Closed Bug 1347860 Opened 8 years ago Closed 8 years ago

Intermittent dom/canvas/test/webgl-conf/generated/test_2_conformance2__textures__video__tex-3d-r16f-red-half_float.html | application crashed [@ RefPtr<mozilla::layers::Image>::assign_with_AddRef(mozilla::layers::Image*)]

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox52 --- unaffected
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: kaku)

References

Details

(Keywords: crash, intermittent-failure)

Sotaro: could you take a look at this ? Thanks PROCESS-CRASH | dom/canvas/test/webgl-conf/generated/test_2_conformance2__textures__video__tex-3d-r16f-red-half_float.html | application crashed [@ mozilla::layers::ImageLayerComposite::~ImageLayerComposite()] 01:49:54 INFO - Crash dump filename: /var/folders/fh/gqfg3vms4y13dn0t_fnkbgy000000w/T/tmp6S7rgG.mozrunner/minidumps/0EC1F0EC-825A-4371-AD37-EA8E40CED589.dmp 01:49:54 INFO - Operating system: Mac OS X 01:49:54 INFO - 10.10.5 14F27 01:49:54 INFO - CPU: amd64 01:49:54 INFO - family 6 model 69 stepping 1 01:49:54 INFO - 4 CPUs 01:49:54 INFO - 01:49:54 INFO - GPU: UNKNOWN 01:49:54 INFO - 01:49:54 INFO - Crash reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS 01:49:54 INFO - Crash address: 0x0 01:49:54 INFO - Process uptime: 1050 seconds 01:49:54 INFO - 01:49:54 INFO - Thread 20 (crashed) 01:49:54 INFO - 0 XUL!mozilla::layers::ImageLayerComposite::~ImageLayerComposite() [ImageLayerComposite.cpp:109855be8ccb : 44 + 0x0] 01:49:54 INFO - rax = 0x0000000000000000 rdx = 0x00007fff7d8c81f8 01:49:54 INFO - rcx = 0x0000000000000000 rbx = 0x000000011cbbcc00 01:49:54 INFO - rsi = 0x0000d3000000d300 rdi = 0x0000d2000000d303 01:49:54 INFO - rbp = 0x0000000122d837e0 rsp = 0x0000000122d837c0 01:49:54 INFO - r8 = 0x0000000122d83770 r9 = 0x0000000122d84000 01:49:54 INFO - r10 = 0x00007fff94f353ef r11 = 0x00007fff94f353c0 01:49:54 INFO - r12 = 0x0000000000000001 r13 = 0x0000000000000001 01:49:54 INFO - r14 = 0x000000011ef6a970 r15 = 0x0000000000000008 01:49:54 INFO - rip = 0x00000001107f0f7e 01:49:54 INFO - Found by: given as instruction pointer in context 01:49:54 INFO - 1 XUL!<name omitted> [ImageLayerComposite.cpp:109855be8ccb : 42 + 0x5] 01:49:54 INFO - rbx = 0x000000011cbbcc00 rbp = 0x0000000122d83800 01:49:54 INFO - rsp = 0x0000000122d837f0 r12 = 0x0000000000000001 01:49:54 INFO - r13 = 0x0000000000000001 r14 = 0x000000011ef6a970 01:49:54 INFO - r15 = 0x0000000000000008 rip = 0x00000001107f0ffe 01:49:54 INFO - Found by: call frame info 01:49:54 INFO - 2 XUL!mozilla::layers::Layer::Release() [Layers.h:109855be8ccb : 785 + 0xc] 01:49:54 INFO - rbx = 0x000000011cbbcc00 rbp = 0x0000000122d83820 01:49:54 INFO - rsp = 0x0000000122d83810 r12 = 0x0000000000000001 01:49:54 INFO - r13 = 0x0000000000000001 r14 = 0x000000011ef6a970 01:49:54 INFO - r15 = 0x0000000000000008 rip = 0x0000000110728445 01:49:54 INFO - Found by: call frame info 01:49:54 INFO - 3 XUL!mozilla::layers::ContainerLayer::RemoveChild(mozilla::layers::Layer*) [Layers.cpp:109855be8ccb : 1029 + 0x8] 01:49:54 INFO - rbx = 0x000000011cbbcc00 rbp = 0x0000000122d83840 01:49:54 INFO - rsp = 0x0000000122d83830 r12 = 0x0000000000000001 01:49:54 INFO - r13 = 0x0000000000000001 r14 = 0x000000011ef6a970 01:49:54 INFO - r15 = 0x0000000000000008 rip = 0x00000001107306af 01:49:54 INFO - Found by: call frame info 01:49:54 INFO - 4 XUL!mozilla::layers::ContainerLayerComposite::~ContainerLayerComposite() [ContainerLayerComposite.cpp:109855be8ccb : 679 + 0xc] 01:49:54 INFO - rbx = 0x000000011b6e8400 rbp = 0x0000000122d83860 01:49:54 INFO - rsp = 0x0000000122d83850 r12 = 0x0000000000000001 01:49:54 INFO - r13 = 0x0000000000000001 r14 = 0x000000011ef6a970 01:49:54 INFO - r15 = 0x0000000000000008 rip = 0x00000001107e70ac 01:49:54 INFO - Found by: call frame info 01:49:54 INFO - 5 XUL!mozilla::layers::Layer::Release() [Layers.h:109855be8ccb : 785 + 0xc] 01:49:54 INFO - rbx = 0x000000011b6e8400 rbp = 0x0000000122d83880 01:49:54 INFO - rsp = 0x0000000122d83870 r12 = 0x0000000000000001 01:49:54 INFO - r13 = 0x0000000000000001 r14 = 0x000000011ef6a970 01:49:54 INFO - r15 = 0x0000000000000008 rip = 0x0000000110728445 01:49:54 INFO - Found by: call frame info 01:49:54 INFO - 6 XUL!mozilla::layers::ContainerLayer::RemoveChild(mozilla::layers::Layer*) [Layers.cpp:109855be8ccb : 1029 + 0x8]
Flags: needinfo?(sotaro.ikeda.g)
Keywords: crash
From the source, returned pointer of HTMLMediaElement::GetCurrentImage() seems not safe. https://dxr.mozilla.org/mozilla-central/source/dom/html/HTMLMediaElement.cpp#1531
Flags: needinfo?(sotaro.ikeda.g)
Assignee: nobody → sotaro.ikeda.g
Assignee: sotaro.ikeda.g → nobody
It seems like a regression of Bug 1345403.
:kaku, can you take a look?
Flags: needinfo?(kaku)
Blocks: 1345403
(In reply to Sotaro Ikeda [:sotaro] from comment #2) > From the source, returned pointer of HTMLMediaElement::GetCurrentImage() > seems not safe. > > https://dxr.mozilla.org/mozilla-central/source/dom/html/HTMLMediaElement. > cpp#1531 Image is locked only within GetCurrentImage().
It might be better to return already_AddRefed<>.
Component: Graphics: Layers → Audio/Video: Playback
(In reply to Sotaro Ikeda [:sotaro] from comment #6) > It might be better to return already_AddRefed<>. Bug 1347836 handled this issue and has already landed into m-c few hours ago, let's seek if Bug 1347836 solves this crash.
Assignee: nobody → kaku
Status: NEW → ASSIGNED
Flags: needinfo?(kaku)
This does not happen for 1 week. https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1347860&startday=2017-03-13&endday=2017-03-24&tree=all Bug 1347836 should already fix this bug.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.