Closed
Bug 1663230
Opened 4 years ago
Closed 4 years ago
Assertion failure: GetGlyphCount() == 0 (Glyph count already set), at src/gfx/thebes/gfxFont.h:914
Categories
(Core :: Graphics: Text, defect, P2)
Core
Graphics: Text
Tracking
()
RESOLVED
FIXED
82 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox-esr78 | --- | unaffected |
| firefox80 | --- | unaffected |
| firefox81 | --- | wontfix |
| firefox82 | --- | fixed |
People
(Reporter: tsmith, Assigned: jfkthame)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
Report from m-c 20200904-b87e987c609c
This seems to require GNOME_ACCESSIBILITY=1
#0 0x7f9c93d049c7 in gfxShapedText::CompressedGlyph::SetGlyphCount(unsigned int) /builds/worker/workspace/obj-build/dist/include/gfxFont.h:914:7
#1 0x7f9c96db28a1 in MergeCharactersInTextRun(gfxTextRun*, gfxTextRun*, bool const*, bool const*) /builds/worker/checkouts/gecko/layout/generic/nsTextRunTransformations.cpp:186:16
#2 0x7f9c96db46cd in nsCaseTransformTextRunFactory::RebuildTextRun(nsTransformedTextRun*, mozilla::gfx::DrawTarget*, gfxMissingFontRecorder*) /builds/worker/checkouts/gecko/layout/generic/nsTextRunTransformations.cpp:864:5
#3 0x7f9c96d8ecf4 in FinishSettingProperties /builds/worker/checkouts/gecko/layout/generic/nsTextRunTransformations.h:163:17
#4 0x7f9c96d8ecf4 in BuildTextRunsScanner::BreakSink::Finish(gfxMissingFontRecorder*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1107:29
#5 0x7f9c96d8eb22 in BuildTextRunsScanner::FlushLineBreaks(gfxTextRun*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1679:21
#6 0x7f9c96d8bd5e in BuildTextRunsScanner::FlushFrames(bool, bool) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1654:5
#7 0x7f9c96d928e2 in BuildTextRuns /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:1573:11
#8 0x7f9c96d928e2 in nsTextFrame::EnsureTextRun(nsTextFrame::TextRunType, mozilla::gfx::DrawTarget*, nsIFrame*, nsLineList_iterator const*, unsigned int*) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:2990:7
#9 0x7f9c96d98657 in nsTextFrame::GetRenderedText(unsigned int, unsigned int, nsIFrame::TextOffsetType, nsIFrame::TrailingWhitespace) /builds/worker/checkouts/gecko/layout/generic/nsTextFrame.cpp:9783:20
#10 0x7f9c97c2136c in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) /builds/worker/checkouts/gecko/accessible/base/NotificationController.cpp:678:46
#11 0x7f9c96b2d1da in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2051:12
#12 0x7f9c96b34bd1 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:372:13
#13 0x7f9c96b34bd1 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:351:7
#14 0x7f9c96b34abc in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:366:5
#15 0x7f9c96b3a2c8 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:818:5
#16 0x7f9c96b3a2c8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:736:16
#17 0x7f9c96b39bc1 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:638:7
#18 0x7f9c96b32e3d in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:537:20
#19 0x7f9c9237d4df in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:242:16
#20 0x7f9c9237b55a in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:512:26
#21 0x7f9c9237a6b4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:371:15
#22 0x7f9c9237a867 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:168:36
#23 0x7f9c92382216 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:83:37
#24 0x7f9c92382216 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
#25 0x7f9c9239561f in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1234:14
#26 0x7f9c9239afca in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:513:10
#27 0x7f9c92c92ff6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
#28 0x7f9c92c05c13 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#29 0x7f9c92c05b2d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#30 0x7f9c92c05b2d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#31 0x7f9c96897338 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#32 0x7f9c9806e543 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:913:20
#33 0x7f9c92c93db9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
#34 0x7f9c92c05c13 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#35 0x7f9c92c05b2d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#36 0x7f9c92c05b2d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#37 0x7f9c9806e128 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:744:34
#38 0x557ea3623957 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#39 0x557ea3623957 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:303:18
Flags: in-testsuite?
|
Assignee | |
Comment 1•4 years ago
|
||
This is a regression from bug 1655364. In theory, at least, it looks like it could result in incorrect data (a bad glyphCount) in the CompressedGlyph record, which in turn could result in an out-of-bounds read when trying to use the associated DetailedGlyph.
|
||
Updated•4 years ago
|
Has Regression Range: --- → yes
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
||
Updated•4 years ago
|
Assignee: nobody → jfkthame
Status: NEW → ASSIGNED
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7d9605776375
Ensure MergeCharactersInTextRun clears the old glyph record before storing new details; also prefer simple glyph storage where possible. r=heycam
|
||
Updated•4 years ago
|
Keywords: regression
|
||
Comment 4•4 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
|
||
Updated•4 years ago
|
status-firefox80:
--- → unaffected
status-firefox-esr68:
--- → unaffected
status-firefox-esr78:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•