Closed Bug 661658 Opened 13 years ago Closed 13 years ago

Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox7 --- fixed
firefox47 --- affected
firefox48 --- affected
firefox-esr45 --- affected

People

(Reporter: marcia, Unassigned)

Details

(Keywords: crash, verified-beta, Whiteboard: [qa!])

Crash Data

Attachments

(1 file, 1 obsolete file)

Use type that will fit pointers
3.28 KB, patch
joe
: review+
Details | Diff | Splinter Review 
Seen while reviewing trunk crash stats. Mostly all trunk crashes, but one from 3.6.x: http://crash-stats.mozilla.com/report/list?signature=_cairo_scaled_glyph_page_can_remove. First crash showed up in crash stats using 2011041300.

https://crash-stats.mozilla.com/report/index/30602aeb-cb56-4af9-9f1a-66bf42110602

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	_cairo_scaled_glyph_page_can_remove 	gfx/cairo/cairo/src/cairo-scaled-font.c:2672
1 	xul.dll 	cairo_hash_table_random_entry 	gfx/cairo/cairo/src/cairo-hash.c:393
2 	xul.dll 	_cairo_hash_table_resize 	gfx/cairo/cairo/src/cairo-hash.c:262
3 	xul.dll 	_cairo_cache_remove_random 	gfx/cairo/cairo/src/cairo-cache.c:219
4 	xul.dll 	_cairo_cache_shrink_to_accommodate 	
5 	xul.dll 	moz_cairo_scaled_font_glyph_extents 	gfx/cairo/cairo/src/cairo-scaled-font.c:1569
6 	xul.dll 	gfxFont::SetupGlyphExtents 	gfx/thebes/gfxFont.cpp:1565
7 	kernel32.dll 	RtlFillMemoryStub 	
8 	xul.dll 	gfxTextRun::FetchGlyphExtents 	gfx/thebes/gfxFont.cpp:4274
9 	mozalloc.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:100
10 	xul.dll 	gfxFontGroup::MakeTextRun 	gfx/thebes/gfxFont.cpp:2414
11 	xul.dll 	TextRunWordCache::MakeTextRun 	gfx/thebes/gfxTextRunWordCache.cpp:732
The two crashes on 3.6.17 were using Linux. All other crashes are using trunk.
OS: Mac OS X → Windows 7
It looks like this was only happening on 64bit. The attached patch may fix the problem.

        Attachment #536979 -
        Attachment is obsolete: true

        Attachment #537156 -
        Flags: review?(chris)

    
    

    
  
Good catch. Can we rely on uintptr_t being defined though as we cannot rely on stdint.h being available?

    
    

    
  
Comment on attachment 537156 [details] [diff] [review]
Use type that will fit pointers

goot

        Attachment #537156 -
        Flags: review?(chris) → review+
Crash Signature: [@ _cairo_scaled_glyph_page_can_remove ]

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/17f2489e1660
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
    

    
  
I was trying to see if this is fixed for Fx7 since the flag "status-firefox7" is set to "fixed", but I couldn't.
Is there a test case or any steps / guidelines for this bug that can be used to verify the fix? Thanks

    
    

    
  
qa+ for QA verification in Firefox 7. Please check crashstats for occurrences of this crash in Beta 5 or 6.
Whiteboard: [qa+]

    
    

    
  
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> qa+ for QA verification in Firefox 7. Please check crashstats for
> occurrences of this crash in Beta 5 or 6.

There is one crash with the signature _cairo_scaled_glyph_page_can_remove for the build FX 7 build: https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-8a67c2110917
It's not clear if this is related to the issue reported or not.

    
    

    
  
That crash must have been from an earlier build. I don't see any crashes for this stack in trunk, or Beta 5 or Beta 6 in the last week.

(In reply to AndreiD[QA] from comment #9)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> > qa+ for QA verification in Firefox 7. Please check crashstats for
> > occurrences of this crash in Beta 5 or 6.
> 
> There is one crash with the signature _cairo_scaled_glyph_page_can_remove
> for the build FX 7 build:
> https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-
> 8a67c2110917
> It's not clear if this is related to the issue reported or not.

    
    

    
  
Marking this verified fixed based on recent crash data. This is only reported twice in the last week and only on 6.0.2.
Status: RESOLVED → VERIFIED
Keywords: verified-beta
Whiteboard: [qa+] → [qa!]

    
    

    
  
Crash volume for signature '_cairo_scaled_glyph_page_can_remove':
 - nightly (version 50): 0 crash from 2016-06-06.
 - aurora  (version 49): 0 crash from 2016-06-07.
 - beta    (version 48): 15 crashes from 2016-06-06.
 - release (version 47): 21 crashes from 2016-05-31.
 - esr     (version 45): 4 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          0          0          0          0          0
 - aurora           0          0          0          0          0          0          0
 - beta             1          3          1          1          4          1          1
 - release          3          3          4          3          2          2          2
 - esr              1          1          0          0          1          0          0

Affected platforms: Windows, Mac OS X

          status-firefox47:
          --- → affected

          status-firefox48:
          --- → affected

          status-firefox-esr45:
          --- → affected

          You need to log in
          before you can comment on or make changes to this bug.