Closed Bug 798826 Opened 7 years ago Closed 7 years ago

crash in gfxFT2FontList::FindFonts @ mozilla::scache::StartupCache::WaitOnWriteThread

Categories

(Core :: Graphics: Text, defect, critical)

18 Branch
ARM
Android
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla19
Tracking Status
firefox17 --- unaffected
firefox18 + fixed
firefox19 + fixed
fennec 18+ ---

People

(Reporter: scoobidiver, Assigned: blassey)

Details

(Keywords: crash, regression, topcrash, Whiteboard: [native-crash][startupcrash][blocking-webrtandroid1+])

Crash Data

Attachments

(1 file)

It first appeared in 18.0a1/20121004. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=635fcc11d2b1&tochange=4cb8f88213f5
It's either a regression from bug 785291 or bug 619521.

Signature 	mozilla::scache::StartupCache::WaitOnWriteThread More Reports Search
UUID	146bf991-3115-4421-9001-734b62121006
Date Processed	2012-10-06 15:11:38
Uptime	1
Install Age	20.3 minutes since version was first installed.
Install Time	2012-10-06 14:51:11
Product	FennecAndroid
Version	18.0a1
Build ID	20121006030534
Release Channel	nightly
OS	Android
OS Version	0.0.0 Linux 2.6.35.10-g53a84f9 #1 PREEMPT Tue Mar 20 20:51:53 CST 2012 armv7l htc_wwe/htc_vision/vision:2.3.3/GRI40/192788.4:user/release-keys
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x38
App Notes 	
HTC HTC Vision
htc_wwe/htc_vision/vision:2.3.3/GRI40/192788.4:user/release-keys
Processor Notes 	WARNING: JSON file missing Add-ons
EMCheckCompatibility	False
Device	HTC HTC Vision
Android API Version	10 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	libxul.so 	mozilla::scache::StartupCache::WaitOnWriteThread 	StartupCache.cpp:484
1 	libxul.so 	mozilla::scache::StartupCache::GetBuffer 	StartupCache.cpp:291
2 	libxul.so 	ExtractFontsFromJar 	gfxFT2FontList.cpp:917
3 	libxul.so 	gfxFT2FontList::FindFonts 	gfxFT2FontList.cpp:1080
4 	libxul.so 	gfxFT2FontList::InitFontList 	gfxFT2FontList.cpp:1214
5 	libxul.so 	gfxAndroidPlatform::CreatePlatformFontList 	gfxAndroidPlatform.cpp:114
6 	libxul.so 	gfxPlatform::Init 	gfxPlatformFontList.h:92
7 	libxul.so 	gfxPlatform::GetPlatform 	gfxPlatform.cpp:239
8 	libxul.so 	mozilla::dom::AzureCanvasEnabled 	nsCanvasRenderingContext2DAzure.cpp:557
9 	libxul.so 	nsDOMClassInfo::Init 	nsDOMClassInfo.cpp:4556
10 	libxul.so 	NS_GetDOMClassInfoInstance 	nsDOMClassInfo.cpp:5137
11 	libxul.so 	nsGlobalChromeWindow::QueryInterface 	nsGlobalWindow.cpp:10782
12 	libxul.so 	nsQueryInterface::operator 	nsCOMPtr.cpp:14
13 	libxul.so 	nsCOMPtr_base::assign_from_qi 	nsCOMPtr.cpp:56
14 	libxul.so 	xpcObjectHelper::GetClassInfo 	nsCOMPtr.h:640
15 	libxul.so 	XPCWrappedNative::WrapNewGlobal 	XPCWrappedNative.cpp:302
16 	libxul.so 	nsXPConnect::InitClassesWithNewWrappedGlobal 	nsXPConnect.cpp:1169
17 	libxul.so 	nsGlobalWindow::SetNewDocument 	nsGlobalWindow.cpp:1732
18 	libxul.so 	DocumentViewerImpl::InitInternal 	nsDocumentViewer.cpp:927
19 	libxul.so 	DocumentViewerImpl::Init 	nsDocumentViewer.cpp:677
20 	libxul.so 	nsDocShell::SetupNewViewer 	nsDocShell.cpp:8015 
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Ascache%3A%3AStartupCache%3A%3AWaitOnWriteThread
Crash Signature: [@ mozilla::scache::StartupCache::WaitOnWriteThread] → [@ mozilla::scache::StartupCache::WaitOnWriteThread] [@ mozilla::scache::StartupCache::WaitOnWriteThread()]
There's a spike in crashes from 18.0a2/20121018 and 19.0a1/20121018. Is it a new regression or a consequence of this blog post: https://blog.mozilla.org/futurereleases/2012/10/18/firefox-marketplace-aurora-release-2/?
tracking-fennec: --- → ?
Keywords: topcrash
Crash Signature: [@ mozilla::scache::StartupCache::WaitOnWriteThread] [@ mozilla::scache::StartupCache::WaitOnWriteThread()] → [@ mozilla::scache::StartupCache::WaitOnWriteThread] [@ mozilla::scache::StartupCache::WaitOnWriteThread() ]
bp-94876184-85f7-4a27-9760-c718f2121022

STR:

i) Install Nightly (10-22)
ii) Install Thesaurus (https://marketplace.mozilla.org/app/thesaurus/?src=mkt-search)
iii) Launch Thesaurus
Keywords: reproducible
blassey, does this FreeType crash look like fallout from APK font bug 785291? This is the #1 topcrash on Aurora 18 for Android.
Tracking, as it is a top crasher( #1) and passing on to blassey as it could be a fallout form bug 785291 .
Assignee: nobody → blassey.bugs
Whiteboard: [native-crash][startupcrash] → [native-crash][startupcrash][blocking-webrtandroid1+]
tracking-fennec: ? → 18+
(In reply to Aaron Train [:aaronmt] from comment #2)
> bp-94876184-85f7-4a27-9760-c718f2121022
> 
> STR:
> 
> i) Install Nightly (10-22)
> ii) Install Thesaurus
> (https://marketplace.mozilla.org/app/thesaurus/?src=mkt-search)
> iii) Launch Thesaurus

I've tried these steps on the latest nightly and can't reproduce. Is there something that's missing. If you can reproduce it it would be nice to check if bug 785291 is the regression which was what I was trying to verify.
Flags: needinfo?(aaron.train)
I too am unable to reproduce with the steps I posted in comment #2 with Nightly (10/31).
Flags: needinfo?(aaron.train)
Keywords: reproducible
qawanted and steps-wanted for STR
Attached patch speculative fixSplinter Review
bug 640968 implies that it is possible for the cache singleton to be null in some cases, so let's check for that.

If the cache is null, we will just extract the fonts from the apk, which is the same behavior we have if getting the data from the cache fails.
Attachment #677381 - Flags: review?(jfkthame)
Comment on attachment 677381 [details] [diff] [review]
speculative fix

Review of attachment 677381 [details] [diff] [review]:
-----------------------------------------------------------------

Looks reasonable to me; let's do this and see what effect it has on the stats.
Attachment #677381 - Flags: review?(jfkthame) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/4d8717e04a99

hopefully this makes central in time for the next nightly. If the crashes don't go away, please reopen.
https://hg.mozilla.org/mozilla-central/rev/4d8717e04a99
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Comment on attachment 677381 [details] [diff] [review]
speculative fix

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: 
Testing completed (on m-c, etc.): 
Risk to taking this patch (and alternatives if risky): 
String or UUID changes made by this patch:
Attachment #677381 - Flags: approval-mozilla-aurora?
Comment on attachment 677381 [details] [diff] [review]
speculative fix

[Triage Comment]
Patch looks like it has very little chance of regression since it's basically a null check. Approving for Aurora 18.
Attachment #677381 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
last crash signature in crash-stats has the 20121101030705 build id, so no crashes in the 3 days since the patch landed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.