Closed Bug 1239392 Opened 8 years ago Closed 8 years ago

Accessing to a ico with img tag and height attribute, crash tab (e10s) or browser

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
43 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla46
Tracking Flags:
Tracking Status
e10s - ---
firefox42 --- unaffected
firefox43 --- affected
firefox44 --- affected
firefox45 --- affected
firefox46 --- fixed
firefox-esr38 --- unaffected

People

(Reporter: ldardini, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression, testcase, Whiteboard: [gfx-noted] [fixed by patch from Bug #1207958])

Crash Data

Attachments

(2 files)

mirtapbx.ico
13.79 KB, image/vnd.microsoft.icon
Details
crashcorelation.png
204.86 KB, image/png
Details
Attached image mirtapbx.ico 
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36

Steps to reproduce:

Please create the following HTML file:

<img height="30px" src="mirtapbx.ico">




Actual results:

Mozilla crashes.

If you omit the "height" parameter, it works, if you set the height, it crashes.


Expected results:

Display the little .ico file
URL: http://demo.mirtapbx.com/test.html
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ skia::ConvolveHorizontally_SSE2 ]
status-firefox43: --- → affected
status-firefox44: --- → affected
status-firefox45: --- → affected
status-firefox46: --- → affected
Ever confirmed: true
Keywords: crash, testcase
OS: Linux → All
Hardware: x86_64 → All
Summary: Accessing a simple one row HTML containing an img type ico with an height attribute, crash Mozilla → Accessing to a ico with img tag and height attribute, crash tab (e10s) or browser
I was not able to reproduce this following the STR. Does this still occur on nightly, and on what platforms?
Flags: needinfo?(ldardini)
Confirmed fixed in Nightly.

Seems to https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2e50b83954e62d52d2ef294e850c4380d457d96a&tochange=977d78a8dd78afbc0153d37fd9887c3a200dce6a
82552109870e	Edwin Flores — Bug 1207958 - Fix heuristic for choosing which ICO sub-image to render - r=tn
Flags: needinfo?(edwin)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [gfx-noted] → [gfx-noted] [fixed by patch from Bug #1207958]
If this landed on Jan. 15th in m-c that would be fixed in 46.
status-firefox46: affectedfixed
Target Milestone: --- → mozilla46
I am not entirely sure if a new bug should be filed however there is a report from SUMO that this is happening again in 46.0.1 on Windows 7 and in Safe Mode

thread: https://support.mozilla.org/en-US/questions/1125149

I attached an image with the correlations, it looks like its under 100, some are seeing it again in 46.
Flags: needinfo?(lhenry)
OK, looks like 47 is still affected too. Thanks. Edwin, what do you think?
Flags: needinfo?(lhenry) → needinfo?(edwin)
(In reply to rmcguigan from comment #5)
> I am not entirely sure if a new bug should be filed however there is a
> report from SUMO that this is happening again in 46.0.1 on Windows 7 and in
> Safe Mode
> 
> thread: https://support.mozilla.org/en-US/questions/1125149
> 
> I attached an image with the correlations, it looks like its under 100, some
> are seeing it again in 46.

In fact, the issue you linked from SUMO has the same regression range but it's not fixed in 46/49 by bug Bug 1207958 contrary to this current bug.
The remaining crash is tracked in bug 1277741, so let's continue the discussion on the other bug.
Crash volume for signature 'skia::ConvolveHorizontally_SSE2':
 - nightly (version 50): 3 crashes from 2016-06-06.
 - aurora  (version 49): 3 crashes from 2016-06-07.
 - beta    (version 48): 100 crashes from 2016-06-06.
 - release (version 47): 615 crashes from 2016-05-31.
 - esr     (version 45): 14 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          1          0          2          0          0
 - aurora           0          1          0          1          1          0          0
 - beta             6         15         17         16         16         19          3
 - release         78         97         91         92         88         86         36
 - esr              0          2          1          3          2          2          0

Affected platforms: Windows, Mac OS X, Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox49: --- → affected
status-firefox50: --- → affected
status-firefox-esr45: --- → affected
RMA bot is drunk, this current bug has been fixed since 46. And the other bug 1277741 with same crash signature is fixed in 48+.
status-firefox47: affected → ---
status-firefox48: affected → ---
status-firefox49: affected → ---
status-firefox50: affected → ---
Crash volume for signature 'skia::ConvolveHorizontally_SSE2':
 - nightly (version 50): 3 crashes from 2016-06-06.
 - aurora  (version 49): 3 crashes from 2016-06-07.
 - beta    (version 48): 97 crashes from 2016-06-06.
 - release (version 47): 597 crashes from 2016-05-31.
 - esr     (version 45): 13 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          1          0          2          0          0
 - aurora           0          1          0          1          1          0          0
 - beta             6         13         17         16         16         19          3
 - release         78         81         91         92         88         86         36
 - esr              0          1          1          3          2          2          0

Affected platforms: Windows, Mac OS X, Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox49: --- → affected
status-firefox50: --- → affected
(In reply to Loic from comment #10)
> RMA bot is drunk, this current bug has been fixed since 46. And the other
> bug 1277741 with same crash signature is fixed in 48+.

Hmmm. Maybe there are additional causes for the skia::ConvolveHorizontally_SSE2 signature?
Calixte, fyi for commentary on the bot.  It's choosing the most recently active bug associated with the signature, right?  
We should likely open a new bug here.
Flags: needinfo?(cdenizet)
Liz, normally this bug is fixed now: https://github.com/mozilla/clouseau/commit/69ac3148168395e336e52968cebe3d38415e135d
Flags: needinfo?(cdenizet)
Flags: needinfo?(edwin.bugs)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: