Closed
Bug 337117
Opened 18 years ago
Closed 18 years ago
Browser crashes when opening saunalahti.fi or maps.google.com [@ fbRasterizeEdges8]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: taavi.horila, Unassigned)
References
()
Details
(Keywords: crash, regression, topcrash+)
Crash Data
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060505 Minefield/3.0a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060505 Minefield/3.0a1 Hard to describe much, when I tried to access saunalahti.fi, browser crashed before the page was completely loaded. It loaded some portions of the page. Tried to reopen 3 times, every time same thing. Reproducible: Always Steps to Reproduce: 1. just open page http://saunalahti.fi 2. 3.
Works for me. Try a clean profile and update to the latest-trunk release.
Comment 2•18 years ago
|
||
WFM with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060507 Minefield/3.0a1 Could you copy a talkback ID for the crash to this bug? http://kb.mozillazine.org/Talkback
WFM. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060507 BonEcho/2.0a1 ID:2006050704
Reporter | ||
Comment 4•18 years ago
|
||
Tried again with non-administrative account (win xp). Works well. But when I installed the lastest trunk and tried again with administrative account, same thing: browser crashed. So I think it's somehow related to windows user accounts??? I will post that talkback ID later.
Reporter | ||
Comment 5•18 years ago
|
||
Talkback ID (most recent crash) TB18475077W
Comment 6•18 years ago
|
||
Incident ID: 18475077 Stack Signature fbRasterizeEdges8 239d0fd9 Product ID FirefoxTrunk Build ID 2006050805 Trigger Time 2006-05-09 05:54:11.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0053cbdb) URL visited <a href='http://saunalahti.fi'>http://saunalahti.fi</a> User Comments Since Last Crash 89 sec Total Uptime 99 sec Trigger Reason Access violation Source File, Line No. c:\builds\tinderbox\fx-trunk-cairo\winnt_5.2_depend\mozilla\gfx\cairo\libpixman\src\fbedge.c, line 159 Stack Trace fbRasterizeEdges8 fbRasterizeEdges fbRasterizeTrapezoid _moz_cairo_pixman_add_trapezoids _cairo_image_surface_composite_trapezoids _cairo_surface_composite_trapezoids _cairo_surface_fallback_composite_trapezoids _cairo_surface_composite_trapezoids _cairo_clip_intersect_mask
Keywords: crash
Summary: Browser crashes when opening site saunalahti.fi → Browser crashes when opening site saunalahti.fi [@ fbRasterizeEdges8]
Component: General → GFX: Thebes
Product: Firefox → Core
QA Contact: general → thebes
Version: unspecified → 1.8 Branch
Comment 7•18 years ago
|
||
I always reproduce this crash on following url. http://maps.google.com/maps?f=q&hl=ja&t=k&ll=34.770692,135.618067&spn=0.002543,0.003009 TB18479239Y
Updated•18 years ago
|
Version: 1.8 Branch → Trunk
Comment 8•18 years ago
|
||
I'm seeing this crash regularly on trunk builds. It seems to happen while the page is in the middle of loading images. I've seen it on google maps for example. Talkback IDs: 18589852, 18584674 Build tested: 20060511 windows trunk firefox
Status: UNCONFIRMED → NEW
Ever confirmed: true
I have seen this as well, but have never been able to reproduce it -- and talkback is still worthless with VC8 builds. The given URL here doesn't crash for me on any computer. I guess I'll start running my own debug build on the laptop so that I can jump into a debugger if I happen to see it again. If anyone else can get into this in the debugger, please post a full backtrace and pull out as much info as you can -- in particular the arguments of any calls to _cairo_win32_surface_* including the contents of the src,mask,dst params.
er, I meant calls to _cairo_image_surface_* (composite_trapezoids in most cases)
Comment 11•18 years ago
|
||
This topcrash accounts for over 6% of trunk crashes. It first appeared in May 3 builds. Many incidents have comments mentioning Google Maps.
Flags: blocking1.9a1?
Keywords: regression,
topcrash
Comment 12•18 years ago
|
||
I can only give stacktrace with the arguments (saw this bug after quitting the debugger, so did not save the contents of src, mask, etc.): ChildEBP RetAddr 0012f100 01c1825a thebes!fbRasterizeEdges8(unsigned int * buf = 0x19a8af50, int width = 702, int stride = 176, struct RenderEdge * l = 0x0012f180, struct RenderEdge * r = 0x0012f1a8, int t = 1, int b = 2147481462)+0xa3 [h:\mozilla\tree-main\mozilla\gfx\cairo\libpixman\src\fbedge.c @ 159] 0012f11c 01c17933 thebes!fbRasterizeEdges(unsigned int * buf = 0x19a2e510, int bpp = 8, int width = 702, int stride = 176, struct RenderEdge * l = 0x0012f180, struct RenderEdge * r = 0x0012f1a8, int t = 4065416, int b = 2147481462)+0x2f [h:\mozilla\tree-main\mozilla\gfx\cairo\libpixman\src\fbedge.c @ 297] 0012f1dc 01c0e510 thebes!fbRasterizeTrapezoid(struct pixman_image * pPicture = 0x00000008, struct pixman_trapezoid * trap = 0x003e0888, int x_off = 0, int y_off = 0)+0xbd [h:\mozilla\tree-main\mozilla\gfx\cairo\libpixman\src\fbtrap.c @ 137] 0012f1f8 01bfcc79 thebes!_moz_cairo_pixman_add_trapezoids(struct pixman_image * dst = 0x197965a8, int x_off = 0, int y_off = 0, struct pixman_trapezoid * traps = 0x05b508a8, int ntraps = 2)+0x35 [h:\mozilla\tree-main\mozilla\gfx\cairo\libpixman\src\ictrap.c @ 208] 0012f27c 01bf8d05 thebes!_cairo_image_surface_composite_trapezoids(_cairo_operator op = CAIRO_OPERATOR_IN (3), struct _cairo_pattern * pattern = 0x0012f3b4, void * abstract_dst = 0x18f4f790, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), int src_x = 0, int src_y = 0, int dst_x = 0, int dst_y = 0, unsigned int width = 0x2be, unsigned int height = 0x217, struct _cairo_trapezoid * traps = 0x05b508a8, int num_traps = 3)+0x14e [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-image-surface.c @ 844] 0012f2b8 01c01c12 thebes!_cairo_surface_composite_trapezoids(_cairo_operator op = CAIRO_OPERATOR_IN (3), struct _cairo_pattern * pattern = 0x0012f3b4, struct _cairo_surface * dst = 0x18f4f790, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), int src_x = 0, int src_y = 0, int dst_x = 0, int dst_y = 0, unsigned int width = 0x2be, unsigned int height = 0x217, struct _cairo_trapezoid * traps = 0x05b508a8, int num_traps = 3)+0x45 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-surface.c @ 1224] 0012f320 01bf8d36 thebes!_cairo_surface_fallback_composite_trapezoids(_cairo_operator op = CAIRO_OPERATOR_IN (3), struct _cairo_pattern * pattern = 0x0012f3b4, struct _cairo_surface * dst = 0x05172970, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), int src_x = 0, int src_y = 0, int dst_x = 0, int dst_y = 0, unsigned int width = 0x2be, unsigned int height = 0x217, struct _cairo_trapezoid * traps = 0x05b508a8, int num_traps = 3)+0xd8 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-surface-fallback.c @ 1159] 0012f35c 01c03b69 thebes!_cairo_surface_composite_trapezoids(_cairo_operator op = CAIRO_OPERATOR_IN (3), struct _cairo_pattern * pattern = 0x0012f3b4, struct _cairo_surface * dst = 0x05172970, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), int src_x = 0, int src_y = 0, int dst_x = 0, int dst_y = 0, unsigned int width = 0x2be, unsigned int height = 0x217, struct _cairo_trapezoid * traps = 0x05b508a8, int num_traps = 3)+0x76 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-surface.c @ 1234] 0012f448 01c03ce2 thebes!_cairo_clip_intersect_mask(struct _cairo_clip * clip = 0x000001dd, struct _cairo_traps * traps = 0x00000001, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), struct _cairo_surface * target = 0x05576868)+0xda [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-clip.c @ 382] 0012f4a4 01c030e3 thebes!_cairo_clip_clip(struct _cairo_clip * clip = 0x052c7ee8, struct _cairo_path_fixed * path = 0x0012f464, _cairo_fill_rule fill_rule = CAIRO_FILL_RULE_WINDING (0), double tolerance = 0.10000000000000001, _cairo_antialias antialias = CAIRO_ANTIALIAS_DEFAULT (0), struct _cairo_surface * target = 0x05576868)+0xd6 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-clip.c @ 468] 0012f4c4 01bfbb15 thebes!_cairo_gstate_clip(struct _cairo_gstate * gstate = 0x01df6d29, struct _cairo_path_fixed * path = 0x190f1458)+0x27 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo-gstate.c @ 1221] 0012f4d4 01bf4481 thebes!_moz_cairo_clip_preserve(struct _cairo * cr = 0x01df6d29)+0x17 [h:\mozilla\tree-main\mozilla\gfx\cairo\cairo\src\cairo.c @ 1853] 0012f4dc 01df4277 thebes!gfxContext::Clip(void)+0x8 [h:\mozilla\tree-main\mozilla\gfx\thebes\src\gfxcontext.cpp @ 489] 0012f568 01df6d29 gkgfxthebes!nsThebesImage::Draw(class nsIRenderingContext * aContext = 0x190ab4ec, class nsIDrawingSurface * aSurface = 0x00000000, int aSX = 120, int aSY = 13, int aSWidth = 0, int aSHeight = 50, int aDX = 700, int aDY = 622, int aDWidth = 0, int aDHeight = 50)+0xc0 [h:\mozilla\tree-main\mozilla\gfx\src\thebes\nsthebesimage.cpp @ 291] 0012f5e0 01810535 gkgfxthebes!nsThebesRenderingContext::DrawImage(class imgIContainer * aImage = 0x42480000, struct nsRect * twSrcRect = 0x0012f618, struct nsRect * twDestRect = 0x0012f638)+0x22a [h:\mozilla\tree-main\mozilla\gfx\src\thebes\nsthebesrenderingcontext.cpp @ 1009] 0012f64c 018108b1 gklayout!nsImageFrame::PaintImage(class nsIRenderingContext * aRenderingContext = 0x190ab4ec, struct nsPoint aPt = struct nsPoint, struct nsRect * aDirtyRect = 0x0012f69c, class imgIContainer * aImage = 0x190b75a8)+0x103 [h:\mozilla\tree-main\mozilla\layout\generic\nsimageframe.cpp @ 1345] 0012f668 018007ea gklayout!nsDisplayImage::Paint(class nsDisplayListBuilder * aBuilder = 0x018007ea, class nsIRenderingContext * aCtx = 0x0012f798, struct nsRect * aDirtyRect = 0x190ab4ec)+0x29 [h:\mozilla\tree-main\mozilla\layout\generic\nsimageframe.cpp @ 1283] 0012f67c 01800c0e gklayout!nsDisplayList::Paint(class nsDisplayListBuilder * aBuilder = 0x018007ea, class nsIRenderingContext * aCtx = 0x0012f798, struct nsRect * aDirtyRect = 0x190ab4ec)+0x18 [h:\mozilla\tree-main\mozilla\layout\base\nsdisplaylist.cpp @ 304] 0012f6ac 018007ea gklayout!nsDisplayClip::Paint(class nsDisplayListBuilder * aBuilder = 0x0012f798, class nsIRenderingContext * aCtx = 0x190ab4ec, struct nsRect * aDirtyRect = 0x0012f6e0)+0x4d [h:\mozilla\tree-main\mozilla\layout\base\nsdisplaylist.cpp @ 903] 0012f6c0 01800c0e gklayout!nsDisplayList::Paint(class nsDisplayListBuilder * aBuilder = 0x018007ea, class nsIRenderingContext * aCtx = 0x0012f798, struct nsRect * aDirtyRect = 0x190ab4ec)+0x18 [h:\mozilla\tree-main\mozilla\layout\base\nsdisplaylist.cpp @ 304]
Comment 13•18 years ago
|
||
Ok, the next time i use a attachment for the stacktrace :/.
Comment 14•18 years ago
|
||
*** Bug 338300 has been marked as a duplicate of this bug. ***
Reporter | ||
Updated•18 years ago
|
Summary: Browser crashes when opening site saunalahti.fi [@ fbRasterizeEdges8] → Browser crashes when opening saunalahti.fi or maps.google.com [@ fbRasterizeEdges8]
Comment 15•18 years ago
|
||
now up to 19.1% of all trunk crashes. I
Comment 16•18 years ago
|
||
I crash 100% of the time just trying to load http://local.google.com
Comment 17•18 years ago
|
||
*** Bug 338212 has been marked as a duplicate of this bug. ***
Comment 18•18 years ago
|
||
but I don't see the crash on http://saunalahti.fi/ or http://www.half-life2.com
Comment 19•18 years ago
|
||
pav or vlad, can you reproduce by loading http://local.google.com ?
Flags: blocking1.9a1? → blocking1.9a1+
Comment 20•18 years ago
|
||
http://talkback-public.mozilla.org/search/start.jsp?search=1&searchby=stacksig&match=contains&searchfor=fbRasterizeEdges8&vendor=MozillaOrg&product=FirefoxTrunk&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid shows this starting MozillaOrgFirefoxTrunkWin32 2006 05 03 05 and has some other test URLs. These would be good to test against if there are still problems reproducing. http://www.suicidegirls.com http://www.vmware.com http://www.ebaumsworld.com/fmovies2.shtml http://www.gmx.de http://www.merlefest.org/ http://www.islamicfinder.org http://macslow.thepimp.net/?page_id=18 http://www.mindfactory.de http://www.vbexperto.com http://www.1up.com - Just enter in the wii@e3 content zone http://www.firefoxflicks.com/ http://www.pcmag.com http://www.rangersloyal.co.uk/home.html http://www.winamp.com http://e3.ign.com http://www.worldofwarcraft.com - looking through the screenshot gallery, there was a large-ish 1/2 loaded JPG at the time of the crash. http://www.reallifecomics.com http://www.pitbikeclub.co.uk http://toolinux.org http://buildandfight.com http://www.kabiloo.fr http://www.casino770.com http://casino-club.com/DE/?camp=0605bn010101 http://www.java.com http://www.hi5.com/friend/displayMyProfile.do http://www.finnkino.fi http://www.festival-cannes.fr/journal/index.php?langue=6002 http://www.alcon.com http://www.runscape.com http://www.cadence.com - -->click on Products http://slurl.com/secondlife/Green/148/24 http://www.ctrlaltdel-online.com/ http://www.skipourfee.com/
Comment 21•18 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060528 Minefield/3.0a1 ID:2006052804 [cairo] CRASH : http://www.vmware.com/ TB19214049Z
Blah. I've been running my debug build for two weeks now, and haven't crashed yet. I'll check in the fix for bug 337424 tomorrow, which should at least get rid of the crashes. There's still some kind of logic error lurking under there when clipping is involved, though, that we'll need to track down.
Comment 23•18 years ago
|
||
just hit the crash again at http://www.mobileangler.com - nearly a full size window covering 1280x800 resolution on my laptop
Just checked in the patch from 337424; this should hopefully go away now.
Comment 25•18 years ago
|
||
Tested Minefield/3.0a1 ID:2006060105 [cairo] with my usual maps.google.com crash and it is now working correctly, so it looks like the 337424 patch fixed it.
Comment 26•18 years ago
|
||
Also looks good for me running though all the test urls listed above running Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060601 Minefield/3.0a1
Marking fixed by 337424.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ fbRasterizeEdges8]
You need to log in
before you can comment on or make changes to this bug.
Description
•