crash in _moz_cairo_set_scaled_font

RESOLVED FIXED in Firefox 17

Status

()

Core
Graphics
--
critical
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: Alice0775 White, Assigned: nrc)

Tracking

({crash, regression, topcrash})

17 Branch
mozilla17
All
Windows 7
crash, regression, topcrash
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox17+ verified)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
This bug was filed from the Socorro interface and is 
report bp-012d1313-00e3-4f66-9292-fa2c92120804 .
============================================================= 
Build Identifier:
http://hg.mozilla.org/mozilla-central/rev/20fc34efd733
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120804030551


Crash when I Zoom in Google Maps with MapsGL enabled

Steps to Reproduce:
1. Create clean profile
2. Open http://maps.google.com
3. Enable MapsGL
4. Zoom in with mouse wheel and repeat Step 4

Actual Results:
 Browser crashes.

Expected Results:
  No crash


Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/73b3b3f828b0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120803042624
Bad:
http://hg.mozilla.org/mozilla-central/rev/62d4f0efe485
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120803073024
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=73b3b3f828b0&tochange=62d4f0efe485


Regression window(m-c)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/3a17236e9084
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120802142137
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/032ba64ab1f1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120802150336
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=3a17236e9084&tochange=032ba64ab1f1


Suspected: 032ba64ab1f1	Nicholas Cameron — Bug 773460. Pref on Azure/Cairo for Windows. r=roc


Graphics
Adapter Description : ATI Radeon HD 4300/4500 Series
Vendor ID: 0x1002
Device ID: 0x954f
Adapter RAM: 512
Adapter Drivers: aticfx64 aticfx64 aticfx32 aticfx32 atiumd64 atidxx64 atiumdag atidxx32 atiumdva atiumd6a atitmm64
Driver Version: 8.970.100.3000
Driver Date: 7-3-2012
Direct2D Enabled: true
DirectWrite Enabled: true (6.1.7601.17789)
ClearType Parameters: Gamma: 2200 Pixel Structure: RGB ClearType Level: 50 Enhanced Contrast: 50 
WebGL Renderer: Google Inc. -- ANGLE (ATI Radeon HD 4300/4500 Series) -- OpenGL ES 2.0 (ANGLE 1.0.0.1041)
GPU Accelerated Windows: 1/1 Direct3D 10
AzureBackend: direct2d
(Reporter)

Comment 1

5 years ago
Regression window with  force set gfx.canvas.azure.backends to "direct2d,cairo".

Regression window(m-c)
Good:
http://hg.mozilla.org/mozilla-central/rev/8b96a33ecbd2
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726215017
Bad:
http://hg.mozilla.org/mozilla-central/rev/399aff2fb74f
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120727015618
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8b96a33ecbd2&tochange=399aff2fb74f



Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/992e4d25689a
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726113920
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/c5125dde4bbf
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120726115658
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=992e4d25689a&tochange=c5125dde4bbf
(Reporter)

Comment 2

5 years ago
Probably it is regressed by Bug 764125
Blocks: 764125

Updated

5 years ago
Crash Signature: [@ _moz_cairo_set_scaled_font] → [@ _moz_cairo_set_scaled_font] [@ moz_cairo_set_scaled_font]
Hardware: x86 → All

Comment 3

5 years ago
It's #9 top browser crasher over the last 3 days.
tracking-firefox17: --- → ?
Keywords: topcrash
(Assignee)

Comment 4

5 years ago
First go at debugging this, I didn't get to the reported crash, just turning MapsGL on caused a crash deep in the stack, our last call was GLContext::raw_fDrawArrays. This happened with all the Azure backends and the Thebes canvas (not surprising that that doesn't make any difference since MapsGL uses WebGL canvas). Will see if I can get further.
Assignee: nobody → ncameron
(Assignee)

Comment 5

5 years ago
When following the STR, I crash mostly in TypeObject::maybeGetProperty and sometimes in _cairo_gstate_save. If the latter then there are Azure/Cairo text rendering calls further up the callstack, so it might be a variation on this crash. The former gives me a suspicious stack, so I think that may be incorrectly reported. In both cases the crash is caused by "Access violation reading location 0x41300004".
(Assignee)

Comment 6

5 years ago
Found it: bad cast in DrawTargetCairo, it's non-trivial to fix, but hopefully not too bad.
(Assignee)

Comment 7

5 years ago
Created attachment 649835 [details] [diff] [review]
patch
Attachment #649835 - Flags: review?(bas.schouten)
(Assignee)

Comment 8

5 years ago
Created attachment 649836 [details] [diff] [review]
crashtest
Attachment #649836 - Flags: review?(bas.schouten)
Attachment #649835 - Flags: review?(bas.schouten) → review+
Attachment #649836 - Flags: review?(bas.schouten) → review+
(Assignee)

Comment 9

5 years ago
test works: https://tbpl.mozilla.org/?tree=Try&rev=02afbe2ff07a
status-firefox17: --- → affected
tracking-firefox17: ? → +
(Assignee)

Comment 10

5 years ago
https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=309786fce827
https://hg.mozilla.org/mozilla-central/rev/8a736f13c5f8
https://hg.mozilla.org/mozilla-central/rev/bedac566fd5a
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17

Updated

5 years ago
status-firefox17: affected → fixed

Comment 12

5 years ago
I'm getting this:
c:\t1\hg\comm-central\mozilla\gfx\2d\ScaledFontDWrite.h(36) : error C2065: 'nullptr' : undeclared identifier

Hg Blame points me to:
https://hg.mozilla.org/mozilla-central/rev/bedac566fd5a#l5.42
(Assignee)

Comment 13

5 years ago
Hi Philip, I assume you are trying to build using a compiler that does not support C++11 nullptr? gfx::2d does not include many of the standard Mozilla headers, so is missing our macros to support nullptr as a macro. I have filed a bug to fix this (bug 781943). You could also fix this for yourself by upgrading your compiler (probably).

Comment 14

5 years ago
Hi Nick I'm using Visual Studio 2008 SP1, thanks for the update.
Depends on: 782045

Updated

5 years ago
No longer depends on: 782045
Keywords: verifyme

Comment 15

5 years ago
There are no crashes associated to this bug on builds post-fix:
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=moz_cairo_set_scaled_font&reason_type=contains&date=10%2F17%2F2012%2012%3A51%3A30&range_value=4&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=moz_cairo_set_scaled_font

https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=moz_cairo_set_scaled_font&reason_type=contains&date=10%2F17%2F2012%2012%3A51%3A30&range_value=4&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=_moz_cairo_set_scaled_font

The test for this bug passes on all OSs (content/canvas/crashtests/780392-1.html	):
https://tbpl.mozilla.org/php/getParsedLog.php?id=16181686&full=1&branch=mozilla-beta
https://tbpl.mozilla.org/php/getParsedLog.php?id=16188063&full=1&branch=mozilla-beta
https://tbpl.mozilla.org/php/getParsedLog.php?id=16176393&full=1&branch=mozilla-beta
https://tbpl.mozilla.org/php/getParsedLog.php?id=16181686&full=1&branch=mozilla-beta
status-firefox17: fixed → verified

Updated

5 years ago
QA Contact: ioana.budnar
mass remove verifyme requests greater than 4 months old
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.