Closed Bug 1538538 Opened 5 years ago Closed 5 years ago

Crash in [@ mozilla::layers::WebRenderScrollData::GetLayerCount]

Categories

(Core :: Graphics: WebRender, defect)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla68
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- unaffected
firefox67 --- unaffected
firefox68 --- fixed

People

(Reporter: calixte, Assigned: kats)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

This bug is for crash report bp-b5982a0b-ad84-40da-b87c-4a0000190323.

Top 10 frames of crashing thread:

0 xul.dll mozilla::layers::WebRenderScrollData::GetLayerCount 
1 xul.dll class mozilla::layers::WebRenderScrollDataWrapper mozilla::layers::WebRenderScrollDataWrapper::GetLastChild gfx/layers/wr/WebRenderScrollDataWrapper.h:177
2 xul.dll static void mozilla::layers::ForEachNode<mozilla::layers::ReverseIterator, mozilla::layers::WebRenderScrollDataWrapper, `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:413:9', `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:487:9'> gfx/layers/TreeTraversal.h:140
3 xul.dll static void mozilla::layers::ForEachNode<mozilla::layers::ReverseIterator, mozilla::layers::WebRenderScrollDataWrapper, `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:413:9', `lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZCTreeManager.cpp:487:9'> gfx/layers/TreeTraversal.h:142
4 xul.dll static void mozilla::layers::APZCTreeManager::UpdateHitTestingTreeImpl<mozilla::layers::WebRenderScrollDataWrapper> gfx/layers/apz/src/APZCTreeManager.cpp:411
5 xul.dll static void mozilla::layers::APZUpdater::UpdateScrollDataAndTreeState::<unnamed-tag>::operator gfx/layers/apz/src/APZUpdater.cpp:209
6 xul.dll nsresult mozilla::detail::RunnableFunction<`lambda at z:/task_1553335548/build/src/gfx/layers/apz/src/APZUpdater.cpp:203:11'>::Run xpcom/threads/nsThreadUtils.h:562
7 xul.dll void mozilla::layers::APZUpdater::ProcessQueue gfx/layers/apz/src/APZUpdater.cpp:524
8 xul.dll static void mozilla::layers::APZUpdater::CompleteSceneSwap gfx/layers/apz/src/APZUpdater.cpp:121
9 xul.dll apz_post_scene_swap gfx/layers/apz/src/APZUpdater.cpp:571

There are 4 crashes (from 2 installations) in nightly 68 with buildid 20190323094805. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1441308.

[1] https://hg.mozilla.org/mozilla-central/rev?node=96da9d241051

Flags: needinfo?(dothayer)

We're missing a null check. I can fix. This should only be getting hit if the user has turned on document splitting, which is off by default.

Assignee: nobody → kats
Flags: needinfo?(dothayer)

This has no functional effect but makes it consistent with other similar
sites.

Depends on D24650

Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/44f442f26b6d
Guard against null pointer dereference. r=dthayer
https://hg.mozilla.org/integration/autoland/rev/f33d20b3893f
Minor tweak for consistency. r=dthayer
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: