Closed Bug 1104254 Opened 10 years ago Closed 10 years ago

SEGV in mozilla::layers::BufferTextureClient::AllocateForSurface

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1099437

People

(Reporter: attekett, Unassigned)

Details

Attachments

(1 file)

repro-file.html
594 bytes, text/html
Details
Attached file repro-file.html 
Tested on:

OS: Ubuntu 14.04

Firefox: ASAN build from https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-linux64-asan/1416852096/

This issue is most likely related to bug 1095925

ASAN-trace:


==20557==ERROR: AddressSanitizer: SEGV on unknown address 0x7fe8f9b27100 (pc 0x7fea16f4009d sp 0x7fffa7ed59f8 bp 0x7fffa7ed5a30 T0)
    #0 0x7fea16f4009c in memset ??:0:0
    #1 0x45f312 in __interceptor_memset _asan_rtl_:0
    #2 0x7fea1acd916f in mozilla::layers::BufferTextureClient::AllocateForSurface(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::layers::TextureAllocationFlags) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/TextureClient.cpp:723:0
    #3 0x7fea1acc9424 in mozilla::layers::TextureClient::CreateForDrawing(mozilla::layers::ISurfaceAllocator*, mozilla::gfx::SurfaceFormat, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::BackendType, mozilla::layers::TextureFlags, mozilla::layers::TextureAllocationFlags) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/TextureClient.cpp:395:0
    #4 0x7fea1accb823 in CreateTextureClientForDrawing /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/CompositableClient.cpp:210:0
    #5 0x7fea1accb823 in mozilla::layers::ContentClientRemoteBuffer::CreateBackBuffer(nsIntRect const&) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:302:0
    #6 0x7fea1accbd9a in BuildTextureClients /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:295:0
    #7 0x7fea1accbd9a in mozilla::layers::ContentClientRemoteBuffer::CreateBuffer(gfxContentType, nsIntRect const&, unsigned int, mozilla::RefPtr<mozilla::gfx::DrawTarget>*, mozilla::RefPtr<mozilla::gfx::DrawTarget>*) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/client/ContentClient.cpp:331:0
    #8 0x7fea1ac261ab in mozilla::layers::RotatedContentBuffer::BeginPaint(mozilla::layers::PaintedLayer*, unsigned int) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/gfx/layers/RotatedBuffer.cpp:651:0
    #9 0x7fea1acdb981 in mozilla::layers::ContentClientRemoteBuffer::BeginPaintBuffer(mozilla::layers::PaintedLayer*, unsigned int) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/src/obj-firefox/gfx/layers/../../dist/include/mozilla/layers/ContentClient.h:214:0
.
.
.
I imagine this is a duplicate of bug 1099437, so lets see what happens when that one lands.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: