Firefox 44.0a1 Crash [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ]

RESOLVED FIXED in Firefox 44

Status

()

defect
--
critical
RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: gladjonatan, Assigned: jimm)

Tracking

({crash, topcrash, topcrash-win})

44 Branch
mozilla44
Unspecified
Windows
Points:
---

Firefox Tracking Flags

(firefox44 fixed)

Details

(crash signature, )

Attachments

(1 attachment)

Reporting on a top-crasher.
Crash Signature: [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ]
Crash Signature: [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ] → [@ mozilla::layers::CompositorParent::UpdatePluginWindowState(unsigned __int64) ] [@ mozilla::layers::CompositorParent::UpdatePluginWindowState ]
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: nobody → jmathies
Posted patch patchSplinter Review
We access the layer tree state here on the compositor thread while in a composition call so lts data should be in good shape. However no lock is held on lts during this plugin update call and it looks like we can update this data from other threads.. hence the easily accessible lts lock. The crash isn't a null deref so it's not entirely clear what's going wrong, but acquiring the standard lts lock should hopefully fix it.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=eeaa0842d203
Attachment #8674269 - Attachment is patch: true
Attachment #8674269 - Flags: review?(matt.woodrow)
This lock is request during calls to CompositorParent::CompositeToTarget when the thread is down in a AutoResolveRefLayers, afaict this looks safe - 

http://mxr.mozilla.org/mozilla-central/source/gfx/layers/ipc/CompositorParent.cpp#1024
Attachment #8674269 - Flags: review?(matt.woodrow) → review+
https://hg.mozilla.org/mozilla-central/rev/938c7a3c65e4
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Moving from Core::Untriaged to Core::General https://bugzilla.mozilla.org/show_bug.cgi?id=1407598
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.