Crash in mozilla::gfx::DrawTarget::IntoLuminanceSource

RESOLVED FIXED in Firefox 55

Status

()

Core
Graphics
--
critical
RESOLVED FIXED
7 months ago
7 months ago

People

(Reporter: philipp, Assigned: mchang)

Tracking

({crash, regression})

55 Branch
mozilla56
x86
Windows
crash, regression
Points:
---
Bug Flags:
qe-verify -

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox54 unaffected, firefox55 fixed, firefox56 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

7 months ago
This bug was filed from the Socorro interface and is 
report bp-8bb9f52d-7944-40fd-9da8-d58a70170727.
=============================================================
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::gfx::DrawTarget::IntoLuminanceSource(mozilla::gfx::LuminanceType, float) 	gfx/2d/DrawTarget.cpp:238
1 	xul.dll 	mozilla::gfx::DrawTargetD2D1::IntoLuminanceSource(mozilla::gfx::LuminanceType, float) 	gfx/2d/DrawTargetD2D1.cpp:127
2 	xul.dll 	nsSVGMaskFrame::GetMaskForMaskedFrame(nsSVGMaskFrame::MaskParams&) 	layout/svg/nsSVGMaskFrame.cpp:135
3 	d2d1.dll 	BitmapRealization::OnChange(FlushReason::Enum) 	
4 	xul.dll 	xul.dll@0x2717403 	
5 		@0x2b7ea82f 	
6 	xul.dll 	mozilla::PaintInactiveLayer 	layout/painting/FrameLayerBuilder.cpp:3704
7 	xul.dll 	mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float, int) 	layout/painting/FrameLayerBuilder.cpp:6046
8 	xul.dll 	mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) 	layout/painting/FrameLayerBuilder.cpp:6235
9 	xul.dll 	mozilla::layers::BasicPaintedLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicPaintedLayer.cpp:94
10 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) 	gfx/layers/basic/BasicLayerManager.cpp:714
11 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicLayerManager.cpp:898
12 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) 	gfx/layers/basic/BasicLayerManager.cpp:737
13 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicLayerManager.cpp:898
14 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) 	gfx/layers/basic/BasicLayerManager.cpp:737
15 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicLayerManager.cpp:898
16 	xul.dll 	mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/basic/BasicLayerManager.cpp:622
17 	xul.dll 	nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) 	layout/painting/nsDisplayList.cpp:2288
18 	xul.dll 	nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) 	layout/base/nsLayoutUtils.cpp:3697
19 	xul.dll 	mozilla::PresShell::RenderDocument(nsRect const&, unsigned int, unsigned int, gfxContext*) 	layout/base/PresShell.cpp:4741
20 	xul.dll 	mozilla::image::SVGDrawingCallback::operator()(gfxContext*, gfxRect const&, mozilla::gfx::SamplingFilter, gfxMatrix const&) 	image/VectorImage.cpp:322
21 	xul.dll 	gfxCallbackDrawable::Draw(gfxContext*, gfxRect const&, mozilla::gfx::ExtendMode, mozilla::gfx::SamplingFilter, double, gfxMatrix const&) 	gfx/thebes/gfxDrawable.cpp:172
22 	xul.dll 	gfxUtils::DrawPixelSnapped(gfxContext*, gfxDrawable*, gfxSize const&, mozilla::image::ImageRegion const&, mozilla::gfx::SurfaceFormat, mozilla::gfx::SamplingFilter, unsigned int, double) 	gfx/thebes/gfxUtils.cpp:584
23 	xul.dll 	mozilla::image::imgFrame::InitWithDrawable(gfxDrawable*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat, mozilla::gfx::SamplingFilter, unsigned int, mozilla::gfx::BackendType) 	image/imgFrame.cpp:366
24 	xul.dll 	mozilla::image::VectorImage::CreateSurfaceAndShow(mozilla::image::SVGDrawingParameters const&, mozilla::gfx::BackendType) 	image/VectorImage.cpp:967
25 	xul.dll 	mozilla::image::VectorImage::Draw(gfxContext*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::image::ImageRegion const&, unsigned int, mozilla::gfx::SamplingFilter, mozilla::Maybe<mozilla::SVGImageContext> const&, unsigned int, float) 	image/VectorImage.cpp:892
26 	xul.dll 	DrawImageInternal 	layout/base/nsLayoutUtils.cpp:6667
27 	xul.dll 	nsLayoutUtils::DrawSingleImage(gfxContext&, nsPresContext*, imgIContainer*, mozilla::gfx::SamplingFilter, nsRect const&, nsRect const&, mozilla::Maybe<mozilla::SVGImageContext> const&, unsigned int, nsPoint const*, nsRect const*) 	layout/base/nsLayoutUtils.cpp:6762
28 	xul.dll 	nsImageBoxFrame::PaintImage(nsRenderingContext&, nsRect const&, nsPoint, unsigned int) 	layout/xul/nsImageBoxFrame.cpp:379
29 	xul.dll 	nsDisplayXULImage::Paint(nsDisplayListBuilder*, nsRenderingContext*) 	layout/xul/nsImageBoxFrame.cpp:448
30 	xul.dll 	mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float, int) 	layout/painting/FrameLayerBuilder.cpp:6060
31 	xul.dll 	mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) 	layout/painting/FrameLayerBuilder.cpp:6235
32 	xul.dll 	mozilla::layers::BasicPaintedLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicPaintedLayer.cpp:94
33 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) 	gfx/layers/basic/BasicLayerManager.cpp:714
34 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicLayerManager.cpp:898
35 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) 	gfx/layers/basic/BasicLayerManager.cpp:737
36 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) 	gfx/layers/basic/BasicLayerManager.cpp:898
37 	xul.dll 	mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/basic/BasicLayerManager.cpp:622
...

it looks like the crash fix for bug 1375452 made the signature switch, but the underlying issue is still present.
Flags: needinfo?(mchang)
(Assignee)

Updated

7 months ago
Assignee: nobody → mchang
Flags: needinfo?(mchang)
(Assignee)

Comment 1

7 months ago
Created attachment 8891077 [details] [diff] [review]
Check for null surfaces in DrawTarget::IntoLumaSource
Attachment #8891077 - Flags: review?(lsalzman)

Updated

7 months ago
Attachment #8891077 - Flags: review?(lsalzman) → review+

Comment 2

7 months ago
Pushed by mchang@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/67bb8951ff71
Check for null surfaces in DrawTarget::IntoLumaSource. r=lsalzman

Comment 3

7 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/67bb8951ff71
Status: NEW → RESOLVED
Last Resolved: 7 months ago
status-firefox56: ? → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
(Assignee)

Comment 4

7 months ago
Comment on attachment 8891077 [details] [diff] [review]
Check for null surfaces in DrawTarget::IntoLumaSource

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1359527
[User impact if declined]: A user can crash.
[Is this code covered by automated tests?]: Yes
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: N/A
[List of other uplifts needed for the feature/fix]: N/A
[Is the change risky?]: No, this is just a null check.
[Why is the change risky/not risky?]: This is just a null check to prevent crashing.
[String changes made/needed]: None
Attachment #8891077 - Flags: approval-mozilla-beta?
Blocks: 1359527
Comment on attachment 8891077 [details] [diff] [review]
Check for null surfaces in DrawTarget::IntoLumaSource

55 merged to release
Attachment #8891077 - Flags: approval-mozilla-release?
Comment on attachment 8891077 [details] [diff] [review]
Check for null surfaces in DrawTarget::IntoLumaSource

null checks to prevent a crash, for 55.0 build2
Attachment #8891077 - Flags: approval-mozilla-release?
Attachment #8891077 - Flags: approval-mozilla-release+
Attachment #8891077 - Flags: approval-mozilla-beta?

Comment 7

7 months ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-release/rev/c45a5fdbc07b
status-firefox55: fix-optional → fixed
Based on comment 4, this does need manual coverage. Updating the qe-verify flag.
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.