Last Comment Bug 780392 - crash in _moz_cairo_set_scaled_font
: crash in _moz_cairo_set_scaled_font
Status: RESOLVED FIXED
: crash, regression, topcrash
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: 17 Branch
: All Windows 7
: -- critical (vote)
: mozilla17
Assigned To: Nick Cameron [:nrc]
: Ioana (away)
: Milan Sreckovic [:milan]
Mentors:
Depends on:
Blocks: 764125 773460
  Show dependency treegraph
 
Reported: 2012-08-04 08:22 PDT by Alice0775 White
Modified: 2014-01-10 10:40 PST (History)
10 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
verified


Attachments
patch (7.73 KB, patch)
2012-08-07 15:32 PDT, Nick Cameron [:nrc]
bas: review+
Details | Diff | Splinter Review
crashtest (1.01 KB, patch)
2012-08-07 15:32 PDT, Nick Cameron [:nrc]
bas: review+
Details | Diff | Splinter Review

Description Alice0775 White 2012-08-04 08:22:53 PDT
This bug was filed from the Socorro interface and is 
report bp-012d1313-00e3-4f66-9292-fa2c92120804 .
============================================================= 
Build Identifier:
http://hg.mozilla.org/mozilla-central/rev/20fc34efd733
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120804030551


Crash when I Zoom in Google Maps with MapsGL enabled

Steps to Reproduce:
1. Create clean profile
2. Open http://maps.google.com
3. Enable MapsGL
4. Zoom in with mouse wheel and repeat Step 4

Actual Results:
 Browser crashes.

Expected Results:
  No crash


Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/73b3b3f828b0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120803042624
Bad:
http://hg.mozilla.org/mozilla-central/rev/62d4f0efe485
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120803073024
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=73b3b3f828b0&tochange=62d4f0efe485


Regression window(m-c)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/3a17236e9084
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120802142137
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/032ba64ab1f1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120802150336
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=3a17236e9084&tochange=032ba64ab1f1


Suspected: 032ba64ab1f1	Nicholas Cameron — Bug 773460. Pref on Azure/Cairo for Windows. r=roc


Graphics
Adapter Description : ATI Radeon HD 4300/4500 Series
Vendor ID: 0x1002
Device ID: 0x954f
Adapter RAM: 512
Adapter Drivers: aticfx64 aticfx64 aticfx32 aticfx32 atiumd64 atidxx64 atiumdag atidxx32 atiumdva atiumd6a atitmm64
Driver Version: 8.970.100.3000
Driver Date: 7-3-2012
Direct2D Enabled: true
DirectWrite Enabled: true (6.1.7601.17789)
ClearType Parameters: Gamma: 2200 Pixel Structure: RGB ClearType Level: 50 Enhanced Contrast: 50 
WebGL Renderer: Google Inc. -- ANGLE (ATI Radeon HD 4300/4500 Series) -- OpenGL ES 2.0 (ANGLE 1.0.0.1041)
GPU Accelerated Windows: 1/1 Direct3D 10
AzureBackend: direct2d
Comment 1 Alice0775 White 2012-08-04 08:41:48 PDT
Regression window with  force set gfx.canvas.azure.backends to "direct2d,cairo".

Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/8b96a33ecbd2
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726215017
Bad:
http://hg.mozilla.org/mozilla-central/rev/399aff2fb74f
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120727015618
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8b96a33ecbd2&tochange=399aff2fb74f



Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/992e4d25689a
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726113920
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/c5125dde4bbf
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726115658
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=992e4d25689a&tochange=c5125dde4bbf
Comment 2 Alice0775 White 2012-08-04 09:08:12 PDT
Probably it is regressed by Bug 764125
Comment 3 Scoobidiver (away) 2012-08-05 05:52:31 PDT
It's #9 top browser crasher over the last 3 days.
Comment 4 Nick Cameron [:nrc] 2012-08-05 12:07:37 PDT
First go at debugging this, I didn't get to the reported crash, just turning MapsGL on caused a crash deep in the stack, our last call was GLContext::raw_fDrawArrays. This happened with all the Azure backends and the Thebes canvas (not surprising that that doesn't make any difference since MapsGL uses WebGL canvas). Will see if I can get further.
Comment 5 Nick Cameron [:nrc] 2012-08-06 21:10:14 PDT
When following the STR, I crash mostly in TypeObject::maybeGetProperty and sometimes in _cairo_gstate_save. If the latter then there are Azure/Cairo text rendering calls further up the callstack, so it might be a variation on this crash. The former gives me a suspicious stack, so I think that may be incorrectly reported. In both cases the crash is caused by "Access violation reading location 0x41300004".
Comment 6 Nick Cameron [:nrc] 2012-08-06 22:48:19 PDT
Found it: bad cast in DrawTargetCairo, it's non-trivial to fix, but hopefully not too bad.
Comment 7 Nick Cameron [:nrc] 2012-08-07 15:32:07 PDT
Created attachment 649835 [details] [diff] [review]
patch
Comment 8 Nick Cameron [:nrc] 2012-08-07 15:32:52 PDT
Created attachment 649836 [details] [diff] [review]
crashtest
Comment 9 Nick Cameron [:nrc] 2012-08-07 23:32:11 PDT
test works: https://tbpl.mozilla.org/?tree=Try&rev=02afbe2ff07a
Comment 12 Philip Chee 2012-08-10 03:33:52 PDT
I'm getting this:
c:\t1\hg\comm-central\mozilla\gfx\2d\ScaledFontDWrite.h(36) : error C2065: 'nullptr' : undeclared identifier

Hg Blame points me to:
https://hg.mozilla.org/mozilla-central/rev/bedac566fd5a#l5.42
Comment 13 Nick Cameron [:nrc] 2012-08-10 14:47:58 PDT
Hi Philip, I assume you are trying to build using a compiler that does not support C++11 nullptr? gfx::2d does not include many of the standard Mozilla headers, so is missing our macros to support nullptr as a macro. I have filed a bug to fix this (bug 781943). You could also fix this for yourself by upgrading your compiler (probably).
Comment 14 Philip Chee 2012-08-10 22:08:53 PDT
Hi Nick I'm using Visual Studio 2008 SP1, thanks for the update.
Comment 16 Tracy Walker [:tracy] 2014-01-10 10:40:53 PST
mass remove verifyme requests greater than 4 months old

Note You need to log in before you can comment on or make changes to this bug.