Firefox 44.0a1 Crash [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ]

RESOLVED FIXED in Firefox 44

Status

()

Core
General
--
critical
RESOLVED FIXED
2 years ago
8 days ago

People

(Reporter: Jonatan Svensson Glad, Assigned: jimm)

Tracking

({crash, topcrash, topcrash-win})

44 Branch
mozilla44
Unspecified
Windows
crash, topcrash, topcrash-win
Points:
---

Firefox Tracking Flags

(firefox44 fixed)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Reporting on a top-crasher.
(Reporter)

Updated

2 years ago
Crash Signature: [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ]
Keywords: crash, topcrash, topcrash-win

Updated

2 years ago
Crash Signature: [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ] → [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ] [@ mozilla::layers::CompositorParent::UpdatePluginWindowState ]
(Assignee)

Updated

2 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Updated

2 years ago
Assignee: nobody → jmathies
(Assignee)

Comment 1

2 years ago
Created attachment 8674269 [details] [diff] [review]
patch

We access the layer tree state here on the compositor thread while in a composition call so lts data should be in good shape. However no lock is held on lts during this plugin update call and it looks like we can update this data from other threads.. hence the easily accessible lts lock. The crash isn't a null deref so it's not entirely clear what's going wrong, but acquiring the standard lts lock should hopefully fix it.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=eeaa0842d203
(Assignee)

Updated

2 years ago
Attachment #8674269 - Attachment is patch: true
(Assignee)

Updated

2 years ago
Attachment #8674269 - Flags: review?(matt.woodrow)
(Assignee)

Comment 2

2 years ago
This lock is request during calls to CompositorParent::CompositeToTarget when the thread is down in a AutoResolveRefLayers, afaict this looks safe - 

http://mxr.mozilla.org/mozilla-central/source/gfx/layers/ipc/CompositorParent.cpp#1024
Attachment #8674269 - Flags: review?(matt.woodrow) → review+

Comment 3

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/938c7a3c65e4
https://hg.mozilla.org/mozilla-central/rev/938c7a3c65e4
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox44: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
https://hg.mozilla.org/mozilla-central/rev/938c7a3c65e4
(Assignee)

Comment 6

2 years ago
Looks good, last report was for the 20151019 build.

https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Alayers%3A%3ACompositorParent%3A%3AUpdatePluginWindowState#tab-reports
Moving from Core::Untriaged to Core::General https://bugzilla.mozilla.org/show_bug.cgi?id=1407598
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.