Closed
Bug 1270797
Opened 9 years ago
Closed 9 years ago
Crash due to stack overflow in ComputeEffectiveTransformsForChildren
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox49 | --- | fixed |
People
(Reporter: cbook, Assigned: mattwoodrow)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
|
400.41 KB,
text/plain
|
Details | |
|
12.08 KB,
patch
|
mstange
:
review+
|
Details | Diff | Splinter Review |
Found via bughunter and reproduced on a windows 7 debug build as well as on a nightly opt build based on m-c tip also on mac
Steps to reproduce:
--> Load https://prevoty.com/
----> Crash
|
Reporter | |
Comment 1•9 years ago
|
||
and https://crash-stats.mozilla.com/report/index/ebefcb42-18e7-4ccf-a0a9-579652160506 for the opt crash
|
|
Reporter | |
Updated•9 years ago
|
Component: Graphics → Graphics: Layers
|
||
Updated•9 years ago
|
Summary: Crash in mozilla::gfx::Matrix4x4Typed<T> mozilla::gfx::Matrix4x4Typed<T>::operator*<T> const → Crash due to stack overflow in ComputeEffectiveTransformsForChildren
|
||
Comment 2•9 years ago
|
||
Maybe layout should avoid putting us in this situation?
Flags: needinfo?(matt.woodrow)
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → matt.woodrow
Flags: needinfo?(matt.woodrow)
|
|
Assignee | |
Comment 3•9 years ago
|
||
Attachment #8750546 -
Flags: review?(mstange)
|
||
Comment 4•9 years ago
|
||
Why is this necessary? What's happening here? Don't we still need different keys for different nsDisplayBlendMode items for the same frame?
|
|
Assignee | |
Comment 5•9 years ago
|
||
The problem is that we build two nsDisplayBlendContainers for the same frame, and FrameLayerBuilder gets confused and builds a ContainerLayer with itself as its first child.
We had mIndex to prevent this, but it was always zero, so didn't do anything.
As far as I can tell we can only ever have two blend containers per frame (one for mix-blend-mode, and one for background-blend-mode), so switching to a boolean seems sufficient (and clearer).
We can still build an arbitrary number of nsDisplayBlendModes, but those already use indexes correctly.
|
|
||
Comment 6•9 years ago
|
||
Oops, I got confused with nsDisplayBlendContainer vs nsDisplayBlendMode. Sounds good.
|
|
||
Comment 7•9 years ago
|
||
Comment on attachment 8750546 [details] [diff] [review]
double-blend-container
Review of attachment 8750546 [details] [diff] [review]:
-----------------------------------------------------------------
thanks
Attachment #8750546 -
Flags: review?(mstange) → review+
|
|
Reporter | |
Comment 9•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•