Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]

VERIFIED FIXED

Status

()

Core
Graphics
--
critical
VERIFIED FIXED
6 years ago
11 months ago

People

(Reporter: marcia, Unassigned)

Tracking

({crash, verified-beta})

Trunk
x86
Windows 7
crash, verified-beta
Points:
---

Firefox Tracking Flags

(firefox7 fixed, firefox47 affected, firefox48 affected, firefox-esr45 affected)

Details

(Whiteboard: [qa!], crash signature)

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

6 years ago
Seen while reviewing trunk crash stats. Mostly all trunk crashes, but one from 3.6.x: http://crash-stats.mozilla.com/report/list?signature=_cairo_scaled_glyph_page_can_remove. First crash showed up in crash stats using 2011041300.

https://crash-stats.mozilla.com/report/index/30602aeb-cb56-4af9-9f1a-66bf42110602

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	_cairo_scaled_glyph_page_can_remove 	gfx/cairo/cairo/src/cairo-scaled-font.c:2672
1 	xul.dll 	cairo_hash_table_random_entry 	gfx/cairo/cairo/src/cairo-hash.c:393
2 	xul.dll 	_cairo_hash_table_resize 	gfx/cairo/cairo/src/cairo-hash.c:262
3 	xul.dll 	_cairo_cache_remove_random 	gfx/cairo/cairo/src/cairo-cache.c:219
4 	xul.dll 	_cairo_cache_shrink_to_accommodate 	
5 	xul.dll 	moz_cairo_scaled_font_glyph_extents 	gfx/cairo/cairo/src/cairo-scaled-font.c:1569
6 	xul.dll 	gfxFont::SetupGlyphExtents 	gfx/thebes/gfxFont.cpp:1565
7 	kernel32.dll 	RtlFillMemoryStub 	
8 	xul.dll 	gfxTextRun::FetchGlyphExtents 	gfx/thebes/gfxFont.cpp:4274
9 	mozalloc.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:100
10 	xul.dll 	gfxFontGroup::MakeTextRun 	gfx/thebes/gfxFont.cpp:2414
11 	xul.dll 	TextRunWordCache::MakeTextRun 	gfx/thebes/gfxTextRunWordCache.cpp:732
(Reporter)

Comment 1

6 years ago
The two crashes on 3.6.17 were using Linux. All other crashes are using trunk.
OS: Mac OS X → Windows 7
Created attachment 536979 [details] [diff] [review]
Fix 64 bit pointer as 32 bit problems

It looks like this was only happening on 64bit. The attached patch may fix the problem.
Created attachment 537156 [details] [diff] [review]
Use type that will fit pointers
Attachment #536979 - Attachment is obsolete: true
Attachment #537156 - Flags: review?(chris)

Comment 4

6 years ago
Good catch. Can we rely on uintptr_t being defined though as we cannot rely on stdint.h being available?
Comment on attachment 537156 [details] [diff] [review]
Use type that will fit pointers

goot
Attachment #537156 - Flags: review?(chris) → review+
(Assignee)

Updated

6 years ago
Crash Signature: [@ _cairo_scaled_glyph_page_can_remove ]
http://hg.mozilla.org/mozilla-central/rev/17f2489e1660
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
status-firefox7: --- → fixed

Comment 7

6 years ago
I was trying to see if this is fixed for Fx7 since the flag "status-firefox7" is set to "fixed", but I couldn't.
Is there a test case or any steps / guidelines for this bug that can be used to verify the fix? Thanks
qa+ for QA verification in Firefox 7. Please check crashstats for occurrences of this crash in Beta 5 or 6.
Whiteboard: [qa+]

Comment 9

6 years ago
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> qa+ for QA verification in Firefox 7. Please check crashstats for
> occurrences of this crash in Beta 5 or 6.

There is one crash with the signature _cairo_scaled_glyph_page_can_remove for the build FX 7 build: https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-8a67c2110917
It's not clear if this is related to the issue reported or not.
(Reporter)

Comment 10

6 years ago
That crash must have been from an earlier build. I don't see any crashes for this stack in trunk, or Beta 5 or Beta 6 in the last week.

(In reply to AndreiD[QA] from comment #9)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> > qa+ for QA verification in Firefox 7. Please check crashstats for
> > occurrences of this crash in Beta 5 or 6.
> 
> There is one crash with the signature _cairo_scaled_glyph_page_can_remove
> for the build FX 7 build:
> https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-
> 8a67c2110917
> It's not clear if this is related to the issue reported or not.
Marking this verified fixed based on recent crash data. This is only reported twice in the last week and only on 6.0.2.
Status: RESOLVED → VERIFIED
Keywords: verified-beta
Whiteboard: [qa+] → [qa!]
Crash volume for signature '_cairo_scaled_glyph_page_can_remove':
 - nightly (version 50): 0 crash from 2016-06-06.
 - aurora  (version 49): 0 crash from 2016-06-07.
 - beta    (version 48): 15 crashes from 2016-06-06.
 - release (version 47): 21 crashes from 2016-05-31.
 - esr     (version 45): 4 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          0          0          0          0          0
 - aurora           0          0          0          0          0          0          0
 - beta             1          3          1          1          4          1          1
 - release          3          3          4          3          2          2          2
 - esr              1          1          0          0          1          0          0

Affected platforms: Windows, Mac OS X
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox-esr45: --- → affected
You need to log in before you can comment on or make changes to this bug.