Closed Bug 1436572 Opened 6 years ago Closed 6 years ago

Crash in nsDisplayLayerEventRegions::DispatchToContentHitRegion

Tracking

()

Status:

RESOLVED WORKSFORME

Tracking Flags:

Tracking

Status

firefox-esr52

---

unaffected

firefox-esr60

---

unaffected

firefox58

---

wontfix

firefox59

---

wontfix

firefox60

---

unaffected

People

(Reporter: philipp, Assigned: mattwoodrow)

References

Details

(4 keywords)

Crash Data

[:philipp]

Reporter

Description

•

6 years ago

This bug was filed from the Socorro interface and is
report bp-d8490d2d-4f9f-4542-940f-9ea5e0180207.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll nsDisplayLayerEventRegions::DispatchToContentHitRegion layout/painting/nsDisplayList.h:4631
1 xul.dll mozilla::PaintedLayerData::AccumulateEventRegions layout/painting/FrameLayerBuilder.cpp:3571
2 xul.dll mozilla::ContainerState::ProcessDisplayItems layout/painting/FrameLayerBuilder.cpp:4454
3 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor layout/painting/FrameLayerBuilder.cpp:5674
4 xul.dll nsDisplayOpacity::BuildLayer layout/painting/nsDisplayList.cpp:6442
5 xul.dll mozilla::FrameLayerBuilder::AddPaintedDisplayItem layout/painting/FrameLayerBuilder.cpp:4697
6 xul.dll mozilla::ContainerState::FinishPaintedLayerData<<lambda_593feee20c50667d87c0fe33c81e3e5b> > layout/painting/FrameLayerBuilder.cpp:3143
7 xul.dll mozilla::PaintedLayerDataNode::PopAllPaintedLayerData layout/painting/FrameLayerBuilder.cpp:2856
8 xul.dll mozilla::PaintedLayerDataNode::Finish layout/painting/FrameLayerBuilder.cpp:2810
9 xul.dll mozilla::PaintedLayerDataNode::FinishAllChildren layout/painting/FrameLayerBuilder.cpp:2799

=============================================================

this crash signature is starting to show up cross-platform in firefox 58, most of the time in the content process.

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Group: core-security → layout-core-security

Keywords: sec-high

Daniel Veditz [:dveditz]

Comment 1

•

6 years ago

Assigning unowned critical/high security bugs to triage owner. Please find an appropriate assignee for this bug.

Assignee: nobody → matt.woodrow

Matt Woodrow (:mattwoodrow)

Assignee

Comment 2

•

6 years ago

Setting P2 as this looks to be the same corruption bug as 1406727.

Priority: -- → P2

Liz Henry (:lizzard) (relman/hg->git project)

Comment 3

•

6 years ago

Too late to fix in 58.

status-firefox58: affected → wontfix

Ryan VanderMeulen [:RyanVM]

Updated

•

6 years ago

status-firefox59: affected → wontfix

status-firefox60: ? → affected

status-firefox61: --- → ?

Jet Villegas (inactive)

Updated

•

6 years ago

Blocks: 1467514

Jet Villegas (inactive)

Updated

•

6 years ago

No longer blocks: 1467514

Ryan VanderMeulen [:RyanVM]

Comment 4

•

6 years ago

Crashes all stopped after 59.

Status: NEW → RESOLVED

Closed: 6 years ago

status-firefox60: affected → unaffected

status-firefox61: ? → ---

status-firefox-esr60: --- → unaffected

Resolution: --- → WORKSFORME

Daniel Veditz [:dveditz]

Updated

•

4 years ago

Group: layout-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Crash in nsDisplayLayerEventRegions::DispatchToContentHitRegion

Categories

(Core :: Web Painting, defect, P2)

Tracking

()

People

(Reporter: philipp, Assigned: mattwoodrow)

References

Details

(4 keywords)

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Comment 3

Updated

Updated

Updated

Comment 4

Updated