large uptake in crashes in gfxFontGroup::FindFontForChar on OS X

RESOLVED FIXED

Status

()

Core
Graphics
--
critical
RESOLVED FIXED
6 years ago
3 years ago

People

(Reporter: jrmuizel, Unassigned)

Tracking

({crash, regression})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
https://crash-stats.mozilla.com/query/query?query_type=simple&do_query=1&query=gfxFontGroup%3A%3AFindFontForChar


It looks like this started on the 10th of August.

Comment 1

6 years ago
https://crash-stats.mozilla.com/report/list?signature=gfxFontGroup%3A%3AFindFontForChar is a more simple query for those reports.

https://crash-stats.mozilla.com/report/list?signature=gfxFontFamily%3A%3AReadCMAP%28%29 has been coming up at the same time as well, this sounds correlated, would you agree?
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontGroup%3A%3AFindFontForChar is a more simple query for
> those reports.
> 
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontFamily%3A%3AReadCMAP%28%29 has been coming up at the
> same time as well, this sounds correlated, would you agree?

Yes, they may well be the same issue - I notice one of the signatures is only on Windows, and the other is only on OS X.

I'm guessing this might be a regression from bug 668813, specifically the "part 2" patch there. I'll take a look at that and see if I can confirm it.
Blocks: 668813
Keywords: regression
(Reporter)

Comment 3

6 years ago
This happened to me again. It happened during a tab switch.

Updated

6 years ago
Crash Signature: [@ gfxFontGroup::FindFontForChar] → [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ]

Comment 4

6 years ago
We merge to Aurora on Tuesday. Any chance we can get this fixed before then. who is the right person to own this.

Comment 5

6 years ago
It looks like https://crash-stats.mozilla.com/report/list?signature=gfxSparseBitSet%3A%3Atest%28unsigned%20int%29 is also coming from font stuff and started at the same time, so I'd assume that's connected as well.
It seems like this could be associated with font-fallback search, but I haven't yet managed to reproduce it despite visiting a variety of pages (with both Mac and Win nightlies) that should be triggering fallback to find fonts for a mixture of languages. If anyone can identify a URL that leads to this crash, or other steps to reproduce, that would be really helpful.
I'm hitting this all the time today, and Firefox hadn't crashed for me otherwise in literally months.
Any chance you could catch this under a debugger, with a debug build, and get a more precise idea of where/why it's crashing? Is there a pointer or array that looks like it's been trashed?
I filed Bug 678587 for the crash stack in Comment 5 and will add some URLs to that to see if anyone can repro.
Created attachment 552861 [details] [diff] [review]
back out second changeset (family-charmap optimization) from bug 668813

I haven't been able to reproduce this, or to identify the actual cause of the crashes, but I'm suspicious that it may somehow be related to the per-font-family character map added in bug 668813 (part 2) to optimize font-fallback searches.

So I suggest we back out that change (as per this patch) and watch crash-stats for a couple of days to check whether it resolves the crashiness.
Attachment #552861 - Flags: review?(jdaggett)
Attachment #552861 - Flags: review?(jdaggett) → review+
Pushed http://hg.mozilla.org/mozilla-central/rev/8e1dd6f8b903, which backs out bug 668813 (part 2). Leaving this bug open until we have a couple days of crash-stats, to see whether it actually fixes things.

Comment 12

6 years ago
So, I can reproduce this 100% and I know why it looks to spike....

Steps to reproduce:

#1 open graphwar.com
#2 Deny Java access to the device (not sure if this is needed)
#3 Click the create new game button
#4 Close the tab

Crash!

Also note graph war is currently on the front page of hacker news...might be the cause of the spike :-)

Comment 13

6 years ago
Actually, looks like you just have to open http://www.graphwar.com/play.html and click Deny. This is on Mac OS X 10.6
Interesting.... but doesn't reproduce for me (tried on OS X 10.6 here as well). It's very possible that the reproducibility is somehow dependent on your machine's collection of installed fonts, as it seems to be occurring during font-search.

Could you try a build that includes the patch landed in comment 11 and let me know whether it still crashes?

Comment 15

6 years ago
https://crash-stats.mozilla.com/report/list?signature=gfxFontFamily%3A%3AFindFontForChar%28FontSearch%2A%29 has now been rising in builds from the 14th and 15th...

Updated

6 years ago
Crash Signature: [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] → [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] [@ gfxSparseBitSet::test(unsigned int) ]

Updated

6 years ago
Duplicate of this bug: 678587
Pushed http://hg.mozilla.org/mozilla-central/rev/8e1dd6f8b903, which backs out bug 668813 (part 1).

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #15)
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontFamily%3A%3AFindFontForChar%28FontSearch%2A%29 has now
> been rising in builds from the 14th and 15th...

Yeah, the exact signatures in comment 1 no longer exist but the crashes still happen with this alternative signature. I've now backed out the first patch from bug 668813, as that seems the only plausible culprit left in the tree.

This had better stop the crashes! (Otherwise bug 668813 wasn't to blame after all, but I don't have any alternative ideas....)

Updated

6 years ago
Crash Signature: [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] [@ gfxSparseBitSet::test(unsigned int) ] → [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] [@ gfxSparseBitSet::test(unsigned int) ] [@ gfxFontFamily::FindFontForChar(FontSearch*) ]
Keywords: crash

Updated

6 years ago
Crash Signature: [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] [@ gfxSparseBitSet::test(unsigned int) ] [@ gfxFontFamily::FindFontForChar(FontSearch*) ] → [@ gfxFontGroup::FindFontForChar] [@ gfxFontFamily::ReadCMAP() ] [@ gfxSparseBitSet::test(unsigned int) ] [@ gfxFontFamily::FindFontForChar(FontSearch*) ] [@ gfxFontGroup::FindFontForChar(unsigned int, unsigned int, int, gfxFont*, unsigned char*) ]

Comment 18

6 years ago
I can confirm with the nightly from 2011-08-16 it no longer crashes as it did. If you want me to get the fonts and stuff, let me know
(In reply to Christian Legnitto [:LegNeato] from comment #18)
> I can confirm with the nightly from 2011-08-16 it no longer crashes as it
> did. If you want me to get the fonts and stuff, let me know

Any chance you can reproduce this under a debug build from before the backouts, and find out the name of the font involved when it crashes? (The mName in the gfxFontFamily object would be a start, at least.) I'd still love to figure out what was going wrong, but was never able to reproduce it here.

Comment 20

6 years ago
This seems to have made Aurora 8. I don't think we need to track this. Please re-nom if I'm a liar.
tracking-firefox8: ? → ---
Severity: normal → critical
Closing this, since backing out bug 668813 appears to have fixed it.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Those who were able to reproduce this - we need some help over in bug 668813 to figure out what was triggering these crashes, so that we can actually fix the original issue there. Please see bug 668813 comment 18 and following.
You need to log in before you can comment on or make changes to this bug.