Closed
Bug 1439525
Opened 6 years ago
Closed 6 years ago
[@ InvalidArrayIndex_CRASH | mozilla::wr::ShmSegmentsWriter::Write]
Categories
(Core :: Graphics: WebRender, defect, P2)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | fixed |
People
(Reporter: gerard-majax, Assigned: kats)
References
(Blocks 1 open bug)
Details
Crash Data
Attachments
(3 files)
Report: https://crash-stats.mozilla.com/report/index/3473914e-9b08-4dcd-a1ed-065ae0180220 Hit this when switching to Mastodon pinned tab yesterday (in a container), some time after applying an update. This was my first access to that tab after applying the update. This is on Linux (Ubuntu 17.10), nightly 20180219100221. I'm hacking some OpenCL-related code at the same time (that is consuming a lot of resources), maybe this has an impact on WebRender?
|
||
Updated•6 years ago
|
Blocks: wr-stability
Crash Signature: [@ InvalidArrayIndex_CRASH | mozilla::wr::ShmSegmentsWriter::Write ]
|
||
Updated•6 years ago
|
Blocks: stage-wr-trains
Priority: -- → P2
|
Assignee | |
Comment 1•6 years ago
|
||
This loop looks wrong to me: https://searchfox.org/mozilla-central/rev/0c0ddaa7e859a2b76a56a0e2e9c0de88af166812/gfx/layers/wr/IpcResourceUpdateQueue.cpp#54 I would have expected it be for (size_t i = mSmallAllocs.Length() - 1; currAllocLen <= i ; i--) { nical, can you confirm? You reviewed the last "correction" to this loop in bug 1413651. At any rate we should add a MOZ_ASSERT(mSmallAllocs.Length() == currAllocLen) after the loop to assert it's doing what it's supposed to.
Flags: needinfo?(nical.bugzilla)
|
|
Assignee | |
Comment 2•6 years ago
|
||
Err actually we can't use size_t for that index if we do what I suggested. Maybe better to leave it as-is and use i-1 inside the loop?
|
|
Assignee | |
Comment 3•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=4ef0c772e5622414edd448f66041926d42e8e2cf
Assignee: nobody → bugmail
Flags: needinfo?(nical.bugzilla)
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
||
Comment 7•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8952503 [details] Bug 1439525 - Fix freeing of allocated chunks when an allocation fails. https://reviewboard.mozilla.org/r/221716/#review228554 oops!
Attachment #8952503 -
Flags: review?(nical.bugzilla) → review+
|
|
||
Comment 8•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8952504 [details] Bug 1439525 - Remove spurious "continue" statement. https://reviewboard.mozilla.org/r/221718/#review228556
Attachment #8952504 -
Flags: review?(nical.bugzilla) → review+
|
|
||
Comment 9•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8952505 [details] Bug 1439525 - Reset the cursor when swapping the shmems out. https://reviewboard.mozilla.org/r/221720/#review228558
Attachment #8952505 -
Flags: review?(nical.bugzilla) → review+
|
||
Comment 10•6 years ago
|
||
Pushed by kgupta@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d1241d870e3e Fix freeing of allocated chunks when an allocation fails. r=nical https://hg.mozilla.org/integration/autoland/rev/cc82773113d1 Remove spurious "continue" statement. r=nical https://hg.mozilla.org/integration/autoland/rev/36b8974d32de Reset the cursor when swapping the shmems out. r=nical
|
||
Comment 11•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/d1241d870e3e https://hg.mozilla.org/mozilla-central/rev/cc82773113d1 https://hg.mozilla.org/mozilla-central/rev/36b8974d32de
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in
before you can comment on or make changes to this bug.
Description
•