crash in nsWindow::ClearTranslucentWindow

REOPENED
Assigned to

Status

()

Core
Graphics
P3
critical
REOPENED
3 years ago
2 years ago

People

(Reporter: philipp, Assigned: jrmuizel, NeedInfo)

Tracking

(Depends on: 1 bug, {crash})

42 Branch
x86
Windows
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: gfx-noted, crash signature)

(Reporter)

Description

3 years ago
This bug was filed from the Socorro interface and is 
report bp-663b382c-77be-4c85-8c5d-63f622151206.
=============================================================
Crashing Thread
Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWindow::ClearTranslucentWindow() 	widget/windows/nsWindow.cpp
1 	xul.dll 	nsWindow::Show(bool) 	widget/windows/nsWindow.cpp
2 	xul.dll 	nsView::DoResetWidgetBounds(bool, bool) 	view/nsView.cpp
3 	xul.dll 	nsViewManager::ProcessPendingUpdatesRecurse(nsView*, nsTArray<nsCOMPtr<nsIWidget> >&) 	view/nsViewManager.cpp
4 	xul.dll 	nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) 	view/nsViewManager.cpp
5 	xul.dll 	nsViewManager::UpdateWidgetGeometry() 	view/nsViewManager.cpp
6 	xul.dll 	PresShell::FlushPendingNotifications(mozilla::ChangesToFlush) 	layout/base/nsPresShell.cpp
7 	xul.dll 	PresShell::FlushPendingNotifications(mozFlushType) 	layout/base/nsPresShell.cpp
8 	xul.dll 	nsDocument::FlushPendingNotifications(mozFlushType) 	dom/base/nsDocument.cpp
9 	xul.dll 	nsGlobalWindow::GetInnerScreenRect() 	dom/base/nsGlobalWindow.cpp
10 	xul.dll 	nsGlobalWindow::GetMozInnerScreenXOuter() 	dom/base/nsGlobalWindow.cpp
11 	xul.dll 	nsGlobalWindow::GetMozInnerScreenX(mozilla::ErrorResult&) 	dom/base/nsGlobalWindow.cpp
12 	xul.dll 	mozilla::dom::WindowBinding::get_mozInnerScreenX 	obj-firefox/dom/bindings/WindowBinding.cpp
13 	xul.dll 	mozilla::dom::WindowBinding::genericGetter 	obj-firefox/dom/bindings/WindowBinding.cpp
14 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
15 	xul.dll 	js::MutableValueOperations<JS::MutableHandle<JS::Value> >::setNumber(double) 	js/public/Value.h
16 	xul.dll 	XPCConvert::NativeData2JS(JS::MutableHandle<JS::Value>, void const*, nsXPTType const&, nsID const*, nsresult*) 	js/xpconnect/src/XPCConvert.cpp
17 	xul.dll 	nsIFrame::AddCSSMinSize(nsBoxLayoutState&, nsIFrame*, nsSize&, bool&, bool&) 	layout/xul/nsBox.cpp
18 	xul.dll 	mozilla::dom::MouseEvent::ScreenX() 	dom/events/MouseEvent.cpp
19 	xul.dll 	mozilla::dom::MouseEventBinding::get_screenX 	obj-firefox/dom/bindings/MouseEventBinding.cpp
20 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
Ø 21 	igd10umd32.dll 	igd10umd32.dll@0x1275c2 	
22 		@0xffffff87 	
23 	xul.dll 	mozilla::dom::Element::GetAttr(int, nsIAtom*, nsAString_internal&) 	dom/base/Element.cpp
24 	xul.dll 	nsBoxFrame::GetMaxSize(nsBoxLayoutState&) 	layout/xul/nsBoxFrame.cpp

this crash signature on windows has been around for a bit (probably started around 38). there aren't any interesting correlations for any particular models or gpu vendors.
Looks like we're probably getting back a null drawtarget.
Component: General → Graphics
Duplicate of this bug: 1280244
Crash Signature: [@ nsWindow::ClearTranslucentWindow] [@ nsWindow::ClearTranslucentWindow()] → [@ nsWindow::ClearTranslucentWindow] [@ nsWindow::ClearTranslucentWindow()] [@ mozilla::widget::WinCompositorWidgetProxy::ClearTransparentWindow ]
Assignee: nobody → jmuizelaar
nsWindow::ClearTranslucentWindow() has been removed. I'm not sure which bug fixed it, but it's present in Beta (48) and not present in Aurora (49).
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
It got renamed to mozilla::widget::WinCompositorWidgetProxy::ClearTransparentWindow
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Thank you for reopening. Bug 1282526 is marked as a blocker, and it looks somewhat complicated. Is it worth doing a simple fix for now -- i.e. just handle the case where CreateDrawTargetForSurface() returns null by returning some kind of error? This is currently the #52 topcrash in 47.0.1.
Flags: needinfo?(jmuizelaar)
So, I expect I fixed this in bug 1289236. The fix largely amounted to a null check. I think that's probably appropriate here too. We should probably get that on beta and aurora.
Flags: needinfo?(jmuizelaar)
(In reply to Jeff Muizelaar [:jrmuizel] from comment #6)
> So, I expect I fixed this in bug 1289236. The fix largely amounted to a null
> check. I think that's probably appropriate here too. We should probably get
> that on beta and aurora.

I don't see a null check, though that bug's patch did add an IsEmpty() check -- is that what you are referring to? Perhaps a MOZ_ASSERT(drawTarget) or MOZ_RELEASE_ASSERT(drawTarget) could be added as well, and possibly a comment, to make things clearer.

Can you push this through, Jeff?
Flags: needinfo?(jmuizelaar)
BTW, the following search indicates that this is OOM-related:

https://crash-stats.mozilla.com/search/?signature=~nsWindow%3A%3AClearTranslucentWindow&_sort=-date&_facets=signature&_facets=contains_memory_report&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature

Of the 1661 occurrences of crashes with the signature "[@ nsWindow::ClearTranslucent]" in the past 7 days, 1072 of them have a ContainsMemoryReport=1 field, which indicates that memory was low near the time of crash. (See the "Contains memory report" facet in the search output.)
Crash Signature: [@ nsWindow::ClearTranslucentWindow] [@ nsWindow::ClearTranslucentWindow()] [@ mozilla::widget::WinCompositorWidgetProxy::ClearTransparentWindow ] → [@ nsWindow::ClearTranslucentWindow] [@ mozilla::widget::WinCompositorWidgetProxy::ClearTransparentWindow ]
This is currently #45 for the week in Firefox 48.0.2 and #107 for the week in Firefox 49.0.1 but I don't see any reports in 50 Beta, 51 Aurora, nor 52 Nightly as of yet.
status-firefox42: affected → ---
status-firefox43: affected → ---
status-firefox44: affected → ---
status-firefox45: affected → ---
OS: Windows NT → Windows
Priority: -- → P3
Whiteboard: gfx-noted
Version: 43 Branch → 42 Branch
You need to log in before you can comment on or make changes to this bug.