Closed
Bug 639168
Opened 13 years ago
Closed 13 years ago
Fennec 4.0b5 crash [@ gfxContext::gfxContext]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: jdm, Assigned: roc)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file, 1 obsolete file)
1.06 KB,
patch
|
tnikkel
:
review+
jpr
:
approval-mozilla-aurora+
jpr
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-c9f10352-4dcb-4049-9783-c60b52110223 . ============================================================= Looks like the line 64 mCairo = cairo_create(surface->CairoSurface()); is crashing, since surface is presumably null (crash address of 0x4 on every reported crash). ThebesLayerBuffer::GetContextForQuadrantUpdate seems to pass mBuffer to |new gfxContext| unconditionally, when it can potentially be null. 0 libxul.so gfxContext::gfxContext gfx/thebes/gfxContext.cpp:64 1 libxul.so mozilla::layers::ThebesLayerBuffer::GetContextForQuadrantUpdate nsAutoPtr.h:992 2 libxul.so mozilla::layers::ThebesLayerBuffer::BeginPaint nsAutoPtr.h:954 3 libxul.so mozilla::layers::BasicThebesLayer::Paint nsRegion.h:385 4 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1431 5 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1436 6 libxul.so mozilla::layers::BasicLayerManager::EndTransactionInternal gfx/layers/basic/BasicLayers.cpp:1308 7 libxul.so mozilla::layers::BasicLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:1256 8 libxul.so mozilla::layers::BasicShadowLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:2699 9 libxul.so nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:541 10 libxul.so nsDisplayList::PaintRoot layout/base/nsDisplayList.cpp:460 11 libxul.so nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1570 12 libxul.so PresShell::Paint layout/base/nsPresShell.cpp:6190 13 libxul.so nsViewManager::RenderViews view/src/nsViewManager.cpp:459 14 libxul.so nsViewManager::Refresh view/src/nsViewManager.h:250 15 libxul.so nsViewManager::DispatchEvent nsCOMPtr.h:492 16 libxul.so HandleEvent nsCOMPtr.h:492 17 libxul.so mozilla::widget::PuppetWidget::DispatchEvent widget/src/xpwidgets/PuppetWidget.cpp:308 18 libxul.so mozilla::widget::PuppetWidget::DispatchPaintEvent widget/src/xpwidgets/PuppetWidget.cpp:514 19 libxul.so mozilla::widget::PuppetWidget::PaintTask::Run widget/src/xpwidgets/PuppetWidget.cpp:556 20 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 21 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 22 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 23 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 24 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 25 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 26 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:198 27 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:678 28 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 29 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220 30 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512 31 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:519 32 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:778 33 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 34 libc.so libc.so@0xd67a More crashes at https://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&date=2011-03-05%2005%3A00%3A00&signature=gfxContext%3A%3AgfxContext&version=Fennec%3A4.0b5
Reporter | ||
Updated•13 years ago
|
Component: General → Graphics
Product: Fennec → Core
QA Contact: general → thebes
Comment 1•13 years ago
|
||
It is #15 top crasher in 4.0.
Updated•13 years ago
|
Comment 2•13 years ago
|
||
maybe just a OOM, but mBuffer is being tested before use in other places in this file. Maybe it is comment that mBuffer is nulled out (like in Clear()).
Assignee | ||
Comment 3•13 years ago
|
||
This might help. BufferSizeOkFor might return true even if the buffer dimensions are 0,0 after being cleared, if the needed region is empty. With this patch, I can't see that we'd get to GetContextForQuadrantUpdate with a null mBuffer.
Assignee: nobody → roc
Attachment #534989 -
Flags: review?(tnikkel)
Assignee | ||
Comment 4•13 years ago
|
||
Attachment #534989 -
Attachment is obsolete: true
Attachment #534989 -
Flags: review?(tnikkel)
Assignee | ||
Updated•13 years ago
|
Attachment #534990 -
Flags: review?(tnikkel)
Comment 5•13 years ago
|
||
Comment on attachment 534990 [details] [diff] [review] actual patch Seems fine, although I'm not very familiar with this code.
Attachment #534990 -
Flags: review?(tnikkel) → review+
Assignee | ||
Updated•13 years ago
|
Whiteboard: [needs landing]
Assignee | ||
Comment 6•13 years ago
|
||
http://hg.mozilla.org/projects/cedar/rev/37923e6be386
Whiteboard: [needs landing] → [fixed-in-cedar]
Comment 7•13 years ago
|
||
Pushed: http://hg.mozilla.org/mozilla-central/rev/37923e6be386
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Whiteboard: [fixed-in-cedar]
Target Milestone: --- → mozilla7
Version: 2.0 Branch → Trunk
Assignee | ||
Comment 8•13 years ago
|
||
Comment on attachment 534990 [details] [diff] [review] actual patch Review of attachment 534990 [details] [diff] [review]: ----------------------------------------------------------------- Super-safe patch, might fix topcrash.
Attachment #534990 -
Flags: approval-mozilla-beta?
Attachment #534990 -
Flags: approval-mozilla-aurora?
Updated•13 years ago
|
Attachment #534990 -
Flags: approval-mozilla-beta?
Attachment #534990 -
Flags: approval-mozilla-beta+
Attachment #534990 -
Flags: approval-mozilla-aurora?
Attachment #534990 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 9•13 years ago
|
||
http://hg.mozilla.org/releases/mozilla-aurora/rev/c43281466451 http://hg.mozilla.org/releases/mozilla-beta/rev/77075f01ce94
status-firefox5:
--- → fixed
status-firefox6:
--- → fixed
Updated•13 years ago
|
Crash Signature: [@ gfxContext::gfxContext]
Reporter | ||
Comment 10•13 years ago
|
||
Still seeing the same stack on Fennec 5. https://crash-stats.mozilla.com/report/index/2513d055-8f36-400c-8292-7f28c2110622
Reporter | ||
Updated•13 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 11•13 years ago
|
||
Bug 665218 has STR that end in a gfxContext::gfxContext crash.
Updated•13 years ago
|
Crash Signature: [@ gfxContext::gfxContext] → [@ gfxContext::gfxContext]
[@ gfxContext::gfxContext(gfxASurface*) ]
Comment 12•13 years ago
|
||
There have been no crashes in Fennec versions above 5.0 for the last four weeks. I close it as fixed.
Status: REOPENED → RESOLVED
Crash Signature: [@ gfxContext::gfxContext]
[@ gfxContext::gfxContext(gfxASurface*) ] → [@ gfxContext::gfxContext]
Closed: 13 years ago → 13 years ago
Depends on: 665218
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•