Last Comment Bug 661658 - Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]
: Firefox Crash [@ _cairo_scaled_glyph_page_can_remove ]
Status: VERIFIED FIXED
[qa!]
: crash, verified-beta
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: Trunk
: x86 Windows 7
: -- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-02 13:42 PDT by Marcia Knous [:marcia - use ni]
Modified: 2016-07-28 05:31 PDT (History)
9 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed
affected
affected
affected


Attachments
Fix 64 bit pointer as 32 bit problems (2.43 KB, patch)
2011-06-02 14:33 PDT, Jeff Muizelaar [:jrmuizel]
no flags Details | Diff | Splinter Review
Use type that will fit pointers (3.28 KB, patch)
2011-06-03 09:12 PDT, Jeff Muizelaar [:jrmuizel]
joe: review+
Details | Diff | Splinter Review

Description Marcia Knous [:marcia - use ni] 2011-06-02 13:42:32 PDT
Seen while reviewing trunk crash stats. Mostly all trunk crashes, but one from 3.6.x: http://crash-stats.mozilla.com/report/list?signature=_cairo_scaled_glyph_page_can_remove. First crash showed up in crash stats using 2011041300.

https://crash-stats.mozilla.com/report/index/30602aeb-cb56-4af9-9f1a-66bf42110602

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	_cairo_scaled_glyph_page_can_remove 	gfx/cairo/cairo/src/cairo-scaled-font.c:2672
1 	xul.dll 	cairo_hash_table_random_entry 	gfx/cairo/cairo/src/cairo-hash.c:393
2 	xul.dll 	_cairo_hash_table_resize 	gfx/cairo/cairo/src/cairo-hash.c:262
3 	xul.dll 	_cairo_cache_remove_random 	gfx/cairo/cairo/src/cairo-cache.c:219
4 	xul.dll 	_cairo_cache_shrink_to_accommodate 	
5 	xul.dll 	moz_cairo_scaled_font_glyph_extents 	gfx/cairo/cairo/src/cairo-scaled-font.c:1569
6 	xul.dll 	gfxFont::SetupGlyphExtents 	gfx/thebes/gfxFont.cpp:1565
7 	kernel32.dll 	RtlFillMemoryStub 	
8 	xul.dll 	gfxTextRun::FetchGlyphExtents 	gfx/thebes/gfxFont.cpp:4274
9 	mozalloc.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:100
10 	xul.dll 	gfxFontGroup::MakeTextRun 	gfx/thebes/gfxFont.cpp:2414
11 	xul.dll 	TextRunWordCache::MakeTextRun 	gfx/thebes/gfxTextRunWordCache.cpp:732
Comment 1 Marcia Knous [:marcia - use ni] 2011-06-02 13:43:31 PDT
The two crashes on 3.6.17 were using Linux. All other crashes are using trunk.
Comment 2 Jeff Muizelaar [:jrmuizel] 2011-06-02 14:33:53 PDT
Created attachment 536979 [details] [diff] [review]
Fix 64 bit pointer as 32 bit problems

It looks like this was only happening on 64bit. The attached patch may fix the problem.
Comment 3 Jeff Muizelaar [:jrmuizel] 2011-06-03 09:12:45 PDT
Created attachment 537156 [details] [diff] [review]
Use type that will fit pointers
Comment 4 Chris Wilson 2011-06-03 10:26:43 PDT
Good catch. Can we rely on uintptr_t being defined though as we cannot rely on stdint.h being available?
Comment 5 Joe Drew (not getting mail) 2011-06-07 12:58:50 PDT
Comment on attachment 537156 [details] [diff] [review]
Use type that will fit pointers

goot
Comment 6 Jeff Muizelaar [:jrmuizel] 2011-06-23 08:31:32 PDT
http://hg.mozilla.org/mozilla-central/rev/17f2489e1660
Comment 7 AndreiD[QA] 2011-08-25 05:14:50 PDT
I was trying to see if this is fixed for Fx7 since the flag "status-firefox7" is set to "fixed", but I couldn't.
Is there a test case or any steps / guidelines for this bug that can be used to verify the fix? Thanks
Comment 8 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-22 14:32:19 PDT
qa+ for QA verification in Firefox 7. Please check crashstats for occurrences of this crash in Beta 5 or 6.
Comment 9 AndreiD[QA] 2011-09-26 08:29:49 PDT
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> qa+ for QA verification in Firefox 7. Please check crashstats for
> occurrences of this crash in Beta 5 or 6.

There is one crash with the signature _cairo_scaled_glyph_page_can_remove for the build FX 7 build: https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-8a67c2110917
It's not clear if this is related to the issue reported or not.
Comment 10 Marcia Knous [:marcia - use ni] 2011-09-26 10:45:58 PDT
That crash must have been from an earlier build. I don't see any crashes for this stack in trunk, or Beta 5 or Beta 6 in the last week.

(In reply to AndreiD[QA] from comment #9)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #8)
> > qa+ for QA verification in Firefox 7. Please check crashstats for
> > occurrences of this crash in Beta 5 or 6.
> 
> There is one crash with the signature _cairo_scaled_glyph_page_can_remove
> for the build FX 7 build:
> https://crash-stats.mozilla.com/report/index/3d785371-0b59-4b9a-843e-
> 8a67c2110917
> It's not clear if this is related to the issue reported or not.
Comment 11 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-26 20:12:12 PDT
Marking this verified fixed based on recent crash data. This is only reported twice in the last week and only on 6.0.2.
Comment 12 Release Management Account Bot 2016-07-28 05:31:48 PDT
Crash volume for signature '_cairo_scaled_glyph_page_can_remove':
 - nightly (version 50): 0 crash from 2016-06-06.
 - aurora  (version 49): 0 crash from 2016-06-07.
 - beta    (version 48): 15 crashes from 2016-06-06.
 - release (version 47): 21 crashes from 2016-05-31.
 - esr     (version 45): 4 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          0          0          0          0          0
 - aurora           0          0          0          0          0          0          0
 - beta             1          3          1          1          4          1          1
 - release          3          3          4          3          2          2          2
 - esr              1          1          0          0          1          0          0

Affected platforms: Windows, Mac OS X

Note You need to log in before you can comment on or make changes to this bug.