Closed
Bug 672361
Opened 13 years ago
Closed 13 years ago
Firefox 8.0a1 Crash @ IOSurface@0xb5b
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla8
People
(Reporter: marcia, Assigned: BenWa)
References
()
Details
(Keywords: crash, reproducible, Whiteboard: [inbound])
Crash Data
Attachments
(1 file)
2.47 KB,
patch
|
smichaud
:
review+
|
Details | Diff | Splinter Review |
Seen while reviewing crash stats and reproducible using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1) Gecko/20110718 Firefox/8.0a1 https://crash-stats.mozilla.com/report/index/bp-b9fccba7-9b41-4ec7-bda3-6aac12110718 STR: 1. http://fullproduct.download.microsoft.com/download/release/3/9/8/SW_DVD5_Windows_Vista_Business_32BIT_Brazilian_Full_Int_SP2_MLF_X15-39885.ISO?LCID=1033&PGM=VLSC&TID=40516574&__gda__=1311102765_ab37533b6655d0c01947f9f92ed2caf7 2. Deny the Java applet. 3. Crash. Frame Module Signature [Expand] Source 0 IOSurface IOSurface@0xb5b 1 XUL nsPluginInstanceOwner::RenderCoreAnimation dom/plugins/base/nsPluginInstanceOwner.cpp:1481 2 XUL nsObjectFrame::PaintPlugin layout/generic/nsObjectFrame.cpp:1780 3 XUL nsDisplayPlugin::Paint layout/generic/nsObjectFrame.cpp:1014 4 XUL mozilla::FrameLayerBuilder::DrawThebesLayer layout/base/FrameLayerBuilder.cpp:2142 5 XUL mozilla::layers::ThebesLayerOGL::RenderLayer gfx/layers/opengl/ThebesLayerOGL.cpp:711 6 XUL mozilla::layers::ContainerLayerOGL::RenderLayer gfx/layers/opengl/ContainerLayerOGL.cpp:245 7 XUL mozilla::layers::ContainerLayerOGL::RenderLayer gfx/layers/opengl/ContainerLayerOGL.cpp:245 8 XUL mozilla::layers::LayerManagerOGL::Render gfx/layers/opengl/LayerManagerOGL.cpp:796 9 XUL mozilla::layers::LayerManagerOGL::EndTransaction gfx/layers/opengl/LayerManagerOGL.cpp:423 10 XUL nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:630 11 XUL nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1639 12 XUL PresShell::Paint layout/base/nsPresShell.cpp:6165 13 XUL nsViewManager::Refresh view/src/nsViewManager.cpp:440 14 XUL nsViewManager::DispatchEvent view/src/nsViewManager.cpp:918 15 XUL HandleEvent view/src/nsView.cpp:160 16 XUL nsChildView::DispatchEvent widget/src/cocoa/nsChildView.mm:1705 17 XUL nsChildView::DispatchWindowEvent widget/src/cocoa/nsChildView.mm:1715 18 XUL -[ChildView drawRect:inContext:] widget/src/cocoa/nsChildView.mm:2793 19 XUL -[ChildView drawRect:] widget/src/cocoa/nsChildView.mm:2699 20 AppKit AppKit@0x100d74 21 AppKit AppKit@0xfbfe6 22 AppKit AppKit@0x73eeff 23 AppKit AppKit@0xfb89b 24 Foundation Foundation@0x16d95 25 AppKit AppKit@0x8046ff 26 AppKit AppKit@0xfe54a 27 libSystem.B.dylib libSystem.B.dylib@0x9d78 28 libSystem.B.dylib libSystem.B.dylib@0x9d78 29 AppKit AppKit@0x755a57 30 AppKit AppKit@0x239a2 31 CoreFoundation CoreFoundation@0xbc54 32 CoreFoundation CoreFoundation@0x1055b 33 CoreFoundation CoreFoundation@0xfd06 34 CoreFoundation CoreFoundation@0xfb5e 35 CoreFoundation CoreFoundation@0x24834 36 CoreFoundation CoreFoundation@0x246a8 37 Foundation Foundation@0x14f1b 38 AppKit AppKit@0xfeed5 39 libSystem.B.dylib libSystem.B.dylib@0x9d78 40 AppKit AppKit@0x755a57 41 AppKit AppKit@0x239a2 42 CoreFoundation CoreFoundation@0xbc54 43 CoreFoundation CoreFoundation@0x13e1a7 44 CoreFoundation CoreFoundation@0xfd06
Reporter | ||
Comment 1•13 years ago
|
||
I put this in Core Plugins but it is probably not the correct component so would appreciate any help in putting it in the correct component.
Comment 2•13 years ago
|
||
I can't reproduce this crash. I tested on OS X 3.6.8 with FF 5.0 and 6.0b2. So we need to round up the usual suspects :-) Do you crash with a clean profile?
Reporter | ||
Comment 3•13 years ago
|
||
I can reproduce the crash using the lastest trunk nightly with a clean profile. I will try other versions as well. I first saw the signature associated with someone running 10.7 in crash stats and that is where I got the URL.
Comment 4•13 years ago
|
||
I don't crash (even with today's trunk nightly) on OS X 10.6.8. I do crash on OS X 10.7: bp-347bd19d-ef49-47f6-9a7d-5d3062110718
Comment 5•13 years ago
|
||
But now Microsoft's done something to break your testcase :-( Now I get the following error, and no Java applet: An error occurred while processing your request. Reference #50.b5ec54b8.1311028747.208abf4d
Comment 6•13 years ago
|
||
(Following up comment #5) I find I can get rid of this error, and start crashing again, if I do the following in Terminal: $ rm -rf ~/Library/Caches/Java/cache/6.0
Comment 7•13 years ago
|
||
(Following up comment #6) To get rid of the error (and start crashing again) you also have to clear FF's cache (Preferences : Advanced : Network : Offline Storage : Clear Now).
Comment 8•13 years ago
|
||
Finding a regression range for this is going to be complicated by bug 663688, which makes FF *terribly* crashy on OS X 10.7 (and which has only been fixed on trunk, one way or another, since 2011-06-20).
Comment 9•13 years ago
|
||
> Finding a regression range for this is going to be complicated by
> bug 663688, which makes FF *terribly* crashy on OS X 10.7 (and which
> has only been fixed on trunk, one way or another, since 2011-06-20).
But not, of course, if you set gfx.downloadable_fonts.enabled to false
:-)
Comment 10•13 years ago
|
||
This appears to be a recent regression. Here's the regression range (testing on OS X 10.7): firefox-2011-07-13-03-07-41-mozilla-central firefox-2011-07-14-03-07-41-mozilla-central Here's the full STR over again: 1) Do the following in Terminal: rm -rf ~/Library/Caches/Java/cache/6.0 2) Run Firefox and clear its cache (Preferences : Advanced : Network : Offline Storage : Clear Now). 3) Visit http://fullproduct.download.microsoft.com/download/release/3/9/8/SW_DVD5_Windows_Vista_Business_32BIT_Brazilian_Full_Int_SP2_MLF_X15-39885.ISO?LCID=1033&PGM=VLSC&TID=40516574&__gda__=1311102765_ab37533b6655d0c01947f9f92ed2caf7 4) Wait 15-20 seconds for the Java applet to finish loading, then "deny" it access to your computer.
Comment 11•13 years ago
|
||
Benoit, I'd bet the trigger here is your patch for bug 663259 ("Enable Mac Async plugin by default"). Changing plugins.use_layers from 'true' to 'false' doesn't stop the crashes, but I'm not sure that settings change is enough to fully reverse the effects of your patch.
Assignee | ||
Comment 12•13 years ago
|
||
Thanks for looking into this Steven, I'll work on this bug I have a few ideas.
Assignee: nobody → bgirard
Assignee | ||
Comment 13•13 years ago
|
||
I carelessly changed mIOSurface from nsIOSurface* to nsRefPtr<nsIOSurface> without fixing all the implications. This patch addresses these omissions.
Attachment #546789 -
Flags: review?(smichaud)
Comment 14•13 years ago
|
||
Comment on attachment 546789 [details] [diff] [review] Fix mIOSurface memory management This looks fine to me. Do we know that it fixes this bug's crashes?
Attachment #546789 -
Flags: review?(smichaud) → review+
Assignee | ||
Comment 15•13 years ago
|
||
No, I was unable to reproduce the issue on 10.6 and don't have a 10.7 ready. It seem consistent with the crash report in this bug however.
Comment 16•13 years ago
|
||
> It seems consistent with the crash report in this bug however.
I agree. Marcia and I can test your patch when it gets into a nightly.
Whether or not your patch fixes this bug, though, it does fix things that need to be fixed.
Assignee | ||
Comment 17•13 years ago
|
||
Pushed to mozilla-inbound: http://hg.mozilla.org/integration/mozilla-inbound/rev/4c27fe0139bf
Whiteboard: [inbound]
Comment 18•13 years ago
|
||
> don't have a 10.7 ready
Marcia, do you know if we have a way to distribute copies of the 10.7 GM to employees/contractors?
Assignee | ||
Comment 19•13 years ago
|
||
(In reply to comment #18) > > don't have a 10.7 ready > > Marcia, do you know if we have a way to distribute copies of the 10.7 GM to > employees/contractors? We have a corporate account for MoCo that Josh setup. I just have an old seed from May without a dev environment. I've been meaning to set it up once I get assigned a complex Lion bug.
Reporter | ||
Comment 20•13 years ago
|
||
I have not heard anything from IT yet regarding this. I purchased an individual yearly membership so I could get the seeds. (In reply to comment #18) > > don't have a 10.7 ready > > Marcia, do you know if we have a way to distribute copies of the 10.7 GM to > employees/contractors?
Comment 21•13 years ago
|
||
> I purchased an individual yearly membership so I could get the seeds. So did I :-) It's not expensive -- just $99 (http://developer.apple.com/programs/mac/). But this is really something Mozilla should provide for its employees/contractors -- whether by allowing us to expense the $99 or by doing it centrally. I'll beat the bushes to see what I can find out.
Assignee | ||
Comment 22•13 years ago
|
||
(In reply to comment #21) > > I purchased an individual yearly membership so I could get the seeds. > > So did I :-) > > It's not expensive -- just $99 (http://developer.apple.com/programs/mac/). > > But this is really something Mozilla should provide for its > employees/contractors -- whether by allowing us to expense the $99 or by > doing it centrally. I'll beat the bushes to see what I can find out. Contact Josh, he set up a Mozilla account a last month.
Comment 23•13 years ago
|
||
> Contact Josh, he set up a Mozilla account a last month.
I will. But if we *do* manage this centrally, it really should be IT
(or someone in IT) that takes care of it.
To my mind Josh shouldn't be saddled with this. Nor am I particularly
eager to be :-)
Comment 24•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/4c27fe0139bf
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
Assignee | ||
Comment 25•13 years ago
|
||
Here's the M-I build in case you want to try it out now: http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-inbound-macosx64/1311091070/firefox-8.0a1.en-US.mac.dmg
Comment 26•13 years ago
|
||
Testing with this M-I build, I no longer crash using my STR from comment #10.
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•