Closed
Bug 1429413
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::gfx::DataSourceSurface::ScopedMap::ScopedMap
Categories
(Core :: Graphics, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla59
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox57 | --- | wontfix |
| firefox58 | --- | wontfix |
| firefox59 | --- | fixed |
People
(Reporter: aosmond, Assigned: aosmond)
Details
(Keywords: crash, Whiteboard: [gfx-noted])
Crash Data
Attachments
(1 file)
|
6.70 KB,
patch
|
bas.schouten
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-e98dd697-9881-4ad4-852b-16bcd0180109.
=============================================================
Top 10 frames of crashing thread:
0 xul.dll mozilla::gfx::DataSourceSurface::ScopedMap::ScopedMap gfx/2d/2D.h:465
1 xul.dll mozilla::gfx::ConvertToB8G8R8A8_SIMD<__m128i> gfx/2d/FilterProcessingSIMD-inl.h:24
2 xul.dll mozilla::gfx::GetAlignedStride<16> gfx/2d/Tools.h:259
3 xul.dll mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface gfx/2d/FilterNodeSoftware.cpp:791
4 xul.dll mozilla::gfx::FilterNodeCompositeSoftware::Render gfx/2d/FilterNodeSoftware.cpp:2901
5 xul.dll mozilla::gfx::FilterNodeSoftware::GetOutput gfx/2d/FilterNodeSoftware.cpp:628
6 xul.dll mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface gfx/2d/FilterNodeSoftware.cpp:729
7 xul.dll mozilla::gfx::FilterNodeCompositeSoftware::Render gfx/2d/FilterNodeSoftware.cpp:2888
8 xul.dll mozilla::gfx::FilterNodeSoftware::GetOutput gfx/2d/FilterNodeSoftware.cpp:628
9 xul.dll mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface gfx/2d/FilterNodeSoftware.cpp:729
=============================================================
It looks like Factory::CreateDataSourceSurface failed, but we don't actually check the allocation.
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → aosmond
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [gfx-noted]
|
|
Assignee | |
Comment 1•8 years ago
|
||
There are a few places we make the same mistake.
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=95f767079fcf6d5e557ed39028682e5c87b374f6
|
|
Assignee | |
Updated•8 years ago
|
Attachment #8941426 -
Flags: review?(bas)
|
||
Comment 2•8 years ago
|
||
Comment on attachment 8941426 [details] [diff] [review]
0001-Bug-1429413-Ensure-Factory-CreateDataSourceSurface-a.patch, v1
Review of attachment 8941426 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/canvas/ImageBitmap.cpp
@@ +235,5 @@
> Factory::CreateDataSourceSurfaceWithStride(rgbaDataSurface->GetSize(),
> SurfaceFormat::B8G8R8A8,
> rgbaMap.mStride);
> + if (NS_WARN_IF(!bgraDataSurface)) {
> + rgbaDataSurface->Unmap();
nit: We should have RAII classes for this too iirc.
::: gfx/2d/FilterProcessingSIMD-inl.h
@@ +13,5 @@
> namespace gfx {
>
> template<typename u8x16_t>
> inline already_AddRefed<DataSourceSurface>
> ConvertToB8G8R8A8_SIMD(SourceSurface* aSurface)
Do all callers for this function handle getting a nullptr back correctly?
Attachment #8941426 -
Flags: review?(bas) → review+
|
|
Assignee | |
Comment 3•8 years ago
|
||
(In reply to Bas Schouten (:bas.schouten) from comment #2)
> Comment on attachment 8941426 [details] [diff] [review]
> 0001-Bug-1429413-Ensure-Factory-CreateDataSourceSurface-a.patch, v1
>
> Review of attachment 8941426 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: dom/canvas/ImageBitmap.cpp
> @@ +235,5 @@
> > Factory::CreateDataSourceSurfaceWithStride(rgbaDataSurface->GetSize(),
> > SurfaceFormat::B8G8R8A8,
> > rgbaMap.mStride);
> > + if (NS_WARN_IF(!bgraDataSurface)) {
> > + rgbaDataSurface->Unmap();
>
> nit: We should have RAII classes for this too iirc.
>
Will switch to ScopedMap before landing.
> ::: gfx/2d/FilterProcessingSIMD-inl.h
> @@ +13,5 @@
> > namespace gfx {
> >
> > template<typename u8x16_t>
> > inline already_AddRefed<DataSourceSurface>
> > ConvertToB8G8R8A8_SIMD(SourceSurface* aSurface)
>
> Do all callers for this function handle getting a nullptr back correctly?
Yes, it all checks out a few levels up.
Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cc133159ed92
Ensure Factory::CreateDataSourceSurface allocation failures are gracefully handled. r=bas
|
||
Comment 5•8 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox59:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
|
||
Updated•8 years ago
|
status-firefox57:
--- → wontfix
status-firefox58:
--- → wontfix
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•