Closed
Bug 1415325
Opened 7 years ago
Closed 7 years ago
Crash in SkRefCntBase::unref in 57b13 on AMD (only)
Categories
(Core :: Graphics, defect, P3)
Tracking
()
RESOLVED
INCOMPLETE
| Tracking | Status | |
|---|---|---|
| firefox57 | - | wontfix |
| firefox58 | --- | unaffected |
People
(Reporter: jesup, Unassigned)
References
Details
(4 keywords, Whiteboard: [gfx-noted])
Crash Data
[Tracking Requested - why for this release]:
Late regression in 57 beta 13 - perhaps a compiler bug
+++ This bug was initially created as a clone of Bug #1413857 +++
This is limited to the AMD-specific regression that started in 57b13, with low-ish wildptr addresses (similar to 0x22bc7b -- perhaps 32-bit address with the top byte cleared??)
Definitely tied to AMD, and definitely started at 57b13. There are pre-existing (rare) wildptr crashes, and also 58a1 UAF crashes which are separate from this. There have been no crashes like this in 58 in the last month, though perhaps bug 1413857 made them go away.
Also: I see no crashes in 57b14 (yet?) so maybe something went away? However, this makes me wonder if the compiler tripped over something in 57b13; looking at the code generated for this in b13 vs b14 vs b12 might be interesting (code, where in the page it is, etc).
|
||
Updated•7 years ago
|
Group: core-security → gfx-core-security
https://crash-stats.mozilla.com/search/?signature=%3DSkRefCntBase%3A%3Aunref&version=57.0b13&product=Firefox&date=%3E%3D2017-08-07T18%3A33%3A46.000Z&date=%3C2017-11-07T17%3A33%3A46.000Z&_sort=-date&_facets=signature&_facets=cpu_info&_facets=reason&_facets=release_channel&_facets=version&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-cpu_info
Yes, that is a classic sign of the AMD CPU bug.
I don't see us dealing with the AMD CPU bug as 57 uplifts.
|
||
Comment 3•7 years ago
|
||
The AMD/57 portion of this crash is in no way related to OMTP.
|
||
Updated•7 years ago
|
|
||
Comment 4•7 years ago
|
||
Can we close this bug INCOMPLETE or WORKSFORME? the specific slice of crashes you're describing seem to have gone away.
Flags: needinfo?(rjesup)
|
||
Comment 6•7 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #4)
> Can we close this bug INCOMPLETE or WORKSFORME? the specific slice of
> crashes you're describing seem to have gone away.
(In reply to Randell Jesup [:jesup] from comment #5)
> probably dup to the AMD bug
Sounds like a "yes".
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
|
|
||
Updated•7 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•