Closed
Bug 673378
Opened 13 years ago
Closed 13 years ago
Crash at nsHTMLCanvasElement::GetContext
Categories
(Core :: Graphics: Canvas2D, defect)
Core
Graphics: Canvas2D
Tracking
()
People
(Reporter: attekett, Assigned: bjacob)
References
Details
(4 keywords, Whiteboard: [qa!])
Crash Data
Attachments
(3 files)
|
1.18 KB,
text/html
|
Details | |
|
297 bytes,
text/html
|
Details | |
|
1.03 KB,
patch
|
roc
:
review+
christian
:
approval-mozilla-aurora+
christian
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
opening the attached page causes firefox (beta and nightly) to crash at nsHTMLCanvasElement::GetContext. Tested on windows 7 x64 and linux on x86 and x86_64. More info in crash reports: 098b62aa-0e85-4c82-9f5b-3a64b2110722 (Ubuntu 11.04 x64) ebfba132-9e14-4979-b319-103ac2110722 (Windows 7 x64)
|
||
Updated•13 years ago
|
Attachment #547648 -
Attachment mime type: text/plain → text/html
|
|
||
Updated•13 years ago
|
Crash Signature: [@ nsHTMLCanvasElement::GetContext ]
[@ nsHTMLCanvasElement::GetContext(nsAString_internal const&, unsigned __int64 const&, nsISupports**) ]
|
|
||
Comment 1•13 years ago
|
||
WFM: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 No rectangles, but also no crash. Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 Reproduced: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 Mozilla/5.0 (X11; Linux x86_64; rv:7.0a2) Gecko/20110720 Firefox/7.0a2 Mozilla/5.0 (X11; Linux x86_64; rv:8.0a1) Gecko/20110721 Firefox/8.0a1 Regression range of crash: Last good nightly: 2011-05-20 First bad nightly: 2011-05-21 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2e0e36b0feae&tochange=21c304c5f351
|
|
||
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Component: General → Canvas: 2D
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → canvas.2d
|
|
||
Comment 2•13 years ago
|
||
Local track down: The first bad revision is: changeset: 69815:693555498d57 user: Benoit Jacob <bjacob@mozilla.com> date: Fri May 20 15:53:53 2011 -0400 summary: Bug 656215 - null out failed canvas contexts - r=roc
|
||
Comment 3•13 years ago
|
||
We probably need to clear out mCurrentContextId when UpdateContext fails....
Assignee: nobody → bjacob
|
|
||
Comment 4•13 years ago
|
||
Requesting tracking for this crash regression on the relevant branches.
status-firefox6:
--- → affected
status-firefox7:
--- → affected
tracking-firefox6:
--- → ?
tracking-firefox7:
--- → ?
|
||
Comment 5•13 years ago
|
||
Is this bad enough to back out bug 656215? Which would you rather live with? We are trying to build the last beta Today.
|
Assignee | |
Comment 7•13 years ago
|
||
I should have reacted to this sooner... trying to make a patch now.
|
|
Assignee | |
Comment 9•13 years ago
|
||
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff46789e9 in nsHTMLCanvasElement::GetContext (this=0x19e0c20, aContextId=...,
aContextOptions=..., aContext=0x7fffffff8a90)
at /home/bjacob/mozilla-central/content/html/content/src/nsHTMLCanvasElement.cpp:531
531 NS_ADDREF (*aContext = mCurrentContext);
(gdb) bt
#0 0x00007ffff46789e9 in nsHTMLCanvasElement::GetContext (this=0x19e0c20, aContextId=...,
aContextOptions=..., aContext=0x7fffffff8a90)
at /home/bjacob/mozilla-central/content/html/content/src/nsHTMLCanvasElement.cpp:531
#1 0x00007ffff4e0a628 in nsIDOMHTMLCanvasElement_GetContext (cx=0x12a0f00, argc=1, vp=0x7fffe43a0088)
at /home/bjacob/build/firefox/js/src/xpconnect/src/dom_quickstubs.cpp:21946
#2 0x00007ffff599a63f in js::CallJSNative (cx=0x12a0f00,
native=0x7ffff4e0a426 <nsIDOMHTMLCanvasElement_GetContext(JSContext*, uintN, jsval*)>, args=...)
at /home/bjacob/mozilla-central/js/src/jscntxtinlines.h:281
#3 0x00007ffff59972de in js::Invoke (cx=0x12a0f00, argsRef=..., construct=js::NO_CONSTRUCT)
at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:656|
|
Assignee | |
Comment 10•13 years ago
|
||
Boris' suggestion in comment 3 was the right one: this trivial patch fixes the crash.
Attachment #550553 -
Flags: review?(roc)
Comment on attachment 550553 [details] [diff] [review] also reset the contextid Nested ifs would probably result in less code here.
Attachment #550553 -
Flags: review?(roc) → review+
|
|
Assignee | |
Updated•13 years ago
|
Attachment #550553 -
Flags: approval-mozilla-beta?
Attachment #550553 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 12•13 years ago
|
||
Landing on central. Please approve for beta.
|
|
Assignee | |
Comment 13•13 years ago
|
||
Landed on central: http://hg.mozilla.org/mozilla-central/rev/f12f16210f30
|
||
Comment 14•13 years ago
|
||
Comment on attachment 550553 [details] [diff] [review] also reset the contextid Roc says this is very low risk and fixes the issue totally we were trying to fix in 656215
Attachment #550553 -
Flags: approval-mozilla-beta?
Attachment #550553 -
Flags: approval-mozilla-beta+
Attachment #550553 -
Flags: approval-mozilla-aurora?
Attachment #550553 -
Flags: approval-mozilla-aurora+
|
|
Assignee | |
Comment 15•13 years ago
|
||
Landed on beta and aurora: http://hg.mozilla.org/releases/mozilla-beta/rev/f8583ac431a6 http://hg.mozilla.org/releases/mozilla-aurora/rev/1539927cf9ba
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Comment 16•13 years ago
|
||
Fwiw, Truncate() is probably more idiomatic than AssignLiteral("").
|
||
Comment 17•13 years ago
|
||
Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 Verified issue on the reduced test case from Comment 5 - FF 6.0b5 does not crash anymore. But when testing the test case from the description on Ubuntu 11.04 x86 - FF 6.0b5 freezes and the whole system goes really slow. Should this bug be reopend?
|
|
Assignee | |
Comment 18•13 years ago
|
||
No, AIUI this testcase can result in absurdly large canvases being created, that's the point as it's trying to test cases where canvas creation fails for lack of memory. So depending on the virtual memory setup on your machine it can really consume huge amounts of resources. Only reopen if you get a firefox crash.
|
||
Comment 19•13 years ago
|
||
Firefox doesn't freezes but no rectangles are present. In this case, is this resolved, or the purpose of this test is not to crash? If so, it's WFM on Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/6.0 (beta 5) and the status can be chanced to Verified Fixed. Thanks
|
||
Comment 20•13 years ago
|
||
VERIFIED FIXED based on previous comments. qa+ for verification on Firefox 7.
|
|
||
Comment 21•13 years ago
|
||
Verified on the latest Nightly on Aurora and on Firefox 7RC using the reduced test cases from the description and from Comment 5 - there is no crash. Mozilla/5.0 (Windows NT 5.1; rv:7.0) Gecko/20100101 Firefox/7.0 Mozilla/5.0 (Windows NT 6.1; rv:7.0) Gecko/20100101 Firefox/7.0 Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20100101 Firefox/7.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0) Gecko/20100101 Firefox/7.0 Mozilla/5.0 (Windows NT 5.1; rv:8.0a2) Gecko/20110921 Firefox/8.0a2 Mozilla/5.0 (Windows NT 6.1; rv:8.0a2) Gecko/20110921 Firefox/8.0a2 Mozilla/5.0 (X11; Linux x86_64; rv:8.0a2) Gecko/20110921 Firefox/8.0a2 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a2) Gecko/20110921 Firefox/8.0a2 Mozilla/5.0 (Windows NT 5.1; rv:9.0a1) Gecko/20110922 Firefox/9.0a1 Mozilla/5.0 (Windows NT 6.1; rv:9.0a1) Gecko/20110922 Firefox/9.0a1 Mozilla/5.0 (X11; Linux x86_64; rv:9.0a1) Gecko/20110922 Firefox/9.0a1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0a1) Gecko/20110923 Firefox/9.0a1
Keywords: verified-aurora
Whiteboard: [qa+] → [qa!]
You need to log in
before you can comment on or make changes to this bug.
Description
•