Closed Bug 1270797 Opened 8 years ago Closed 8 years ago

Crash due to stack overflow in ComputeEffectiveTransformsForChildren

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
Unspecified
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: cbook, Assigned: mattwoodrow)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

bughunter stack
400.41 KB, text/plain
Details
double-blend-container
12.08 KB, patch
mstange
: review+
Details | Diff | Splinter Review 
Found via bughunter and reproduced on a windows 7 debug build as well as on a nightly opt build based on m-c tip also on mac

Steps to reproduce: 
--> Load https://prevoty.com/
----> Crash
Component: Graphics → Graphics: Layers
Summary: Crash in mozilla::gfx::Matrix4x4Typed<T> mozilla::gfx::Matrix4x4Typed<T>::operator*<T> const → Crash due to stack overflow in ComputeEffectiveTransformsForChildren
Maybe layout should avoid putting us in this situation?
Flags: needinfo?(matt.woodrow)
Assignee: nobody → matt.woodrow
Flags: needinfo?(matt.woodrow)

        Attachment #8750546 -
        Flags: review?(mstange)

    
    

    
  
Why is this necessary? What's happening here? Don't we still need different keys for different nsDisplayBlendMode items for the same frame?

    
    

    
  
The problem is that we build two nsDisplayBlendContainers for the same frame, and FrameLayerBuilder gets confused and builds a ContainerLayer with itself as its first child.

We had mIndex to prevent this, but it was always zero, so didn't do anything.

As far as I can tell we can only ever have two blend containers per frame (one for mix-blend-mode, and one for background-blend-mode), so switching to a boolean seems sufficient (and clearer).

We can still build an arbitrary number of nsDisplayBlendModes, but those already use indexes correctly.

    
    

    
  
Oops, I got confused with nsDisplayBlendContainer vs nsDisplayBlendMode. Sounds good.

    
    

    
  
Comment on attachment 8750546 [details] [diff] [review]
double-blend-container

Review of attachment 8750546 [details] [diff] [review]:
-----------------------------------------------------------------

thanks

        Attachment #8750546 -
        Flags: review?(mstange) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/486e823cb780
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox49:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: