Closed Bug 774561 Opened 13 years ago Closed 9 years ago

Stack overflow Crash during reflow [@ gfxFont::RunMetrics::RunMetrics ] | [@ gfxFont::Measure() ]

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Version:
15 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox14 --- unaffected
firefox15 --- affected
firefox16 --- affected

People

(Reporter: bc, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

1. http://dbaron.org/talks/2012-03-11-sxsw/slide-11.xhtml 2. Stack Overflow Debug only, Aurora/15, Nightly/16. Operating system: Windows NT 6.1.7601 Service Pack 1 CPU: x86 GenuineIntel family 6 model 37 stepping 1 1 CPU Crash reason: EXCEPTION_STACK_OVERFLOW Crash address: 0x6719f100 Thread 0 (crashed) 0 xul.dll!gfxFont::RunMetrics::RunMetrics() [gfxFont.h : 1371 + 0x23] eip = 0x6719f100 esp = 0x000b3000 ebp = 0x000b304c ebx = 0x000b4040 esi = 0x00000001 edi = 0x00000000 eax = 0x000b325c ecx = 0x000b302c edx = 0x000b325c efl = 0x00010206 Found by: given as instruction pointer in context 1 xul.dll!gfxFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *) [gfxFont.cpp : 2032 + 0x7] eip = 0x68548fc1 esp = 0x000b3054 ebp = 0x000b32c4 Found by: call frame info 2 xul.dll!gfxGDIFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *) [gfxGDIFont.cpp : 251 + 0x23] eip = 0x68589e1f esp = 0x000b32cc ebp = 0x000b333c Found by: call frame info 3 xul.dll!gfxTextRun::AccumulateMetricsForRun(gfxFont *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxTextRun::PropertyProvider *,unsigned int,unsigned int,gfxFont::RunMetrics *) [gfxFont.cpp : 4775 + 0x56] eip = 0x6854f76a esp = 0x000b3344 ebp = 0x000b4038 Found by: call frame info 4 xul.dll!gfxFont::RunMetrics::CombineWith(gfxFont::RunMetrics const &,bool) [gfxFont.cpp : 1371 + 0x43] eip = 0x68546fb9 esp = 0x000b3364 ebp = 0x000b4038 Found by: stack scanning Operating system: Windows NT 6.1.7601 Service Pack 1 CPU: x86 GenuineIntel family 6 model 37 stepping 1 2 CPUs Crash reason: EXCEPTION_STACK_OVERFLOW Crash address: 0x7094dcf9 Thread 0 (crashed) 0 xul.dll!gfxFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *) [gfxFont.cpp : 2008 + 0x9] eip = 0x7094dcf9 esp = 0x00232fd4 ebp = 0x0023323c ebx = 0x00233fbc esi = 0x00000001 edi = 0x00000000 eax = 0x0023327c ecx = 0x07486730 edx = 0x0747d3d8 efl = 0x00010206 Found by: given as instruction pointer in context 1 xul.dll!gfxGDIFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *) [gfxGDIFont.cpp : 251 + 0x23] eip = 0x7098dbff esp = 0x00233244 ebp = 0x002332b4 Found by: call frame info 2 xul.dll!gfxTextRun::AccumulateMetricsForRun(gfxFont *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxTextRun::PropertyProvider *,unsigned int,unsigned int,gfxFont::RunMetrics *) [gfxFont.cpp : 4754 + 0x56] eip = 0x7095456a esp = 0x002332bc ebp = 0x00233fb0 Found by: call frame info 3 xul.dll!gfxFont::RunMetrics::CombineWith(gfxFont::RunMetrics const &,bool) [gfxFont.cpp : 1370 + 0x43] eip = 0x7094bdd9 esp = 0x002332e4 ebp = 0x00233fb0 Found by: stack scanning 4 xul.dll!gfxTextRun::MeasureText(unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxTextRun::PropertyProvider *) [gfxFont.cpp : 4825 + 0x2b] eip = 0x709547ee esp = 0x00233fb8 ebp = 0x00234060 Found by: call frame info Found regression between 20120515185430-20120516174930 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c00a9c1940c5&tochange=762e95608da3 http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012/05/2012-05-16-mozilla-central-debug/firefox-15.0a1.en-US.debug-win32.installer.exe http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012/05/2012-05-17-mozilla-central-debug/firefox-15.0a1.en-US.debug-win32.installer.exe
Version: Trunk → 15 Branch
PresShell::DoReflow(nsIFrame*, bool) + 581 PresShell::ProcessReflowCommands(bool) + 670 PresShell::FlushPendingNotifications(mozFlushType) + 978 PresShell::DidDoReflow(bool) + 270 PresShell::ProcessReflowCommands(bool) + 764 PresShell::FlushPendingNotifications(mozFlushType) + 978 PresShell::DidDoReflow(bool) + 270 PresShell::ProcessReflowCommands(bool) + 764 PresShell::FlushPendingNotifications(mozFlushType) + 978 ... The URL contains some SVG, and the cycle in the stack above makes me think this might be the same as bug 762987.
Depends on: 762987
> 2. Stack Overflow Debug only On OSX, I can only reproduce in an Opt build.
Crash Signature: [@ gfxFont::RunMetrics::RunMetrics()] [@ gfxFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *)] → [@ gfxFont::RunMetrics::RunMetrics()] [@ gfxFont::Measure(gfxTextRun *,unsigned int,unsigned int,gfxFont::BoundingBoxType,gfxContext *,gfxFont::Spacing *)] [@ gfxFont::RunMetrics::RunMetrics] [@ gfxFont::Measure]
don't crash anymore - marking as works for me
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.