Closed Bug 1260178 Opened 9 years ago Closed 9 years ago

crash in cairo_pattern_get_color_stop_rgba

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
46 Branch
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla48
Tracking Flags:
Tracking Status
firefox46 + fixed
firefox47 + fixed
firefox48 + fixed

People

(Reporter: calixte, Assigned: karlt)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

MozReview Request: bug 1260178 null check pattern from -unico-border-gradient r?acomminos
58 bytes, text/x-review-board-request
acomminos
: review+
ritu
: approval-mozilla-aurora+
lizzard
: approval-mozilla-beta+
Details
This bug was filed from the Socorro interface and is report bp-22ca161d-794d-4b57-b1b0-a7eee2160327. ============================================================= This signature just appeared the 2016-03-27, only at #64 in topcrash, it's a startup crash and it has been probably introduced by: http://hg.mozilla.org/releases/mozilla-aurora/rev/62de4de10ebb (bug 1211892) Stack cairo_pattern_get_color_stop_rgba nsLookAndFeel::Init() nsXPLookAndFeel::GetInstance() mozilla::LookAndFeel::GetInt(mozilla::LookAndFeel::IntID, int*) nsChromeRegistryChrome::CheckForOSAccessibility() ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport*) XREMain::XRE_mainRun() XREMain::XRE_main(int, char**, nsXREAppData const*) XRE_main do_main main libc-2.15.so@0x2176c _init firefox@0x84fb __libc_csu_fini firefox@0x84fb _start
% /home/karl/moz/dev/obj/toolkit/crashreporter/google-breakpad/src/tools/linux/dump_syms/dump_syms usr/lib/x86_64-linux-gnu/libcairo.so.2 2>/dev/null | grep MODULE MODULE Linux x86_64 110FD9AE8D2F08986E0A29E36278C31C0 libcairo.so.2 % addr2line -if -e usr/lib/debug/usr/lib/x86_64-linux-gnu/libcairo.so.2.11000.2 0x3cc60 cairo_pattern_get_color_stop_rgba /build/buildd/cairo-1.10.2/src/cairo-pattern.c:3185 Looks like there is a null pattern https://cgit.freedesktop.org/cgit/?url=cairo/tree/src/cairo-pattern.c&id=1.10.2#n3185 Offset 0x8 is consistent with https://cgit.freedesktop.org/cgit/?url=cairo/tree/src/cairo-types-private.h&id=1.10.2#n384 Can reproduce by commenting out the -unico-border-gradient declaration in this rule in gtk-widgets.css in Ambiance: .button, .frame, .notebook { border-style: solid; -unico-border-gradient: -gtk-gradient (linear, left top, left bottom, from (shade (@bg_color, 0.8)), to (shade (@bg_color, 0.76))); } Custom style property values are given their associated types, even when their (initial) values are null/none. https://git.gnome.org/browse/gtk+/tree/gtk/gtkcsscustomproperty.c?h=3.4.2#n89
Assignee: nobody → karlt
Blocks: 1211892
Status: NEW → ASSIGNED
status-firefox46: --- → affected
Keywords: regression
[Tracking Requested - why for this release]: Null deref crash with non-default Ubuntu 12.04 theme.
tracking-firefox46: --- → ?
Comment on attachment 8735706 [details] MozReview Request: bug 1260178 null check pattern from -unico-border-gradient r?acomminos https://reviewboard.mozilla.org/r/42921/#review39417
Attachment #8735706 - Flags: review?(andrew) → review+
Tracking for 46, we can uplift this once it look ok on m-c.
status-firefox48: --- → affected
tracking-firefox46: ?+
tracking-firefox47: --- → +
tracking-firefox48: --- → +
https://hg.mozilla.org/mozilla-central/rev/323653e6a3d9
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox48: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment on attachment 8735706 [details] MozReview Request: bug 1260178 null check pattern from -unico-border-gradient r?acomminos Approval Request Comment [Feature/regressing bug #]: bug 1211892 [User impact if declined]: Null deref start-up crash with non-default Ubuntu 12.04 theme. [Describe test coverage new/current, TreeHerder]: none. (Test machines use default Ubuntu 12.04 theme.) [Risks and why]: none. null check. [String/UUID change made/needed]: none (except for risks associated with continuing to run instead of crashing).
Attachment #8735706 - Flags: approval-mozilla-beta?
Attachment #8735706 - Flags: approval-mozilla-aurora?
I see some crashes here for 47 aurora but none for 46. Let's uplift this to aurora. If you feel strongly about beta 46 uplift please let me know.
Comment on attachment 8735706 [details] MozReview Request: bug 1260178 null check pattern from -unico-border-gradient r?acomminos Null check, Aurora47+
Attachment #8735706 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Oh wait. startup crash, gtk related? Maybe we should take this on beta.
Comment on attachment 8735706 [details] MozReview Request: bug 1260178 null check pattern from -unico-border-gradient r?acomminos Prevent potential startup crash for non default themes
Attachment #8735706 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Version: unspecified → 46 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: