Seen while reviewing trunk crash stats. Mostly all trunk crashes, but one from 3.6.x: http://crash-stats.mozilla.com/report/list?signature=_cairo_scaled_glyph_page_can_remove. First crash showed up in crash stats using 2011041300.
Frame Module Signature [Expand] Source
0 xul.dll _cairo_scaled_glyph_page_can_remove gfx/cairo/cairo/src/cairo-scaled-font.c:2672
1 xul.dll cairo_hash_table_random_entry gfx/cairo/cairo/src/cairo-hash.c:393
2 xul.dll _cairo_hash_table_resize gfx/cairo/cairo/src/cairo-hash.c:262
3 xul.dll _cairo_cache_remove_random gfx/cairo/cairo/src/cairo-cache.c:219
4 xul.dll _cairo_cache_shrink_to_accommodate
5 xul.dll moz_cairo_scaled_font_glyph_extents gfx/cairo/cairo/src/cairo-scaled-font.c:1569
6 xul.dll gfxFont::SetupGlyphExtents gfx/thebes/gfxFont.cpp:1565
7 kernel32.dll RtlFillMemoryStub
8 xul.dll gfxTextRun::FetchGlyphExtents gfx/thebes/gfxFont.cpp:4274
9 mozalloc.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:100
10 xul.dll gfxFontGroup::MakeTextRun gfx/thebes/gfxFont.cpp:2414
11 xul.dll TextRunWordCache::MakeTextRun gfx/thebes/gfxTextRunWordCache.cpp:732
The two crashes on 3.6.17 were using Linux. All other crashes are using trunk.
Created attachment 536979 [details] [diff] [review]
Fix 64 bit pointer as 32 bit problems
It looks like this was only happening on 64bit. The attached patch may fix the problem.
Created attachment 537156 [details] [diff] [review]
Use type that will fit pointers
Good catch. Can we rely on uintptr_t being defined though as we cannot rely on stdint.h being available?
Comment on attachment 537156 [details] [diff] [review]
Use type that will fit pointers
I was trying to see if this is fixed for Fx7 since the flag "status-firefox7" is set to "fixed", but I couldn't.
Is there a test case or any steps / guidelines for this bug that can be used to verify the fix? Thanks
qa+ for QA verification in Firefox 7. Please check crashstats for occurrences of this crash in Beta 5 or 6.
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> qa+ for QA verification in Firefox 7. Please check crashstats for
> occurrences of this crash in Beta 5 or 6.
There is one crash with the signature _cairo_scaled_glyph_page_can_remove for the build FX 7 build: https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-8a67c2110917
It's not clear if this is related to the issue reported or not.
That crash must have been from an earlier build. I don't see any crashes for this stack in trunk, or Beta 5 or Beta 6 in the last week.
(In reply to AndreiD[QA] from comment #9)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> > qa+ for QA verification in Firefox 7. Please check crashstats for
> > occurrences of this crash in Beta 5 or 6.
> There is one crash with the signature _cairo_scaled_glyph_page_can_remove
> for the build FX 7 build:
> It's not clear if this is related to the issue reported or not.
Marking this verified fixed based on recent crash data. This is only reported twice in the last week and only on 6.0.2.
Crash volume for signature '_cairo_scaled_glyph_page_can_remove':
- nightly (version 50): 0 crash from 2016-06-06.
- aurora (version 49): 0 crash from 2016-06-07.
- beta (version 48): 15 crashes from 2016-06-06.
- release (version 47): 21 crashes from 2016-05-31.
- esr (version 45): 4 crashes from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 0 0 0 0 0
- aurora 0 0 0 0 0 0 0
- beta 1 3 1 1 4 1 1
- release 3 3 4 3 2 2 2
- esr 1 1 0 0 1 0 0
Affected platforms: Windows, Mac OS X