issue here.
are those in ms? or seconds?
Seconds, I believe.
Whiteboard: [4.0.1?]
Comment on attachment 521317 [details] [diff] [review] patch I don't want to patch over something that alerts us when something is really wrong here. We need to get to the root of the problem
Attachment #521317 - Flags: review?(pavlov) → review-
tracking-fennec: ? → 4.0.1+
It is #2 top crasher in 4.0.
Keywords: topcrash
I landed http://hg.mozilla.org/mozilla-central/rev/7ccb164032a0 which might be related.
Mozilla/5.0 (Android; Linux armv71; rv:2.1) Gecko20110318 Firefox/4.0b13pre Fennec/4.0 Device: Droid 2 OS: Android 2.2 Steps to Reproduce : 1. set Fennec to Japanese 2. go to about:start 3. pan down and click on the Spark link Expected: Spark Page in Japanese Actual: Content Crash with this crash signature.
(In reply to comment #11) > Mozilla/5.0 (Android; Linux armv71; rv:2.1) Gecko20110318 Firefox/4.0b13pre > Fennec/4.0 > Device: Droid 2 > OS: Android 2.2 Also reproduced with Firefox 4.0 final on Nexus One and Galaxy Tab but not on Sharp 003SH. This is not reproduced when I tested with Firefox 4.0 final (rc build3) on Nexus One last week (spark.allizom.org).
Attached patch patch v.1Splinter Review
Assignee: blassey.bugs → doug.turner
Attachment #521317 - Attachment is obsolete: true
Attachment #522750 - Flags: review?(blassey.bugs)
simple testcase with @font-face rule
Attachment #522750 - Flags: review?(blassey.bugs) → review+
http://hg.mozilla.org/releases/mozilla-2.1/rev/b984f48a5c07 dynamis, thanks for the test case! would you be interested in adding it to the test suite?
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [4.0.1?] → fixed-mozilla-2.1
Verified with Nexus One: Mozilla/5.0 (Android; Linux armv7l; rv:2.2a1pre) Gecko/20110330 Firefox/4.2a1pre Fennec/4.1a1pre ID:20110330050403 (In reply to comment #16) > dynamis, thanks for the test case! would you be interested in adding it to the > test suite? Fennec will crash with this testcase only if the locale is ja. I don't know how to switch locale in the test suite. # AFAIK we run test suite only with en-US If you think that it's better than nothing even if we test only with en-US, we should add it to the test suite.
Status: RESOLVED → VERIFIED
thanks for the info and the test case. It was very helpful. I only wish we found it like, oh, 72 hours before we shipped 4.0. :D It will be in the 4.0.1 release. Tony, can you add something like this to litmus?
Flags: in-testsuite?
Sure, will get it into queue. Feel free to flag any bugs for litmus tests if you ever see any that needs one. (in-litmus?)
Flags: in-litmus?(nhirata.bugzilla)
Verified Mozilla/5.0 (Android; Linux armv7l; rv:6.0a1) Gecko/20110419 Firefox/6.0a1 Fennec/6.0a1 ID:20110419042214 Mozilla/5.0 (Android; Linux armv7l; rv:2.1.1) Gecko/20110415 Firefox/4.0.2pre Fennec/4.0.1 ID:20110415172201
Crash Signature: [@ nsThebesFontMetrics::GetMetrics ]
spark is over ; can't test this out anymore : spark.mozilla.org/en-US/home shows up horribly though. need to dissect the webpage to figure out what's going on.
Flags: in-litmus?(nhirata.bugzilla) → in-litmus-
Flags: in-testsuite? → in-testsuite-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: