Closed
Bug 1415884
Opened 8 years ago
Closed 8 years ago
Crash in SkBitmap::SkBitmap
Categories
(Core :: Graphics, defect, P3)
Tracking
()
RESOLVED
DUPLICATE
of bug 1414448
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | wontfix |
| firefox57 | --- | wontfix |
| firefox58 | --- | fixed |
People
(Reporter: marcia, Unassigned)
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is
report bp-971c7c99-3669-4e76-a461-853f50171001.
=============================================================
Seen while looking at nightly crash stats - crashes started using 20170929220356. 54 crashes/22 installs so far. Couldn't find an existing bug that covered this crash. All crashes have crash reason EXCEPTION_ACCESS_VIOLATION_READ.
I thought this was possibly a dupe of another bug, but this seems to have started earlier than the regression range on that bug. ni on Bas since he is working on a fix in that bug and may have some insight.
Top 10 frames of crashing thread:
0 xul.dll SkBitmap::SkBitmap gfx/skia/skia/src/core/SkBitmap.cpp:45
1 xul.dll SkImage_Raster::onReadPixels gfx/skia/skia/src/image/SkImage_Raster.cpp:166
2 xul.dll SkImage::readPixels gfx/skia/skia/src/image/SkImage.cpp:57
3 xul.dll mozilla::gfx::ReadSkImage gfx/2d/SourceSurfaceSkia.cpp:64
4 xul.dll mozilla::gfx::SourceSurfaceSkia::DrawTargetWillChange gfx/2d/SourceSurfaceSkia.cpp:169
5 xul.dll mozilla::gfx::DrawTargetSkia::MarkChanged gfx/2d/DrawTargetSkia.cpp:2190
6 xul.dll mozilla::gfx::DrawTargetSkia::ClearRect gfx/2d/DrawTargetSkia.cpp:1985
7 xul.dll mozilla::dom::CanvasRenderingContext2D::ClearRect dom/canvas/CanvasRenderingContext2D.cpp:3205
8 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::clearRect dom/bindings/CanvasRenderingContext2DBinding.cpp:5307
9 xul.dll mozilla::dom::GenericBindingMethod dom/bindings/BindingUtils.cpp:3053
=============================================================
Flags: needinfo?(bas)
|
||
Updated•8 years ago
|
|
||
Updated•8 years ago
|
Group: gfx-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(bas)
Resolution: --- → DUPLICATE
|
||
Comment 2•7 years ago
|
||
It looks like this was fixed in 58 in bug 1414448.
There are still crashes showing up in 52.6.0esr, though, and in the corresponding Thunderbird version.
Al, or Dan, does this need a rating/sec advisory?
status-firefox-esr52:
--- → affected
status-thunderbird_esr52:
--- → affected
tracking-firefox-esr52:
--- → ?
tracking-thunderbird_esr52:
--- → ?
Flags: needinfo?(dveditz)
Flags: needinfo?(abillings)
|
||
Comment 3•7 years ago
|
||
We should take this on ESR52 then.
Resolving this as a dupe hides it from queries so we probably should just make a dependent link and leave a comment (and set affected and tracking flags) in general.
If we take this in ESR52.7, I'll put it in the comunity rollup advisory for that and go back and add it in the community rollup for 58.
Flags: needinfo?(dveditz)
Flags: needinfo?(abillings)
|
|
||
Comment 4•7 years ago
|
||
Bas can you take a look at the remaining crashes? Should we reopen this bug?
Flags: needinfo?(bas)
|
|
||
Comment 5•7 years ago
|
||
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #4)
> Bas can you take a look at the remaining crashes? Should we reopen this bug?
This bug was a result of OMTP, which doesn't exist in ESR52. Can you point at a crash? It probably has a similar signature but is a very different crash, it may very well not be sec sensitive.
Flags: needinfo?(bas)
|
||
Comment 6•7 years ago
|
||
Here's some reports from ESR & TB 52.6.0:
https://crash-stats.mozilla.com/report/index/0efcfe00-2fb1-4e0d-bb42-76f910180209
https://crash-stats.mozilla.com/report/index/54b0139b-d60f-459f-af53-1f6140180210
https://crash-stats.mozilla.com/report/index/d7b4432c-7997-4d9f-b13f-ae8500180209
Flags: needinfo?(bas)
|
|
||
Comment 7•7 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #6)
> Here's some reports from ESR & TB 52.6.0:
> https://crash-stats.mozilla.com/report/index/0efcfe00-2fb1-4e0d-bb42-
> 76f910180209
> https://crash-stats.mozilla.com/report/index/54b0139b-d60f-459f-af53-
> 1f6140180210
> https://crash-stats.mozilla.com/report/index/d7b4432c-7997-4d9f-b13f-
> ae8500180209
All of those are uniquely different bugs, one of them looks like it's us failing at something, but it's a null pointer deref so it's not security sensitive at least.
The other two are a little trickier, but they're both internal to Skia, they sort of look like 'random' corruption. In either case this is not 'one' bug, and it isn't related to the bug we fixed here, so I doubt reopening is useful.
Flags: needinfo?(bas)
|
|
||
Comment 8•7 years ago
|
||
Untracking this for ESR52 based on Bas' last reply. We should file a new bug for those signatures if we feel they're worth tracking.
status-thunderbird_esr52:
affected → ---
tracking-firefox-esr52:
59+ → ---
tracking-thunderbird_esr52:
? → ---
|
||
Updated•7 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•