Closed
Bug 623728
Opened 14 years ago
Closed 14 years ago
Crash when leaving fullscreen while playing OGG video
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| fennec | 2.0+ | --- |
People
(Reporter: dougt, Assigned: cjones)
References
Details
Attachments
(1 file)
After playing a video in fullscreen mode, I closed it. Soon after, fennec crashed. I don't have a stack, but this was in the output. I can reproduce this pretty consistently with todays build. I am on a G2 running cyanogen. I/Gecko (12169): ###!!! ABORT: unknown union type: file PLayersParent.cpp, line 560
|
||
Comment 1•14 years ago
|
||
Given the abort, I'm assuming this should be in Core/GFX.
Component: Video/Audio → Graphics
QA Contact: video.audio → thebes
|
Assignee | |
Comment 2•14 years ago
|
||
Yes, gfx. This abort is being triggered by a SurfaceDescriptor with an invalid type, probably T__none which would suggest that the descriptor is uninitialized. A link to a minidump from the abort would be useful. Will try to repro later.
|
|
Assignee | |
Comment 3•14 years ago
|
||
Oh yeah, this is tres bad and should block.
Assignee: nobody → jones.chris.g
tracking-fennec: --- → ?
|
Reporter | |
Updated•14 years ago
|
tracking-fennec: ? → 2.0+
|
|
Assignee | |
Comment 4•14 years ago
|
||
Problem is here
void
PLayersParent::Write(
const OpThebesBufferSwap& __v,
Message* __msg)
{
Write((__v).layerParent(), __msg, false);
// skipping actor field that's meaningless on this side
>>> Write((__v).newBackBuffer(), __msg);
Write((__v).newValidRegion(), __msg);
Write((__v).newXResolution(), __msg);
Write((__v).newYResolution(), __msg);
Write((__v).readOnlyFrontBuffer(), __msg);
Write((__v).frontUpdatedRegion(), __msg);
}
newBackBuffer() has a ThebesBuffer of Descriptor type T__none.|
|
Assignee | |
Comment 7•14 years ago
|
||
The problem is that with bug 623255, we started destroying shadow layers upon TabParent::Destroy, because there may be "orphaned" layers that wouldn't be signaled on LayerManager::Destroy. This caused use-after-free bugs of GLContexts. In this case, we have the opposite problem: LayerManager::Destroy is *not* being called around the time when TabParent::Destroy is called. This was causing shadow layers to have transactions processed on them after they became zombies. This patch records when we explicitly destroy shadow layers from TabParent::Destroy and stops relying solely on the layer-manager destroyed state.
Attachment #502722 -
Flags: review?(jmuizelaar)
|
||
Comment 8•14 years ago
|
||
Comment on attachment 502722 [details] [diff] [review] Don't process transactions on destroyed shadow layer managers, even when the layer manager hasn't been explicitly destroyed Please add a comment at the mDestroyed declaration about why the additional state is needed.
Attachment #502722 -
Flags: review?(jmuizelaar) → review+
|
|
Assignee | |
Comment 9•14 years ago
|
||
(In reply to comment #8) > Comment on attachment 502722 [details] [diff] [review] > Don't process transactions on destroyed shadow layer managers, even when the > layer manager hasn't been explicitly destroyed > > Please add a comment at the mDestroyed declaration about why the additional > state is needed. Done.
|
|
Assignee | |
Comment 11•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/d89371fd4fa4
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•