Crash in [@ nsTHashtable<T>::PutEntry | nsPresContext::ReportBlockedFontFamilyName]
Categories
(Core :: Layout: Text and Fonts, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox94 | --- | wontfix |
firefox95 | --- | wontfix |
firefox96 | --- | wontfix |
People
(Reporter: gsvelto, Unassigned)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
(deleted),
text/plain
|
Details |
Crash report: https://crash-stats.mozilla.org/report/index/33852b98-6f20-4699-b12b-197030211109
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsTHashtable<nsCStringHashKey>::PutEntry xpcom/ds/nsTHashtable.h:306
1 xul.dll nsPresContext::ReportBlockedFontFamilyName layout/base/nsPresContext.cpp:841
2 xul.dll nsPresContext::ReportBlockedFontFamily layout/base/nsPresContext.cpp:855
3 xul.dll gfxPlatformFontList::FindAndAddFamilies gfx/thebes/gfxPlatformFontList.cpp:1437
4 xul.dll gfxDWriteFontList::FindAndAddFamilies gfx/thebes/gfxDWriteFontList.cpp:2017
5 xul.dll gfxFontGroup::BuildFontList gfx/thebes/gfxTextRun.cpp:1875
6 xul.dll gfxFontGroup::UpdateUserFonts gfx/thebes/gfxTextRun.cpp:3602
7 xul.dll mozilla::dom::CanvasBidiProcessor::SetText dom/canvas/CanvasRenderingContext2D.cpp:3506
8 xul.dll static nsBidiPresUtils::ProcessText layout/base/nsBidiPresUtils.cpp:2227
9 xul.dll mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText dom/canvas/CanvasRenderingContext2D.cpp:3874
This is an odd crash. It's only captured by the Windows Error Reporting interceptor but it should be captured by Breakpad. I suspect it's not because the exception handler cannot unwind the stack for some reason. Either way this seems to be affecting Facebook games, there's three comments mentioning them and two crashes pointing at this page:
Reporter | ||
Comment 1•3 years ago
|
||
Correction: the majority of these crashes are caught by WER but others were caught by the regular exception handler. They also affect older versions of Windows.
Reporter | ||
Comment 2•3 years ago
|
||
This is a related signature, also happening on Facebook and it's an OOM, but 32-bit only. I wonder if the main signature is also an OOM-ish issue even though it's not explicitly flagged as such.
Reporter | ||
Comment 3•3 years ago
|
||
Comment 4•3 years ago
|
||
jfkthame, looks like this is something to do with management of nsTHashSet<nsCString> mBlockedFonts
, added in bug 1715537 just to manage some logging. Mind taking a look?
(I don't know a ton about our hashtable internals, but it looks like PLDHashTable::mOps
is a pointer to a struct that represents the vtable for whatever category of hash table we're using. So if it's null, we're definitely going to crash. I'm not sure how mOps ends up null here, though.)
Updated•3 years ago
|
Comment 5•3 years ago
|
||
(Given how simple the management/lifetime of mBlockedFonts
is, it's hard to see how it would end up getting its mOps
cleared. So it seems possible that this is really something higher-up getting clobbered, like e.g. maybe the whole document has been torn down when we get this notification, somehow, and our mBlockedFonts
instance is just garbage at that point.)
Comment 6•3 years ago
|
||
The substantially-older bug 1669191 has a similar backtrace (UpdateUserFonts
calling BuildFontList
and then crashing/aborting in hashtable manipulation -- though presumably for a different hashtable, given that that bug was filed before mBlockedFonts
was added). I wonder if there's a connection.
[EDIT: The bugs are probably unrelated; per bug 1669191 comment 4, that bug seems to be an OOM, whereas this one here does not seem to be.]
Updated•3 years ago
|
Comment 7•3 years ago
|
||
Set release status flags based on info from the regressing bug 1715537
Updated•3 years ago
|
Comment 8•3 years ago
|
||
jfkthame, just wanted to be sure this is on your radar. (Looks like this has reduced to be pretty low-volume, fortunately...)
Updated•3 years ago
|
Updated•3 years ago
|
Comment 9•3 years ago
|
||
I don't currently have any ideas here beyond what comment 5 suggests... seems like something has clobbered the mBlockedFonts hashtable, but it's hard to see what it could be.
Comment 10•3 years ago
|
||
Jonathan, since this seems to be low volume now, should it be S3?
Comment 11•3 years ago
|
||
I think that makes sense. Still no real ideas how to proceed here, but the volume seems to be staying low.
Comment 12•2 years ago
|
||
Closing because no crashes reported for 12 weeks.
Description
•