Closed
Bug 1131808
Opened 9 years ago
Closed 9 years ago
Firefox crash in mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
VERIFIED
FIXED
mozilla38
People
(Reporter: marcia, Assigned: mattwoodrow)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.13 KB,
patch
|
nical
:
review+
lmandel
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-7fd30f52-a4ed-4996-b901-5ca112150210. ============================================================= Seen while performing some youtube.com tests on Windows Vista using the latest Aurora build. Link to all crashes: http://bit.ly/1KK1C5A Crashes started showing up in crash stats using 2015013000 and continue until 2015020903 Haven't been able repro 100% but I have seen the same crash now twice on my machine. In one instance I was scrolling http://www.businessinsider.com/i-drove-for-uber-for-a-week-heres-what-its-really-like-2015-2 Frame Module Signature Source 0 xul.dll mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::StereoMode) gfx/layers/YCbCrImageDataSerializer.cpp 1 xul.dll mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::StereoMode) gfx/layers/YCbCrImageDataSerializer.cpp 2 xul.dll mozilla::layers::BufferTextureClient::AllocateForYCbCr(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::StereoMode) gfx/layers/client/TextureClient.cpp 3 xul.dll mozilla::layers::TextureClient::CreateForYCbCr(mozilla::layers::ISurfaceAllocator*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::StereoMode, mozilla::layers::TextureFlags) gfx/layers/client/TextureClient.cpp 4 xul.dll mozilla::layers::ImageClientSingle::UpdateImage(mozilla::layers::ImageContainer*, unsigned int) gfx/layers/client/ImageClient.cpp 5 xul.dll mozilla::layers::UpdateImageClientNow gfx/layers/ipc/ImageBridgeChild.cpp 6 xul.dll RunnableFunction<void (*)(mozilla::layers::CompositorParent*, unsigned __int64*), Tuple2<mozilla::layers::CompositorParent*, unsigned __int64*> >::Run() ipc/chromium/src/base/task.h 7 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 8 xul.dll `anonymous namespace'::ThreadFunc(void*) ipc/chromium/src/base/platform_thread_win.cc 9 kernel32.dll BaseThreadInitThunk 10 kernel32.dll BasepIsDebugPortPresent 11 ntdll.dll _RtlUserThreadStart
Assignee | ||
Comment 1•9 years ago
|
||
Looks like bufSize can be 0 if any of the YCbCr image dimensions are 0 (or negative). That shouldn't really be happening, but we shouldn't crash if it does.
Assignee: nobody → matt.woodrow
Attachment #8562488 -
Flags: review?(nical.bugzilla)
Updated•9 years ago
|
Attachment #8562488 -
Flags: review?(nical.bugzilla) → review+
Assignee | ||
Comment 2•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b63d5963f1bb
Comment 3•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b63d5963f1bb
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox38:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Comment 4•9 years ago
|
||
This is one of the higher-ranking signatures for crashes on youtube.com in 37 Betas, from what I understand this landed only in 38, can you request and uplift to beta?
Flags: needinfo?(matt.woodrow)
Assignee | ||
Comment 5•9 years ago
|
||
Comment on attachment 8562488 [details] [diff] [review] avoid-empty-images Approval Request Comment [Feature/regressing bug #]: OMTC [User impact if declined]: Crashes on youtube.com [Describe test coverage new/current, TreeHerder]: Appears to have helped with crashstats. [Risks and why]: Very low risk. [String/UUID change made/needed]: None
Flags: needinfo?(matt.woodrow)
Attachment #8562488 -
Flags: approval-mozilla-beta?
Attachment #8562488 -
Flags: approval-mozilla-aurora?
Comment 6•9 years ago
|
||
Comment on attachment 8562488 [details] [diff] [review] avoid-empty-images Simple fix for a crash that has already been in 38 for 3 weeks. Note that 38 is now Aurora so Aurora uplift is not necessary. Beta+
Attachment #8562488 -
Flags: approval-mozilla-beta?
Attachment #8562488 -
Flags: approval-mozilla-beta+
Attachment #8562488 -
Flags: approval-mozilla-aurora?
Comment 7•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/05df69e4ada6
status-firefox37:
--- → fixed
Flags: in-testsuite-
Updated•9 years ago
|
Flags: qe-verify+
Comment 8•9 years ago
|
||
Verified the crash-stats: there are no crashes after the fix landed.
You need to log in
before you can comment on or make changes to this bug.
Description
•