Closed Bug 1131808 Opened 9 years ago Closed 9 years ago

Firefox crash in mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo

Categories

(Core :: Graphics: Layers, defect)

37 Branch
x86
Windows NT
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla38
Tracking Status
firefox37 --- verified
firefox38 --- verified

People

(Reporter: marcia, Assigned: mattwoodrow)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-7fd30f52-a4ed-4996-b901-5ca112150210.
=============================================================

Seen while performing some youtube.com tests on Windows Vista using the latest Aurora build. Link to all crashes: http://bit.ly/1KK1C5A

Crashes started showing up in crash stats using 2015013000 and continue until 2015020903

Haven't been able repro 100% but I have seen the same crash now twice on my machine. In one instance I was scrolling http://www.businessinsider.com/i-drove-for-uber-for-a-week-heres-what-its-really-like-2015-2

Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::StereoMode) 	gfx/layers/YCbCrImageDataSerializer.cpp
1 	xul.dll 	mozilla::layers::YCbCrImageDataSerializer::InitializeBufferInfo(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::StereoMode) 	gfx/layers/YCbCrImageDataSerializer.cpp
2 	xul.dll 	mozilla::layers::BufferTextureClient::AllocateForYCbCr(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::StereoMode) 	gfx/layers/client/TextureClient.cpp
3 	xul.dll 	mozilla::layers::TextureClient::CreateForYCbCr(mozilla::layers::ISurfaceAllocator*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>, mozilla::StereoMode, mozilla::layers::TextureFlags) 	gfx/layers/client/TextureClient.cpp
4 	xul.dll 	mozilla::layers::ImageClientSingle::UpdateImage(mozilla::layers::ImageContainer*, unsigned int) 	gfx/layers/client/ImageClient.cpp
5 	xul.dll 	mozilla::layers::UpdateImageClientNow 	gfx/layers/ipc/ImageBridgeChild.cpp
6 	xul.dll 	RunnableFunction<void (*)(mozilla::layers::CompositorParent*, unsigned __int64*), Tuple2<mozilla::layers::CompositorParent*, unsigned __int64*> >::Run() 	ipc/chromium/src/base/task.h
7 	xul.dll 	MessageLoop::DoWork() 	ipc/chromium/src/base/message_loop.cc
8 	xul.dll 	`anonymous namespace'::ThreadFunc(void*) 	ipc/chromium/src/base/platform_thread_win.cc
9 	kernel32.dll 	BaseThreadInitThunk 	
10 	kernel32.dll 	BasepIsDebugPortPresent 	
11 	ntdll.dll 	_RtlUserThreadStart
Looks like bufSize can be 0 if any of the YCbCr image dimensions are 0 (or negative).

That shouldn't really be happening, but we shouldn't crash if it does.
Assignee: nobody → matt.woodrow
Attachment #8562488 - Flags: review?(nical.bugzilla)
Attachment #8562488 - Flags: review?(nical.bugzilla) → review+
https://hg.mozilla.org/mozilla-central/rev/b63d5963f1bb
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
This is one of the higher-ranking signatures for crashes on youtube.com in 37 Betas, from what I understand this landed only in 38, can you request and uplift to beta?
Flags: needinfo?(matt.woodrow)
Comment on attachment 8562488 [details] [diff] [review]
avoid-empty-images

Approval Request Comment
[Feature/regressing bug #]: OMTC
[User impact if declined]: Crashes on youtube.com
[Describe test coverage new/current, TreeHerder]: Appears to have helped with crashstats.
[Risks and why]: Very low risk.
[String/UUID change made/needed]: None
Flags: needinfo?(matt.woodrow)
Attachment #8562488 - Flags: approval-mozilla-beta?
Attachment #8562488 - Flags: approval-mozilla-aurora?
Comment on attachment 8562488 [details] [diff] [review]
avoid-empty-images

Simple fix for a crash that has already been in 38 for 3 weeks. Note that 38 is now Aurora so Aurora uplift is not necessary. Beta+
Attachment #8562488 - Flags: approval-mozilla-beta?
Attachment #8562488 - Flags: approval-mozilla-beta+
Attachment #8562488 - Flags: approval-mozilla-aurora?
Flags: qe-verify+
Verified the crash-stats: there are no crashes after the fix landed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: