Closed Bug 1104254 Opened 11 years ago Closed 11 years ago

SEGV in mozilla::layers::BufferTextureClient::AllocateForSurface

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1099437

People

(Reporter: attekett, Unassigned)

Details

Attachments

(1 file)

repro-file.html
594 bytes, text/html
Details
Attached file repro-file.html
Tested on: OS: Ubuntu 14.04 Firefox: ASAN build from https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-linux64-asan/1416852096/ This issue is most likely related to bug 1095925 ASAN-trace: ==20557==ERROR: AddressSanitizer: SEGV on unknown address 0x7fe8f9b27100 (pc 0x7fea16f4009d sp 0x7fffa7ed59f8 bp 0x7fffa7ed5a30 T0) #0 0x7fea16f4009c in memset ??:0:0 #1 0x45f312 in __interceptor_memset _asan_rtl_:0 #2 0x7fea1acd916f in mozilla::layers::BufferTextureClient::AllocateForSurface(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::layers::TextureAllocationFlags) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/TextureClient.cpp:723:0 #3 0x7fea1acc9424 in mozilla::layers::TextureClient::CreateForDrawing(mozilla::layers::ISurfaceAllocator*, mozilla::gfx::SurfaceFormat, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::BackendType, mozilla::layers::TextureFlags, mozilla::layers::TextureAllocationFlags) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/TextureClient.cpp:395:0 #4 0x7fea1accb823 in CreateTextureClientForDrawing /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/CompositableClient.cpp:210:0 #5 0x7fea1accb823 in mozilla::layers::ContentClientRemoteBuffer::CreateBackBuffer(nsIntRect const&) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:302:0 #6 0x7fea1accbd9a in BuildTextureClients /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:295:0 #7 0x7fea1accbd9a in mozilla::layers::ContentClientRemoteBuffer::CreateBuffer(gfxContentType, nsIntRect const&, unsigned int, mozilla::RefPtr<mozilla::gfx::DrawTarget>*, mozilla::RefPtr<mozilla::gfx::DrawTarget>*) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:331:0 #8 0x7fea1ac261ab in mozilla::layers::RotatedContentBuffer::BeginPaint(mozilla::layers::PaintedLayer*, unsigned int) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/RotatedBuffer.cpp:651:0 #9 0x7fea1acdb981 in mozilla::layers::ContentClientRemoteBuffer::BeginPaintBuffer(mozilla::layers::PaintedLayer*, unsigned int) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/obj-firefox/gfx/layers/../../dist/include/mozilla/layers/ContentClient.h:214:0 . . .
I imagine this is a duplicate of bug 1099437, so lets see what happens when that one lands.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: