Closed
Bug 1135066
Opened 9 years ago
Closed 9 years ago
SEGV in mozilla::layers::BufferTextureClient::AllocateForSurface
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox37 | --- | wontfix |
firefox38 | --- | fixed |
firefox39 | --- | fixed |
firefox-esr31 | --- | wontfix |
firefox-esr38 | --- | fixed |
b2g-v2.0 | --- | unaffected |
b2g-v2.0M | --- | unaffected |
b2g-v2.1 | --- | unaffected |
b2g-v2.1S | --- | unaffected |
b2g-v2.2 | --- | unaffected |
b2g-master | --- | unaffected |
People
(Reporter: milan, Assigned: milan)
References
Details
(Keywords: sec-moderate, Whiteboard: [adv-main38+][post-critsmash-triage])
Attachments
(2 files, 1 obsolete file)
2.20 KB,
patch
|
mstange
:
review+
abillings
:
approval-mozilla-aurora+
lmandel
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
4.94 KB,
patch
|
mstange
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1095925 +++ The test case from bug 1095925 crashes OS X with a different signature.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → milan
Whiteboard: [adv-main36+]
Assignee | ||
Comment 1•9 years ago
|
||
Note: This does not crash on Windows.
Attachment #8567107 -
Flags: review?(jmuizelaar)
Assignee | ||
Updated•9 years ago
|
Attachment #8567107 -
Flags: review?(jmuizelaar) → review?(mstange)
Comment 2•9 years ago
|
||
Doesn't this mean we'll hit the MOZ_ASSERT(mCGContext) further down? We're only trying to create a CG DrawTarget because our existing one is something else, so if we continue with the old value of dt then borrowing a CGContext from that won't work, BorrowedCGContext::BorrowCGContextFromDrawTarget will return null.
Assignee | ||
Comment 3•9 years ago
|
||
Yeah, you're right; we get out the other end in the release build, but there are asserts that fire in debug.
Assignee | ||
Updated•9 years ago
|
Attachment #8567107 -
Attachment is obsolete: true
Attachment #8567107 -
Flags: review?(mstange)
Assignee | ||
Comment 4•9 years ago
|
||
Attachment #8573492 -
Flags: review?(mstange)
Updated•9 years ago
|
Attachment #8573492 -
Flags: review?(mstange) → review+
Assignee | ||
Comment 5•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1981a2467ef3
Assignee | ||
Updated•9 years ago
|
Keywords: checkin-needed
Comment 6•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/e4a81270915c Based on bug 1095925, I assume this is also wontfix for esr31. I assume we want this on Aurora/Beta however?
status-firefox37:
--- → affected
status-firefox38:
--- → affected
status-firefox39:
--- → fixed
status-firefox-esr31:
--- → wontfix
Flags: needinfo?(milan)
Flags: in-testsuite?
Keywords: checkin-needed
Comment 7•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e4a81270915c
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Comment 8•9 years ago
|
||
Comment on attachment 8573492 [details] [diff] [review] Catch failed CreateDrawTarget. r=mstange Let me know if you think this is critical enough for beta uplift, otherwise I think we're good with just Aurora, and mostly because it will become ESR. Approval Request Comment [Feature/regressing bug #]: [User impact if declined]: OS X sec-moderate in 38 (eventually ESR) [Describe test coverage new/current, TreeHerder]: None; will check if we can create an automated test for this but not land it until this fix releases. [Risks and why]: Low. Avoid dereferencing null pointer. [String/UUID change made/needed]: n/a
Flags: needinfo?(milan)
Attachment #8573492 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 9•9 years ago
|
||
Don't know about the timing for landing this - I imagine only after this fix is in the release?
Attachment #8574879 -
Flags: review?(mstange)
Comment 10•9 years ago
|
||
Comment on attachment 8573492 [details] [diff] [review] Catch failed CreateDrawTarget. r=mstange I wouldn't mind this on beta just for completeness if the patch applies cleanly.
Attachment #8573492 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•9 years ago
|
Attachment #8574879 -
Flags: review?(mstange) → review+
Comment 11•9 years ago
|
||
Comment on attachment 8573492 [details] [diff] [review] Catch failed CreateDrawTarget. r=mstange Per comment 10.
Attachment #8573492 -
Flags: approval-mozilla-beta?
Assignee | ||
Comment 12•9 years ago
|
||
For the automated test: https://treeherder.mozilla.org/#/jobs?repo=try&revision=75ac8b25170d The test does fail before the fix: https://treeherder.mozilla.org/#/jobs?repo=try&revision=5e61d5ddd732
Assignee | ||
Comment 13•9 years ago
|
||
Leave NI on me to remember to land the test once the fix is in all the trains.
Flags: needinfo?(milan)
Comment 15•9 years ago
|
||
Comment on attachment 8573492 [details] [diff] [review] Catch failed CreateDrawTarget. r=mstange While this is a straightforward patch, I don't think "completeness" is enough justification to take the change in Beta at this point. Let's let this ride the 38 train.
Attachment #8573492 -
Flags: approval-mozilla-beta? → approval-mozilla-beta-
Updated•9 years ago
|
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(milan)
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(milan)
Updated•9 years ago
|
Whiteboard: [adv-main38+]
Updated•9 years ago
|
status-b2g-v2.0:
--- → unaffected
status-b2g-v2.0M:
--- → unaffected
status-b2g-v2.1:
--- → unaffected
status-b2g-v2.1S:
--- → unaffected
status-b2g-v2.2:
--- → unaffected
status-b2g-master:
--- → unaffected
status-firefox-esr38:
--- → fixed
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(milan)
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Whiteboard: [adv-main38+] → [adv-main38+][post-critsmash-triage]
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•