Closed
Bug 730550
Opened 11 years ago
Closed 11 years ago
Crash in gfxUserFontSet::OnLoadComplete @ __delayLoadHelper2
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
People
(Reporter: scoobidiver, Assigned: emk)
References
Details
(Keywords: crash, regression, Whiteboard: [startupcrash] )
Crash Data
Attachments
(1 file)
|
2.01 KB,
patch
|
jtd
:
review+
|
Details | Diff | Splinter Review |
It's a new crash signature that first appeared in 13.0a1/20120224 with that stack. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5e756e59a794&tochange=cd120efbe4c6 Signature __delayLoadHelper2 More Reports Search UUID 88d7380e-2a79-4a01-9c6c-d66f82120224 Date Processed 2012-02-24 22:34:33 Uptime 3911 Install Age 4.0 hours since version was first installed. Install Time 2012-02-24 18:36:39 Product Firefox Version 13.0a1 Build ID 20120224031039 Release Channel nightly OS Windows NT OS Version 5.1.2600 Service Pack 3, v.6165 Build Architecture x86 Build Architecture Info GenuineIntel family 15 model 3 stepping 4 Crash Reason 0xc06d007e / 0x00000000 Crash Address 0x7c812aeb App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x2582, AdapterSubsysID: 00000000, AdapterDriverVersion: 6.14.10.4764 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+ EMCheckCompatibility True Total Virtual Memory 2147352576 Available Virtual Memory 1720262656 System Memory Use Percentage 49 Available Page File 1720418304 Available Physical Memory 1500168192 Frame Module Signature [Expand] Source 0 kernel32.dll RaiseException 1 xul.dll __delayLoadHelper2 delayhlp.cpp:325 2 xul.dll xul.dll@0x2fb6d0 3 xul.dll gfxUserFontSet::OnLoadComplete gfx/thebes/gfxUserFontSet.cpp:505 4 xul.dll nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:974 5 ntdll.dll NtReleaseSemaphore 6 nspr4.dll md_UnlockAndPostNotifies nsprpub/pr/src/md/windows/w95cv.c:184 7 nspr4.dll md_UnlockAndPostNotifies nsprpub/pr/src/md/windows/w95cv.c:193 8 ntdll.dll RtlpFreeToHeapLookaside More reports at: https://crash-stats.mozilla.com/report/list?signature=__delayLoadHelper2
|
Reporter | |
Comment 1•11 years ago
|
||
bug 662055 is in the regression range.
|
||
Comment 2•11 years ago
|
||
(In reply to Scoobidiver from comment #1) > bug 662055 is in the regression range. It is, but OTOH it seems highly unlikely to have any effect on this; I think we need to look elsewhere, possibly earlier. FWIW, I notice that many of the crash reports for __delayLoadHelper2 are not actually this stack, but other unrelated places. Can we do a query that only shows the ones with gfxUserFontSet::OnLoadComplete on the stack?
|
|
Reporter | |
Comment 3•11 years ago
|
||
(In reply to Jonathan Kew (:jfkthame) from comment #2) > FWIW, I notice that many of the crash reports for __delayLoadHelper2 are not > actually this stack Startup crashes with this stack started in 13.0a1/20120224 (checked manually). The regression range is given in comment 0. > Can we do a query that only shows the ones with gfxUserFontSet::OnLoadComplete > on the stack? You can't do that with the current version of Socorro.
|
||
Comment 4•11 years ago
|
||
maybe, this is related to bug 699247. t2embed is defined as delay load dll by this fix.
|
||
Comment 5•11 years ago
|
||
(In reply to Makoto Kato from comment #4) > maybe, this is related to bug 699247. t2embed is defined as delay load dll > by this fix. I can definitely imagine patterns where t2embed will *not* be available. This library has historically been a source of multiple security alerts/fixes and one of the recommended workarounds was to deny access to the library: http://technet.microsoft.com/en-us/security/bulletin/ms11-087 This is a 2011 issue but other issues have occurred in the past. The solution would be to undo the parts of the patch for bug 699247 that removed the dynamic loading of t2embed functions.
Blocks: 699247
|
Assignee | |
Comment 6•11 years ago
|
||
I didn't revert GetProcAddress calls for readability and less complexity.
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [startupcrash] → [startupcrash] [autoland-try:try:-b do -p win32 -u all -t none]
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [startupcrash] [autoland-try:try:-b do -p win32 -u all -t none] → [startupcrash] [autoland-try:-b do -p win32 -u all -t none]
|
||
Updated•11 years ago
|
Whiteboard: [startupcrash] [autoland-try:-b do -p win32 -u all -t none] → [startupcrash] [autoland-in-queue]
|
|
||
Comment 7•11 years ago
|
||
Autoland Patchset: Patches: 601236 Branch: mozilla-central => try Destination: http://hg.mozilla.org/try/pushloghtml?changeset=99efe03dcd47 Try run started, revision 99efe03dcd47. To cancel or monitor the job, see: https://tbpl.mozilla.org/?tree=Try&rev=99efe03dcd47
|
||
Updated•11 years ago
|
Attachment #601236 -
Flags: review?(jmathies) → review?(jdaggett)
|
|
||
Comment 8•11 years ago
|
||
Comment on attachment 601236 [details] [diff] [review] Make sure the t2embed library is available before using Looks like this will work. Please confirm for the case where deny access has been set, using the workaround instructions in the security bulletin in comment 5.
Attachment #601236 -
Flags: review?(jdaggett) → review+
|
|
||
Comment 9•11 years ago
|
||
Try run for 99efe03dcd47 is complete.
Detailed breakdown of the results available here:
https://tbpl.mozilla.org/?tree=Try&rev=99efe03dcd47
Results (out of 49 total builds):
success: 40
warnings: 5
failure: 4
Builds (or logs if builds failed) available at:
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/autolanduser@mozilla.com-99efe03dcd47|
|
||
Updated•11 years ago
|
Whiteboard: [startupcrash] [autoland-in-queue] → [startupcrash]
|
|
Assignee | |
Comment 10•11 years ago
|
||
I also confirmed that the current nightly crashed with t2embed.dll disabled and the patched build did no longer crash in the same condition.
Keywords: checkin-needed
|
||
Comment 11•11 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/33b47f176473
Keywords: checkin-needed
Target Milestone: --- → mozilla13
|
||
Comment 13•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/33b47f176473
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 14•11 years ago
|
||
I see one crash in 13.0a1/20120304: bp-44d76c1e-49f2-4aff-8da8-de9a42120305
|
|
||
Comment 15•11 years ago
|
||
(In reply to Scoobidiver from comment #14) > I see one crash in 13.0a1/20120304: bp-44d76c1e-49f2-4aff-8da8-de9a42120305 Exception code is different. 0C06D007Fh means that GetProcAddress returns NULL.
|
|
Reporter | |
Updated•11 years ago
|
Crash Signature: [@ __delayLoadHelper2] → [@ __delayLoadHelper2]
[@ __delayLoadHelper2 | xul.dll@0x2fb6d0]
Depends on: 731894
You need to log in
before you can comment on or make changes to this bug.
Description
•