Closed Bug 1328872 Opened 7 years ago Closed 7 years ago

Crash in CDIProperties<T>::SetValue

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Version:
50 Branch
Platform:
All
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1323837
Tracking Flags:
Tracking Status
firefox50 --- wontfix
firefox51 --- fixed
firefox52 --- fixed
firefox53 --- ?

People

(Reporter: philipp, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-f4560db6-5bc4-4b82-b17d-d17182161228.
=============================================================
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	d2d1.dll 	CDIProperties<ID2D1Effect>::SetValue(unsigned int, D2D1_PROPERTY_TYPE, unsigned char const*, unsigned int) 	
1 	xul.dll 	mozilla::gfx::DrawTargetD2D1::FinalizeDrawing(mozilla::gfx::CompositionOp, mozilla::gfx::Pattern const&) 	gfx/2d/DrawTargetD2D1.cpp:1330
2 	xul.dll 	mozilla::gfx::DrawTargetD2D1::Fill(mozilla::gfx::Path const*, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) 	gfx/2d/DrawTargetD2D1.cpp:517
3 	xul.dll 	mozilla::dom::CanvasRenderingContext2DBinding::fill 	obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:3316
4 	xul.dll 	js::jit::EnterBaselineMethod(JSContext*, js::RunState&) 	js/src/jit/BaselineJIT.cpp:200
5 	xul.dll 	js::TypeMonitorResult(JSContext*, JSScript*, unsigned char*, JS::Value const&) 	js/src/vm/TypeInference.cpp:3268
6 	xul.dll 	GetPropertyOperation 	js/src/vm/Interpreter.cpp:189
7 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp:3032
8 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp:2873
9 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp:399
10 	xul.dll 	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp:471
11 	xul.dll 	InternalCall 	js/src/vm/Interpreter.cpp:498
12 	xul.dll 	mozilla::dom::EventBinding::Wrap<mozilla::dom::Event>(JSContext*, mozilla::dom::Event*, JS::Handle<JSObject*>) 	obj-firefox/dist/include/mozilla/dom/EventBinding.h:105
13 	xul.dll 	mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) 	obj-firefox/dom/bindings/EventHandlerBinding.cpp:259
14 	xul.dll 	mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*) 	obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:361
15 	xul.dll 	mozilla::JSEventHandler::HandleEvent(nsIDOMEvent*) 	dom/events/JSEventHandler.cpp:214
16 	xul.dll 	nsDocLoader::DoFireOnStateChange(nsIWebProgress* const, nsIRequest* const, int&, nsresult) 	uriloader/base/nsDocLoader.cpp:1251
17 	xul.dll 	nsDocLoader::FireOnStateChange(nsIWebProgress*, nsIRequest*, int, nsresult) 	uriloader/base/nsDocLoader.cpp:1216
18 	xul.dll 	nsDocLoader::FireOnStateChange(nsIWebProgress*, nsIRequest*, int, nsresult) 	uriloader/base/nsDocLoader.cpp:1216
19 	xul.dll 	nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) 	uriloader/base/nsDocLoader.cpp:608
20 	xul.dll 	cmyk_convert_rgb 	image/decoders/nsJPEGDecoder.cpp:1008
21 	xul.dll 	nsIContent::PreHandleEvent(mozilla::EventChainPreVisitor&) 	dom/base/FragmentOrElement.cpp:780
22 	xul.dll 	mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) 	dom/events/EventDispatcher.cpp:710
23 	xul.dll 	mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) 	dom/events/EventDispatcher.cpp:776
24 	xul.dll 	nsINode::DispatchEvent(nsIDOMEvent*, bool*) 	dom/base/nsINode.cpp:1297
25 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1076
26 		@0xd1e15fff 	
27 		@0xf9004ff6 	
28 	xul.dll 	nsXULTemplateQueryProcessorRDF::GenerateResults(nsISupports*, nsIXULTemplateResult*, nsISupports*, nsISimpleEnumerator**) 	dom/xul/templates/nsXULTemplateQueryProcessorRDF.cpp:437
29 	xul.dll 	AffixMgr::morphgen(char const*, int, unsigned short const*, unsigned short, char const*, char const*, int) 	extensions/spellcheck/hunspell/src/affixmgr.cxx:3336
30 	xul.dll 	u_strToPunycode_56 	intl/icu/source/common/punycode.cpp:253
31 		@0xbfffff

this crash signature started increasing in numbers starting on 2017-01-01. it's occurring on windows 7 & upwards. on 50.1.0 it is now accounting for 0.22% of browser crashes.

some of the user comments in those crashes say that people were playing games online like "word link" on royalgames, put one of the most striking correlation is the percentage of users with an estonian locale affected by this type of crash.

Correlations for Firefox Release:
(97.86% in signature vs 00.95% overall) address = 0x8
(100.0% in signature vs 34.61% overall) reason = EXCEPTION_ACCESS_VIOLATION_READ
(95.01% in signature vs 33.80% overall) Module "qasf.dll" = true
(100.0% in signature vs 43.95% overall) Module "xmllite.dll" = true
(95.49% in signature vs 38.23% overall) Module "MP3DMOD.DLL" = true
(95.72% in signature vs 40.04% overall) Module "msdmo.dll" = true
(100.0% in signature vs 46.62% overall) Module "d2d1.dll" = true
(100.0% in signature vs 47.93% overall) "D2D1.1+" in app_notes = true
(100.0% in signature vs 47.94% overall) "DWrite+" in app_notes = true
(100.0% in signature vs 47.94% overall) "DWrite?" in app_notes = true
(96.20% in signature vs 42.78% overall) Module "quartz.dll" = true
(51.31% in signature vs 00.15% overall) useragent_locale = et
(100.0% in signature vs 58.07% overall) Module "d3d11.dll" = true
(70.31% in signature vs 25.97% overall) Module "MSAudDecMFT.dll" = true
(68.88% in signature vs 25.07% overall) Module "RTWorkQ.dll" = true
(41.81% in signature vs 00.16% overall) Module "onepin-opensc-pkcs11.dll" = true
(41.09% in signature vs 00.15% overall) Addon "{aa84ce40-4253-a00a-8cd6-0800200f9a67}" = true
(50.36% in signature vs 09.88% overall) Module "WMVCORE.DLL" = true
(50.36% in signature vs 09.89% overall) Module "WMASF.DLL" = true
(41.81% in signature vs 01.45% overall) Module "WinSCard.dll" = true
(58.67% in signature vs 20.08% overall) Module "mfperfhelper.dll" = true
(50.36% in signature vs 14.28% overall) Module "igd10iumd32.dll" = true
(50.59% in signature vs 16.91% overall) Module "ncrypt.dll" = true
(43.23% in signature vs 11.25% overall) Module "ntasn1.dll" = true
(46.08% in signature vs 15.06% overall) Module "cabinet.dll" = true
(43.23% in signature vs 12.90% overall) Module "igdusc32.dll" = true
Pages from http://www.ohtuleht.ee/ and http://www.okidoki.ee/ are pretty common (often pages with videos).
I think this bug is duplicate with Bug 1323837.
Need uplift in Bug 1323837.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Since bug 1323837 was fixed, mark 51/52 fixed.
status-firefox51: affectedfixed
status-firefox52: affectedfixed
You need to log in before you can comment on or make changes to this bug.