1214876 - Crash in [@ AppleIntelHD3000GraphicsGLDriver@0x2fb201]

Status: RESOLVED WONTFIX

(Core :: Graphics: Layers, defect, P3)

Description

[Henrik Skupin [:whimboo][⌚️UTC+1]]

Not sure when Firefox crashed exactly but I was listening to music on deezer.com

Report: bp-40786f4f-f635-47a1-994b-80e4e2151014.

Crash Reason 	EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address 	0x298b4034

Frames:

Ø 0 	AppleIntelHD3000GraphicsGLDriver 	AppleIntelHD3000GraphicsGLDriver@0x2fb201 	
Ø 1 	GLEngine 	GLEngine@0x1d130 	
Ø 2 	OpenGL 	OpenGL@0xcfb9 	
Ø 3 	AppKit 	AppKit@0x332e2a 	
4 	XUL 	XUL@0xb9d718 	
5 	XUL 	mozilla::layers::CompositorOGL::DrawQuad(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::layers::EffectChain const&, float, mozilla::gfx::Matrix4x4 const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) 	gfx/2d/BaseRect.h
6 	XUL 	mozilla::layers::ImageLayerComposite::~ImageLayerComposite() 	xpcom/glue/nsISupportsImpl.h
7 	XUL 	mozilla::layers::ImageHost::Composite(mozilla::layers::LayerComposite*, mozilla::layers::EffectChain&, float, mozilla::gfx::Matrix4x4 const&, mozilla::gfx::Filter const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, nsIntRegion const*) 	gfx/2d/BaseRect.h
8 	XUL 	mozilla::layers::CompositableParent::CompositableParent(mozilla::layers::CompositableParentManager*, mozilla::layers::TextureInfo const&, unsigned long long, mozilla::layers::PImageContainerParent*) 	xpcom/glue/nsISupportsImpl.h
9 	XUL 	std::_Rb_tree<unsigned long long, std::pair<unsigned long long const, mozilla::layers::PCompositableParent*>, std::_Select1st<std::pair<unsigned long long const, mozilla::layers::PCompositableParent*> >, std::less<unsigned long long>, std::allocator<std::pair<unsigned long long const, mozilla::layers::PCompositableParent*> > >::_M_insert_unique(std::pair<unsigned long long const, mozilla::layers::PCompositableParent*> const&) 	/Developer/SDKs/MacOSX10.7.sdk/usr/include/c++/4.2.1/bits/stl_function.h:227
10 	XUL 	MessageLoop::PostTask_Helper(tracked_objects::Location const&, Task*, int, bool) 	/Developer/SDKs/MacOSX10.7.sdk/usr/include/c++/4.2.1/bits/deque.tcc:315
11 	XUL 	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) 	ipc/chromium/src/base/message_loop.cc
12 	XUL 	base::MessagePumpDefault::Run(base::MessagePump::Delegate*) 	ipc/chromium/src/base/message_loop.cc
13 	XUL 	MessageLoop::DeletePendingTasks() 	ipc/chromium/src/base/message_loop.cc
14 	XUL 	XUL@0x3775da 	
15 	XUL 	base::Thread::StartWithOptions(base::Thread::Options const&) 	ipc/chromium/src/base/thread.cc
Ø 16 	libsystem_pthread.dylib 	libsystem_pthread.dylib@0x4059 	
Ø 17 	libsystem_pthread.dylib 	libsystem_pthread.dylib@0x3fd6 	
Ø 18 	libsystem_pthread.dylib 	libsystem_pthread.dylib@0x13ec 	
19 	XUL 	base::Thread::StartWithOptions(base::Thread::Options const&) 	ipc/chromium/src/base/thread.cc

Comment 1

[Andrew McCreight [:mccr8]]

Did this happen more than once? Why did you file this as a security bug?

Comment 2

[Henrik Skupin [:whimboo][⌚️UTC+1]]

I haven't used Deezer the last days with Firefox. So I cannot give an answer in how often it would crash. I filed it as security bug due to the crash address. It's not a null deref and might be exploitable. The security team should decide what to do.

Comment 3

[Sotaro Ikeda [:sotaro]]

Call stack in comment 0 seems not make sense It might not show a correct stack.

Comment 4

[u279076]

This is still being reported in current Release builds at a rate of 3 reports/day on average.

Comment 5

[Milan Sreckovic [:milan] (needinfo for best results)]

I don't think we need to track this for platform-rel anymore.  The volume is quite low.

Comment 6

[Sylvestre Ledru [:Sylvestre]]

Closing because no crash reported since 12 weeks.