Closed
Bug 1413651
Opened 7 years ago
Closed 7 years ago
Crash in InvalidArrayIndex_CRASH | nsTArray_Impl<T>::operator[] | mozilla::wr::ShmSegmentsWriter::Write
Categories
(Core :: Graphics: WebRender, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla58
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | unaffected |
| firefox57 | --- | unaffected |
| firefox58 | --- | fixed |
People
(Reporter: calixte, Assigned: vliu)
References
(Blocks 3 open bugs)
Details
(Keywords: crash, regression, Whiteboard: [wr-reserve] [clouseau])
Crash Data
Attachments
(1 file)
|
1.05 KB,
patch
|
nical
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-af78ec08-2cb7-44ea-96a6-94ef70171014.
=============================================================
There are 13 crashes in nightly 58 starting with buildid 20171013100112. In analyzing the backtrace, the regression may have been introdcued by patch [1] to fix bug 1403539.
[1] https://hg.mozilla.org/mozilla-central/rev?node=b3dddc032e3d4f11e80ca03d6fc15e611ef95c26
Flags: needinfo?(vliu)
|
||
Updated•7 years ago
|
Whiteboard: [clouseau] → [wr-mvp] [triage] [clouseau]
|
Assignee | |
Comment 1•7 years ago
|
||
From looked into the problem, it seems that I am not well to deal with the chunk range for dealloc Shmem when AllocChunk() fails. I will try to attach a patch to fix it.
[1]: http://searchfox.org/mozilla-central/rev/423b2522c48e1d654e30ffc337164d677f934ec3/gfx/layers/wr/IpcResourceUpdateQueue.cpp#51
Assignee: nobody → vliu
|
|
Assignee | |
Updated•7 years ago
|
Blocks: stage-wr-nightly
Flags: needinfo?(vliu)
|
|
||
Updated•7 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [wr-mvp] [triage] [clouseau] → [wr-reserve] [clouseau]
|
||
Updated•7 years ago
|
Crash Signature: [@ InvalidArrayIndex_CRASH | nsTArray_Impl<T>::operator[] | mozilla::wr::ShmSegmentsWriter::Write]
[@ InvalidArrayIndex_CRASH | nsTArray_Impl<T>::ElementAt | mozilla::wr::ShmSegmentsWriter::Write ] → [@ InvalidArrayIndex_CRASH | nsTArray_Impl<T>::operator[] | mozilla::wr::ShmSegmentsWriter::Write]
[@ InvalidArrayIndex_CRASH | nsTArray_Impl<T>::ElementAt | mozilla::wr::ShmSegmentsWriter::Write ]
[@ InvalidArrayIndex_CRASH | mozilla::wr::ShmSegmentsWr…
|
||
Updated•7 years ago
|
Blocks: wr-stability
|
|
Assignee | |
Comment 2•7 years ago
|
||
Hi nical,
It seems that I am not well to define the number of chunks to dealloc shmem once it had a fail return from AllocChunk() in a Write() call. I think it is the reason to cause this crash. Could you please have review for the patch? Thanks
Attachment #8924797 -
Flags: review?(nical.bugzilla)
|
||
Updated•7 years ago
|
Attachment #8924797 -
Flags: review?(nical.bugzilla) → review+
|
|
Assignee | |
Comment 3•7 years ago
|
||
Pushed by vliu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a84fff04d938
Correct the chunk range to dealloc shmem when AllocChunk() fails to return. r=nical
|
||
Comment 5•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
|
||
Comment 6•7 years ago
|
||
Not sure if it's the same root cause, but I got that crash yesterday, on current nightly: https://crash-stats.mozilla.com/report/index/3473914e-9b08-4dcd-a1ed-065ae0180220
Flags: needinfo?(vincent.liu1013)
Flags: needinfo?(nical.bugzilla)
Flags: needinfo?(cdenizet)
|
Reporter | |
Comment 7•7 years ago
|
||
:gerard-majax, you should open a new bug.
Flags: needinfo?(cdenizet)
|
|
||
Comment 8•7 years ago
|
||
Right, filed it: https://bugzilla.mozilla.org/show_bug.cgi?id=1439525
Flags: needinfo?(vincent.liu1013)
Flags: needinfo?(nical.bugzilla)
You need to log in
before you can comment on or make changes to this bug.
Description
•