Closed
Bug 1294133
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::ContainerState::GetLayerCreationHint
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
People
(Reporter: philipp, Assigned: tnikkel)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
1.03 KB,
patch
|
mattwoodrow
:
review+
gchang
:
approval-mozilla-aurora+
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-48bddb54-1e56-41c0-b6bd-db8c12160810. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll mozilla::ContainerState::GetLayerCreationHint(AnimatedGeometryRoot*) layout/base/FrameLayerBuilder.cpp:2193 1 xul.dll mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) layout/base/FrameLayerBuilder.cpp:4029 2 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits> const*, unsigned int) layout/base/FrameLayerBuilder.cpp:5289 3 xul.dll mozilla::dom::XULDocument::ResumeWalk() dom/xul/XULDocument.cpp:2801 4 xul.dll js::detail::HashTable<js::HashMapEntry<js::jit::CacheIRStubKey, js::ReadBarriered<js::jit::JitCode*> >, js::HashMap<js::jit::CacheIRStubKey, js::ReadBarriered<js::jit::JitCode*>, js::jit::CacheIRStubKey, js::RuntimeAllocPolicy>::MapHashPolicy, js::RuntimeAllocPolicy>::prepareHash(js::jit::CacheIRStubKey::Lookup const&) obj-firefox/dist/include/js/HashTable.h:1205 5 mozglue.dll arena_dalloc_small memory/mozjemalloc/jemalloc.c:4609 6 mozglue.dll je_free memory/mozjemalloc/jemalloc.c:6479 7 xul.dll mozilla::Vector<RefPtr<js::PerformanceGroup>, 0, mozilla::MallocAllocPolicy>::growStorageBy(unsigned int) obj-firefox/dist/include/mozilla/Vector.h:948 8 xul.dll js::AutoStopwatch::addToGroup(JSRuntime*, unsigned __int64, unsigned __int64, js::PerformanceGroup*) js/src/vm/Stopwatch.cpp:389 9 @0x44e773 10 @0x2 11 xul.dll AutoGCIfRequested::~AutoGCIfRequested() js/src/vm/Interpreter.cpp:408 12 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:473 13 xul.dll InternalCall js/src/vm/Interpreter.cpp:497 14 xul.dll mozilla::dom::AutoJSAPI::ReportException() dom/base/ScriptSettings.cpp:615 crashes with this signature are appearing in crash stats data since firefox 45 and it looks related to the new code in bug 1222880. also, it's frequency is on rise with 49.0b1, where the signature is currently making up 0.14% of browser crashes.
|
||
Comment 1•8 years ago
|
||
Looks like we need a null check here. https://hg.mozilla.org/mozilla-unified/annotate/f21e48559ecd/layout/base/FrameLayerBuilder.cpp#l2191
|
Assignee | |
Comment 2•8 years ago
|
||
Assignee: nobody → tnikkel
Attachment #8779899 -
Flags: review?(matt.woodrow)
|
||
Updated•8 years ago
|
Attachment #8779899 -
Flags: review?(matt.woodrow) → review+
Pushed by tnikkel@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0bd27824832d Null check animated geometry root. r=mattwoodrow
|
||
Comment 4•8 years ago
|
||
Small crash volume, so, we won't take a fix in 48 as ride along. However, happy to take the fix in 49 (beta)
|
||
Comment 5•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/0bd27824832d
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
|
||
Comment 6•8 years ago
|
||
Hi :tnikkel, Since this bug is a regression and also affects 49/50, are you also considering to uplift this patch to 49/50?
Flags: needinfo?(tnikkel)
|
|
Assignee | |
Comment 7•8 years ago
|
||
Comment on attachment 8779899 [details] [diff] [review] nullagr Approval Request Comment [Feature/regressing bug #]: bug 1222880 [User impact if declined]: crashes [Describe test coverage new/current, TreeHerder]: none, we don't have a testcase [Risks and why]: safe, it's a null check [String/UUID change made/needed]: none
Flags: needinfo?(tnikkel)
Attachment #8779899 -
Flags: approval-mozilla-beta?
Attachment #8779899 -
Flags: approval-mozilla-aurora?
|
|
||
Comment 8•8 years ago
|
||
Comment on attachment 8779899 [details] [diff] [review] nullagr Review of attachment 8779899 [details] [diff] [review]: ----------------------------------------------------------------- This patch fixes a crash. Take it in 49 beta and 50 aurora. Should be in 49 beta 5.
Attachment #8779899 -
Flags: approval-mozilla-beta?
Attachment #8779899 -
Flags: approval-mozilla-beta+
Attachment #8779899 -
Flags: approval-mozilla-aurora?
Attachment #8779899 -
Flags: approval-mozilla-aurora+
|
||
Comment 9•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-aurora/rev/3776dd28c3cb
|
||
Comment 11•8 years ago
|
||
Crash volume for signature 'mozilla::ContainerState::GetLayerCreationHint':
- nightly (version 51): 3 crashes from 2016-08-01.
- aurora (version 50): 43 crashes from 2016-08-01.
- beta (version 49): 391 crashes from 2016-08-02.
- release (version 48): 7 crashes from 2016-07-25.
- esr (version 45): 82 crashes from 2016-05-02.
Crash volume on the last weeks (Week N is from 08-22 to 08-28):
W. N-1 W. N-2 W. N-3
- nightly 0 0 3
- aurora 13 18 12
- beta 146 185 55
- release 2 3 1
- esr 12 3 8
Affected platform: Windows
Crash rank on the last 7 days:
Browser Content Plugin
- nightly
- aurora #632
- beta #287
- release #4990
- esr #918
status-firefox-esr45:
--- → affected
You need to log in
before you can comment on or make changes to this bug.
Description
•