Closed
Bug 1217191
Opened 9 years ago
Closed 9 years ago
crash in mozilla::dom::HTMLCanvasElement::OnVisibilityChange
Categories
(Core :: Graphics: Canvas2D, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1214571
Tracking | Status | |
---|---|---|
firefox43 | --- | unaffected |
firefox44 | - | affected |
People
(Reporter: u279076, Unassigned)
References
Details
(Keywords: crash, regression, topcrash-win)
Crash Data
[Tracking Requested - why for this release]: topcrash regression This bug was filed from the Socorro interface and is report bp-8d2fb4ad-6e0b-4bcf-8d12-720722151017. ============================================================= 0 xul.dll mozilla::dom::HTMLCanvasElement::OnVisibilityChange() dom/html/HTMLCanvasElement.cpp 1 xul.dll mozilla::dom::HTMLCanvasElementObserver::HandleEvent(nsIDOMEvent*) dom/html/HTMLCanvasElement.cpp 2 xul.dll mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) dom/events/EventListenerManager.cpp 3 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) dom/events/EventDispatcher.cpp 4 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) dom/events/EventDispatcher.cpp 5 xul.dll mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) dom/events/EventDispatcher.cpp 6 xul.dll mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) dom/events/EventDispatcher.cpp 7 xul.dll nsINode::DispatchEvent(nsIDOMEvent*, bool*) dom/base/nsINode.cpp 8 xul.dll nsContentUtils::DispatchEvent(nsIDocument*, nsISupports*, nsAString_internal const&, bool, bool, bool, bool*, bool) dom/base/nsContentUtils.cpp 9 xul.dll nsDocument::UpdateVisibilityState() dom/base/nsDocument.cpp 10 xul.dll nsDocument::OnPageHide(bool, mozilla::dom::EventTarget*) dom/base/nsDocument.cpp 11 xul.dll nsDocumentViewer::PageHide(bool) layout/base/nsDocumentViewer.cpp 12 xul.dll nsDocShell::FirePageHideNotification(bool) docshell/base/nsDocShell.cpp 13 xul.dll nsDocShell::CreateContentViewer(nsACString_internal const&, nsIRequest*, nsIStreamListener**) docshell/base/nsDocShell.cpp 14 xul.dll nsDSURIContentListener::DoContent(nsACString_internal const&, bool, nsIRequest*, nsIStreamListener**, bool*) docshell/base/nsDSURIContentListener.cpp 15 xul.dll nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*, nsIChannel*) uriloader/base/nsURILoader.cpp 16 xul.dll nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*) uriloader/base/nsURILoader.cpp 17 xul.dll nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) uriloader/base/nsURILoader.cpp 18 xul.dll mozilla::net::HttpChannelChild::DoOnStartRequest(nsIRequest*, nsISupports*) netwerk/protocol/http/HttpChannelChild.cpp 19 xul.dll mozilla::net::HttpChannelChild::OnStartRequest(nsresult const&, mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, bool const&, bool const&, unsigned int const&, nsCString const&, nsCString const&, mozilla::net::NetAddr const&, mozilla::net::NetAddr const&, unsigned int const&) netwerk/protocol/http/HttpChannelChild.cpp 20 xul.dll mozilla::net::HttpChannelChild::RecvOnStartRequest(nsresult const&, mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, bool const&, bool const&, unsigned int const&, nsCString const&, nsCString const&, mozilla::net::NetAddr const&, mozilla::net::NetAddr const&, short const&, unsigned int const&) netwerk/protocol/http/HttpChannelChild.cpp 21 xul.dll mozilla::net::PHttpChannelChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PHttpChannelChild.cpp 22 xul.dll mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) obj-firefox/ipc/ipdl/PContentChild.cpp 23 xul.dll mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp 24 xul.dll mozilla::ipc::MessageChannel::DispatchMessageW(IPC::Message const&) ipc/glue/MessageChannel.cpp 25 xul.dll mozilla::ipc::MessageChannel::OnMaybeDequeueOne() ipc/glue/MessageChannel.cpp 26 xul.dll RunnableMethod<mozilla::ipc::MessageChannel, void ( mozilla::ipc::MessageChannel::*)(void), Tuple0>::Run() ipc/chromium/src/base/task.h 27 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 28 xul.dll mozilla::ipc::DoWorkRunnable::Run() ipc/glue/MessagePump.cpp 29 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 30 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 31 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 32 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 33 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 34 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp 35 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 36 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp 37 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 38 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 39 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 40 xul.dll XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp 41 plugin-container.exe wmain toolkit/xre/nsWindowsWMain.cpp 42 plugin-container.exe __tmainCRTStartup f:/dd/vctools/crt/crtw32/startup/crt0.c:255 43 kernel32.dll BaseThreadInitThunk 44 ntdll.dll RtlUserThreadStart 45 kernel32.dll BasepReportFault 46 kernel32.dll BasepReportFault ============================================================= More reports: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=mozilla%3A%3Adom%3A%3AHTMLCanvasElement%3A%3AOnVisibilityChange This is a new crash starting with Firefox 44.0a1 20151012030612 and currently ranks #8 with 1.59% of all Nightly crashes. Most of these report a memory address of 0x5a5a5a5e or 0xffffffffffffffff. 96.9% report on Windows (XP through 10) vs 3.1% on Linux 21.5% report as HIGH exploitibility vs 78.5% as LOW exploitibility Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b68eab795f9de072bee12821b0f09422e5aa0da9&tochange=0b69d304f861d0038fb78f1d52b0f5d13ef7c6fe
Based on the pushlog I'm guessing this was caused by bug 709490, Morris?
Updated•9 years ago
|
Group: core-security → dom-core-security
(In reply to Morris Tseng [:mtseng] from comment #2) > This should be fixed in bug 1214571. Thanks!
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: dom-core-security
No need to track this as it's a dup and bug 1214571 is tracked for FF44.
You need to log in
before you can comment on or make changes to this bug.
Description
•