Closed
Bug 1267271
Opened 9 years ago
Closed 9 years ago
Crash at SkBitmap::getAddr8 SkBitmap::extractAlpha mozilla::gfx::DrawTargetSkia::DrawSurfaceWithShadow mozilla::dom::AdjustedTargetForShadow::~AdjustedTargetForShadow mozilla::dom::AdjustedTarget::~AdjustedTarget
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | unaffected |
| firefox48 | --- | fixed |
| firefox49 | --- | fixed |
People
(Reporter: cbook, Assigned: lsalzman)
References
()
Details
(Keywords: crash)
Attachments
(2 files)
|
378.38 KB,
text/plain
|
Details | |
|
1.15 KB,
patch
|
mchang
:
review+
abillings
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
found via bughunter and reproduced on a win7 debug build based on todays m-c tip
Steps to reproduce:
-> Load https://asicw.playngonetwork.com/Casino/PlayMobile?pid=185&gid=pimped&lang=zh_CN&ticket=52640-592P537D497W148L
--> Crash
|
Assignee | |
Comment 1•9 years ago
|
||
It appears that we're trying to draw a shadow for an empty surface. Skia is calling tmpBitmap.getAddr(0, 0) to get a result to the bitmap pixels, even though it will never actually use them because of the empty size. It is doing that right around here: https://dxr.mozilla.org/mozilla-central/source/gfx/skia/skia/src/core/SkBitmap.cpp#1049
The simplest fix for this is just to bail out before we have get there and end up calling extractAlpha on an empty bitmap.
|
||
Updated•9 years ago
|
Attachment #8744978 -
Flags: review?(mchang) → review+
|
||
Comment 3•9 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
|
|
Assignee | |
Comment 4•9 years ago
|
||
Comment on attachment 8744978 [details] [diff] [review]
skip empty surfaces in DrawTargetSkia::DrawSurfaceWithShadow
Approval Request Comment
[Feature/regressing bug #]: bug 1259621, 48+
[User impact if declined]: Possible canvas crash regression introduced by bug 1259621 against 48+. Fix needed for bug 1266106 as well.
[Describe test coverage new/current, TreeHerder]: mochitest, reftest
[Risks and why]: Basically none. Just skips drawing something in a case we shouldn't even be trying to.
[String/UUID change made/needed]: None
Attachment #8744978 -
Flags: approval-mozilla-aurora?
|
||
Updated•9 years ago
|
status-firefox47:
--- → affected
status-firefox48:
--- → affected
|
|
||
Updated•9 years ago
|
|
||
Comment 5•9 years ago
|
||
Comment on attachment 8744978 [details] [diff] [review]
skip empty surfaces in DrawTargetSkia::DrawSurfaceWithShadow
Approved for Aurora, check 'er in.
Attachment #8744978 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(In reply to Al Billings [:abillings] from comment #5)
> Comment on attachment 8744978 [details] [diff] [review]
> skip empty surfaces in DrawTargetSkia::DrawSurfaceWithShadow
>
> Approved for Aurora, check 'er in.
This makes sense. Abilling beat me to it, ;) let's uplift to Aurora48.
|
|
||
Comment 8•9 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•