crash in SkPoint::setRectFan

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: adrian, Assigned: lsalzman)

Tracking

({crash})

44 Branch
x86_64
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(firefox45 wontfix, firefox46 unaffected, firefox47 unaffected, firefox48 unaffected, firefox-esr45 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
This bug was filed from the Socorro interface and is 
report bp-951ec2e3-1ec7-44f9-b6ac-da2c02160308.
=============================================================
Firefox crashes when attempting to draw two different fonts to a 2d canvas that will be used as a texture atlas for a webgl context.  The 2d canvas has ctx.globalCompositeOperation = "lighter"; enabled if that has any effect?

it is also broken in beta, but works in aurora as it seem that code no longer exists.

Thanks in advance, this is a huge blocker for us.

Comment 1

3 years ago
Crashes are flagged as critical, not blocker in general.

Could you provide a testcase to reproduce the crash, please.
Severity: blocker → critical
Flags: needinfo?(adrian)
Keywords: crash, testcase-wanted
(Assignee)

Comment 2

3 years ago
Created attachment 8729265 [details] [diff] [review]
check that SkPaint::textToGlyphs succeeds
Assignee: nobody → lsalzman
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8729265 - Flags: review?(jmuizelaar)
Duplicate of this bug: 1233416
Attachment #8729265 - Flags: review?(jmuizelaar) → review+
(Assignee)

Comment 4

3 years ago
Comment on attachment 8729265 [details] [diff] [review]
check that SkPaint::textToGlyphs succeeds

Approval Request Comment
[Feature/regressing bug #]: This works around an issue that has been present at least since 2014 when we were using an old version of Skia before we updated in 46. 45 and below are all affected. 
[User impact if declined]: Specific strings may be used to crash the browser on a null-pointer deference with canvas quite easily. The Skia update that is in 46+ uses incompatible code from what is being patched here and which is not affected at all by this particular bug, which is why this patch can only be applied to release/45 ESR and must bypass aurora/beta/central. Since we can't backport an entire Skia update, it is rather better to just patch the issue in the older Skia.
[Describe test coverage new/current, TreeHerder]: mochitests, reftests
[Risks and why]: The risk is currently low as in the absence of this change, the browser already crashes on these inputs. This simply makes the Skia canvas backend correctly ignore them, which is what it should be doing on these particular inputs (instead of crashing).
[String/UUID change made/needed]: None
Attachment #8729265 - Flags: approval-mozilla-release?
Attachment #8729265 - Flags: approval-mozilla-esr45?
Comment on attachment 8729265 [details] [diff] [review]
check that SkPaint::textToGlyphs succeeds

The number of crashes is quite low, not taking it in release but taking it in esr as we will maintain it for a while
Attachment #8729265 - Flags: approval-mozilla-release?
Attachment #8729265 - Flags: approval-mozilla-release-
Attachment #8729265 - Flags: approval-mozilla-esr45?
Attachment #8729265 - Flags: approval-mozilla-esr45+
https://hg.mozilla.org/releases/mozilla-esr45/rev/e8a805e5f3b09fb7023a17cb20316056f1d539aa
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox45: --- → wontfix
status-firefox46: --- → unaffected
status-firefox47: --- → unaffected
status-firefox48: --- → unaffected
status-firefox-esr45: --- → fixed
Flags: needinfo?(adrian)
Keywords: testcase-wanted
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.