Closed Bug 772583 Opened 12 years ago Closed 12 years ago

B2G crash during opening marketplace in gfxFT2LockedFace::XScale

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gwagner, Assigned: jfkthame)

Details

Attachments

(1 file)

backtrace
36.45 KB, text/plain
Details 
Debug-gecko build of github-mc (https://github.com/mozilla-b2g/mozilla-central/commit/d6b79007ddbf1f9a6c5b1de4197947da343f9981) on SGS2 after opening the marketplace. 
The screen shows Communicating with server.
Maybe some memory corruption? aString=0xbeb4f1a8 "Emai\220\266"

Full BT: http://pastebin.mozilla.org/1699718
Joe can you help triage this?
Assignee: nobody → joe
Attached file backtrace 

    
    

    
  
Trying jfkthame :)
Assignee: joe → jfkthame

    
    

    
  
I don't have a B2G environment set up to try and debug this... Seems like the first thing to figure out is how the string "Email" got corrupted, as seen in frame #7 etc:

#7  0x40a4921a in MakeTextRun<unsigned char> (aText=0xbeb4f1a8 "Emai\220\266", aLength=5, aFontGroup=0x1a61a58, aParams=0xbeb4f054, aFlags=17826080) at /Volumes/2mac/sgs/B2G/gecko/layout/generic/nsTextFrameThebes.cpp:534

Whatever stomped on the "l" of "Email" may well have done other damage as well.

A question (perhaps answerable by inspecting stuff in the debugger): was it just the string in the buffer being collected by BuildTextRunsScanner::BuildTextRunForFrames that got corrupted, or had the content already been damaged within the content node's text fragment?

    
    

    
  
If this is a problem with FreeType could it be reproduced in Firefox for Android? But then we don't have the same marketplace there. If this is random memory corruption it might have nothing to do with this code. We really need a reliable testcase.
Keywords: testcase-wanted

    
    

    
  
Gregor, can you reproduce in a desktop b2g build, or even FF?

    
    

    
  
It seems to be fixed. I can't reproduce it on the device any more.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME

    
  
Group: core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: