Closed Bug 875878 Opened 12 years ago Closed 12 years ago

crash in gfxFontEntry::DisconnectSVG

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Version:
24 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla24
Tracking Flags:
Tracking Status
firefox23 --- unaffected
firefox24 --- verified

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

It first showed up in 23.0a1/20130524. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=00b264c7cced&tochange=df526497d949 It's likely a regression from bug 871961. Signature gfxSVGGlyphs::~gfxSVGGlyphs() More Reports Search UUID df7fbc57-93fa-48f8-a9c1-294992130524 Date Processed 2013-05-24 18:07:21 Uptime 1667 Install Age 27.8 minutes since version was first installed. Install Time 2013-05-24 17:39:26 Product Firefox Version 24.0a1 Build ID 20130524050555 Release Channel nightly OS Windows NT OS Version 6.2.9200 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 58 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x6d00a9 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0166, AdapterSubsysID: 18f8103c, AdapterDriverVersion: 9.17.10.2932 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Processor Notes sp-processor07_phx1_mozilla_com_23648:2012; non-integer value of "SecondsSinceLastCrash" EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0166 Total Virtual Memory 4294836224 Available Virtual Memory 3714129920 System Memory Use Percentage 30 Available Page File 13787688960 Available Physical Memory 5877059584 Accessibility Active Frame Module Signature Source 0 xul.dll gfxSVGGlyphs::~gfxSVGGlyphs gfx/thebes/gfxSVGGlyphs.cpp:91 1 xul.dll gfxSVGGlyphs::`scalar deleting destructor' 2 xul.dll gfxFontEntry::DisconnectSVG gfx/thebes/gfxFont.cpp:573 3 xul.dll gfxUserFontSet::UserFontCache::Entry::DisconnectSVG gfx/thebes/gfxUserFontSet.cpp:766 4 xul.dll nsTHashtable<nsBaseHashtableET<nsCStringHashKey,`anonymous namespace'::AutoHasht obj-firefox/dist/include/nsTHashtable.h:486 5 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:714 6 xul.dll nsTHashtable<gfxUserFontSet::UserFontCache::Entry>::EnumerateEntries obj-firefox/dist/include/nsTHashtable.h:237 7 xul.dll gfxUserFontSet::UserFontCache::Flusher::Observe gfx/thebes/gfxUserFontSet.cpp:784 8 xul.dll nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:161 9 xul.dll mozilla::ShutdownXPCOM xpcom/build/nsXPComInit.cpp:579 10 xul.dll ScopedXPCOMStartup::~ScopedXPCOMStartup toolkit/xre/nsAppRunner.cpp:1125 11 xul.dll XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3964 12 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:4151 13 firefox.exe do_main browser/app/nsBrowserApp.cpp:272 14 firefox.exe NS_internal_main browser/app/nsBrowserApp.cpp:632 15 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:105 16 firefox.exe __tmainCRTStartup crtexe.c:552 17 kernel32.dll BaseThreadInitThunk 18 ntdll.dll ntdll.dll@0x5bf39 19 ntdll.dll ntdll.dll@0x5bf0c More reports at: https://crash-stats.mozilla.com/report/list?signature=gfxSVGGlyphs%3A%3A~gfxSVGGlyphs%28%29
More reports also at: https://crash-stats.mozilla.com/report/list?signature=hb_blob_destroy https://crash-stats.mozilla.com/report/list?signature=hb_object_header_t%3A%3Adestroy%28%29 https://crash-stats.mozilla.com/report/list?signature=gfxFontEntry%3A%3ADisconnectSVG%28%29
Crash Signature: [@ gfxSVGGlyphs::~gfxSVGGlyphs()] → [@ gfxSVGGlyphs::~gfxSVGGlyphs()] [@ hb_blob_destroy ] [@ hb_object_header_t::destroy() ] [@ gfxFontEntry::DisconnectSVG() ]
There are about 65 crashes per build so a top crasher.
tracking-firefox24: --- → ?
Keywords: topcrash
Let's use in the summary the first frame common to all signatures.
Crash Signature: [@ gfxSVGGlyphs::~gfxSVGGlyphs()] [@ hb_blob_destroy ] [@ hb_object_header_t::destroy() ] [@ gfxFontEntry::DisconnectSVG() ] → [@ gfxSVGGlyphs::~gfxSVGGlyphs()] [@ hb_blob_destroy ] [@ hb_object_header_t::destroy() ] [@ gfxFontEntry::DisconnectSVG() ] [@ arena_dalloc | je_free | gfxSVGGlyphs::`scalar deleting destructor''(unsigned int) ]
Summary: crash in gfxSVGGlyphs::~gfxSVGGlyphs → crash in gfxFontEntry::DisconnectSVG
This is clearly a regression from bug 871961 part 4, though it's not yet clear to me how it's managing to end up broken. As I'm travelling this weekend, I've backed out the offending patch, which should get rid of the crashes until I have a chance to look into things more closely. Accordingly, I'll re-open bug 871961, and we can close this bug once the backout merges to central. The backout is https://hg.mozilla.org/integration/mozilla-inbound/rev/173700b1c3e9.
Those reports are from the nightly-ux channel; I assume the backout hadn't been merged there yet at the time the nightly-ux build was made. (It's impossible to get a crash under gfxFontEntry::DisconnectSVG on Nightly, because the symbol no longer exists - the backout completely removed that function.)
status-firefox24: affectedfixed
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
No crashes in the crashstats in the last 4 weeks.
Status: RESOLVED → VERIFIED
status-firefox24: fixedverified
A few of these signatures have returned. I filed bug 918340.
You need to log in before you can comment on or make changes to this bug.