Last Comment Bug 661658 - Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]
: Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]
Status: VERIFIED FIXED
[qa!]
: crash, verified-beta
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: Trunk
: x86 Windows 7
: -- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-02 13:42 PDT by Marcia Knous [:marcia - use ni]
Modified: 2011-09-26 20:12 PDT (History)
9 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed


Attachments
Fix 64 bit pointer as 32 bit problems (2.43 KB, patch)
2011-06-02 14:33 PDT, Jeff Muizelaar [:jrmuizel]
no flags Details | Diff | Review
Use type that will fit pointers (3.28 KB, patch)
2011-06-03 09:12 PDT, Jeff Muizelaar [:jrmuizel]
joe: review+
Details | Diff | Review

Description Marcia Knous [:marcia - use ni] 2011-06-02 13:42:32 PDT
Seen while reviewing trunk crash stats. Mostly all trunk crashes, but one from 3.6.x: http://crash-stats.mozilla.com/report/list?signature=_cairo_scaled_glyph_page_can_remove. First crash showed up in crash stats using 2011041300.

https://crash-stats.mozilla.com/report/index/30602aeb-cb56-4af9-9f1a-66bf42110602

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	_cairo_scaled_glyph_page_can_remove 	gfx/cairo/cairo/src/cairo-scaled-font.c:2672
1 	xul.dll 	cairo_hash_table_random_entry 	gfx/cairo/cairo/src/cairo-hash.c:393
2 	xul.dll 	_cairo_hash_table_resize 	gfx/cairo/cairo/src/cairo-hash.c:262
3 	xul.dll 	_cairo_cache_remove_random 	gfx/cairo/cairo/src/cairo-cache.c:219
4 	xul.dll 	_cairo_cache_shrink_to_accommodate 	
5 	xul.dll 	moz_cairo_scaled_font_glyph_extents 	gfx/cairo/cairo/src/cairo-scaled-font.c:1569
6 	xul.dll 	gfxFont::SetupGlyphExtents 	gfx/thebes/gfxFont.cpp:1565
7 	kernel32.dll 	RtlFillMemoryStub 	
8 	xul.dll 	gfxTextRun::FetchGlyphExtents 	gfx/thebes/gfxFont.cpp:4274
9 	mozalloc.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:100
10 	xul.dll 	gfxFontGroup::MakeTextRun 	gfx/thebes/gfxFont.cpp:2414
11 	xul.dll 	TextRunWordCache::MakeTextRun 	gfx/thebes/gfxTextRunWordCache.cpp:732
Comment 1 Marcia Knous [:marcia - use ni] 2011-06-02 13:43:31 PDT
The two crashes on 3.6.17 were using Linux. All other crashes are using trunk.
Comment 2 Jeff Muizelaar [:jrmuizel] 2011-06-02 14:33:53 PDT
Created attachment 536979 [details] [diff] [review]
Fix 64 bit pointer as 32 bit problems

It looks like this was only happening on 64bit. The attached patch may fix the problem.
Comment 3 Jeff Muizelaar [:jrmuizel] 2011-06-03 09:12:45 PDT
Created attachment 537156 [details] [diff] [review]
Use type that will fit pointers
Comment 4 Chris Wilson 2011-06-03 10:26:43 PDT
Good catch. Can we rely on uintptr_t being defined though as we cannot rely on stdint.h being available?
Comment 5 Joe Drew (not getting mail) 2011-06-07 12:58:50 PDT
Comment on attachment 537156 [details] [diff] [review]
Use type that will fit pointers

goot
Comment 6 Jeff Muizelaar [:jrmuizel] 2011-06-23 08:31:32 PDT
http://hg.mozilla.org/mozilla-central/rev/17f2489e1660
Comment 7 AndreiD[QA] 2011-08-25 05:14:50 PDT
I was trying to see if this is fixed for Fx7 since the flag "status-firefox7" is set to "fixed", but I couldn't.
Is there a test case or any steps / guidelines for this bug that can be used to verify the fix? Thanks
Comment 8 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-22 14:32:19 PDT
qa+ for QA verification in Firefox 7. Please check crashstats for occurrences of this crash in Beta 5 or 6.
Comment 9 AndreiD[QA] 2011-09-26 08:29:49 PDT
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> qa+ for QA verification in Firefox 7. Please check crashstats for
> occurrences of this crash in Beta 5 or 6.

There is one crash with the signature _cairo_scaled_glyph_page_can_remove for the build FX 7 build: https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-8a67c2110917
It's not clear if this is related to the issue reported or not.
Comment 10 Marcia Knous [:marcia - use ni] 2011-09-26 10:45:58 PDT
That crash must have been from an earlier build. I don't see any crashes for this stack in trunk, or Beta 5 or Beta 6 in the last week.

(In reply to AndreiD[QA] from comment #9)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> > qa+ for QA verification in Firefox 7. Please check crashstats for
> > occurrences of this crash in Beta 5 or 6.
> 
> There is one crash with the signature _cairo_scaled_glyph_page_can_remove
> for the build FX 7 build:
> https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-
> 8a67c2110917
> It's not clear if this is related to the issue reported or not.
Comment 11 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-26 20:12:12 PDT
Marking this verified fixed based on recent crash data. This is only reported twice in the last week and only on 6.0.2.

Note You need to log in before you can comment on or make changes to this bug.