Closed
Bug 875878
Opened 11 years ago
Closed 11 years ago
crash in gfxFontEntry::DisconnectSVG
Categories
(Core :: Graphics, defect)
Tracking
()
VERIFIED
FIXED
mozilla24
| Tracking | Status | |
|---|---|---|
| firefox23 | --- | unaffected |
| firefox24 | --- | verified |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It first showed up in 23.0a1/20130524. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=00b264c7cced&tochange=df526497d949 It's likely a regression from bug 871961. Signature gfxSVGGlyphs::~gfxSVGGlyphs() More Reports Search UUID df7fbc57-93fa-48f8-a9c1-294992130524 Date Processed 2013-05-24 18:07:21 Uptime 1667 Install Age 27.8 minutes since version was first installed. Install Time 2013-05-24 17:39:26 Product Firefox Version 24.0a1 Build ID 20130524050555 Release Channel nightly OS Windows NT OS Version 6.2.9200 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 58 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x6d00a9 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0166, AdapterSubsysID: 18f8103c, AdapterDriverVersion: 9.17.10.2932 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Processor Notes sp-processor07_phx1_mozilla_com_23648:2012; non-integer value of "SecondsSinceLastCrash" EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0166 Total Virtual Memory 4294836224 Available Virtual Memory 3714129920 System Memory Use Percentage 30 Available Page File 13787688960 Available Physical Memory 5877059584 Accessibility Active Frame Module Signature Source 0 xul.dll gfxSVGGlyphs::~gfxSVGGlyphs gfx/thebes/gfxSVGGlyphs.cpp:91 1 xul.dll gfxSVGGlyphs::`scalar deleting destructor' 2 xul.dll gfxFontEntry::DisconnectSVG gfx/thebes/gfxFont.cpp:573 3 xul.dll gfxUserFontSet::UserFontCache::Entry::DisconnectSVG gfx/thebes/gfxUserFontSet.cpp:766 4 xul.dll nsTHashtable<nsBaseHashtableET<nsCStringHashKey,`anonymous namespace'::AutoHasht obj-firefox/dist/include/nsTHashtable.h:486 5 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:714 6 xul.dll nsTHashtable<gfxUserFontSet::UserFontCache::Entry>::EnumerateEntries obj-firefox/dist/include/nsTHashtable.h:237 7 xul.dll gfxUserFontSet::UserFontCache::Flusher::Observe gfx/thebes/gfxUserFontSet.cpp:784 8 xul.dll nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:161 9 xul.dll mozilla::ShutdownXPCOM xpcom/build/nsXPComInit.cpp:579 10 xul.dll ScopedXPCOMStartup::~ScopedXPCOMStartup toolkit/xre/nsAppRunner.cpp:1125 11 xul.dll XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3964 12 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:4151 13 firefox.exe do_main browser/app/nsBrowserApp.cpp:272 14 firefox.exe NS_internal_main browser/app/nsBrowserApp.cpp:632 15 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:105 16 firefox.exe __tmainCRTStartup crtexe.c:552 17 kernel32.dll BaseThreadInitThunk 18 ntdll.dll ntdll.dll@0x5bf39 19 ntdll.dll ntdll.dll@0x5bf0c More reports at: https://crash-stats.mozilla.com/report/list?signature=gfxSVGGlyphs%3A%3A~gfxSVGGlyphs%28%29
|
Reporter | |
Comment 1•11 years ago
|
||
More reports also at: https://crash-stats.mozilla.com/report/list?signature=hb_blob_destroy https://crash-stats.mozilla.com/report/list?signature=hb_object_header_t%3A%3Adestroy%28%29 https://crash-stats.mozilla.com/report/list?signature=gfxFontEntry%3A%3ADisconnectSVG%28%29
Crash Signature: [@ gfxSVGGlyphs::~gfxSVGGlyphs()] → [@ gfxSVGGlyphs::~gfxSVGGlyphs()]
[@ hb_blob_destroy ]
[@ hb_object_header_t::destroy() ]
[@ gfxFontEntry::DisconnectSVG() ]
|
|
Reporter | |
Comment 2•11 years ago
|
||
There are about 65 crashes per build so a top crasher.
tracking-firefox24:
--- → ?
Keywords: topcrash
|
|
Reporter | |
Comment 3•11 years ago
|
||
Let's use in the summary the first frame common to all signatures.
Crash Signature: [@ gfxSVGGlyphs::~gfxSVGGlyphs()]
[@ hb_blob_destroy ]
[@ hb_object_header_t::destroy() ]
[@ gfxFontEntry::DisconnectSVG() ] → [@ gfxSVGGlyphs::~gfxSVGGlyphs()]
[@ hb_blob_destroy ]
[@ hb_object_header_t::destroy() ]
[@ gfxFontEntry::DisconnectSVG() ]
[@ arena_dalloc | je_free | gfxSVGGlyphs::`scalar deleting destructor''(unsigned int) ]
Summary: crash in gfxSVGGlyphs::~gfxSVGGlyphs → crash in gfxFontEntry::DisconnectSVG
|
||
Comment 4•11 years ago
|
||
This is clearly a regression from bug 871961 part 4, though it's not yet clear to me how it's managing to end up broken. As I'm travelling this weekend, I've backed out the offending patch, which should get rid of the crashes until I have a chance to look into things more closely. Accordingly, I'll re-open bug 871961, and we can close this bug once the backout merges to central. The backout is https://hg.mozilla.org/integration/mozilla-inbound/rev/173700b1c3e9.
|
|
Reporter | |
Updated•11 years ago
|
|
|
Reporter | |
Comment 5•11 years ago
|
||
Backout on m-c: http://hg.mozilla.org/mozilla-central/rev/173700b1c3e9 Still two crashes in 24.0a1/20130526: bp-35aeab90-3b7a-49bd-884d-9cc4c2130527, bp-1a94ceb4-ef26-4415-b42b-bede22130526.
|
|
||
Comment 6•11 years ago
|
||
Those reports are from the nightly-ux channel; I assume the backout hadn't been merged there yet at the time the nightly-ux build was made. (It's impossible to get a crash under gfxFontEntry::DisconnectSVG on Nightly, because the symbol no longer exists - the backout completely removed that function.)
|
|
Reporter | |
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
|
||
Comment 7•11 years ago
|
||
No crashes in the crashstats in the last 4 weeks.
Status: RESOLVED → VERIFIED
|
||
Comment 8•11 years ago
|
||
A few of these signatures have returned. I filed bug 918340.
You need to log in
before you can comment on or make changes to this bug.
Description
•