Closed Bug 1444373 Opened 2 years ago Closed 2 years ago

Crash in MacIOSurface::CGLTexImageIOSurface2D


(Core :: Graphics, defect, critical)

60 Branch
Not set



Tracking Status
firefox-esr52 --- wontfix
firefox58 --- unaffected
firefox59 --- disabled
firefox60 --- disabled
firefox61 --- verified


(Reporter: philipp, Assigned: mstange)



(Keywords: crash, regression)

Crash Data


(2 files)

This bug was filed from the Socorro interface and is
report bp-9687e240-f8ca-42ae-bd39-6ef8c0180308.

Top 10 frames of crashing thread:

0 XUL MacIOSurface::CGLTexImageIOSurface2D gfx/2d/MacIOSurface.cpp:424
1 XUL mozilla::widget::RectTextureImage::BindIOSurfaceToTexture widget/cocoa/
2 XUL mozilla::widget::RectTextureImage::Draw widget/cocoa/
3 XUL nsChildView::DoRemoteComposition widget/cocoa/
4 XUL nsChildView::StartRemoteDrawingInRegion widget/cocoa/
5 XUL mozilla::layers::BasicCompositor::BeginFrame gfx/layers/basic/BasicCompositor.cpp:928
6 XUL mozilla::layers::LayerManagerComposite::Render gfx/layers/composite/LayerManagerComposite.cpp:918
7 XUL mozilla::layers::LayerManagerComposite::UpdateAndRender gfx/layers/composite/LayerManagerComposite.cpp:534
8 XUL mozilla::layers::LayerManagerComposite::EndTransaction gfx/layers/composite/LayerManagerComposite.cpp:464
9 XUL mozilla::layers::CompositorBridgeParent::CompositeToTarget gfx/layers/ipc/CompositorBridgeParent.cpp:1044


this browser crash signature from macos users is spiking up on nightly starting with 60.0a1 build 20180308100121.

the changelog to the build published before that would be

*I am trying to open a tab inside an email from Allianz Global Assistance (insurance coverage or Amtrak) labeled “contact us.” The tab gives me a web address but when I click on that, Firefox crashes. The same sequence has yielded the same result 4 times. Sorry. Help! 
*Clicking on Tunnel Bear extension icon always crashes Firefox Nightly, yes, I’m up to date currently 
*Still crashing when click on addon icon which normally shows a menu. 
*Clicked on Persona Plus icon. Crash followed. Disabled, closed Nightly, enalbled still carashed. Total of 3 tmes and out.
Stephen can you take a look here? It sounds like a reproducible issue and we may be able to pin down the regression range.  Probably too late to fix in 59.
Flags: needinfo?(spohl.mozilla.bugs)
Bug 1385403 seems like the likely culprit.
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(kmaglione+bmo)
I'm going to take a look at this one, too.
Assignee: nobody → mstange
Flags: needinfo?(kmaglione+bmo)
This is easily reproducible by setting layers.acceleration.disabled to true, restarting, and opening a panel from a remote WebExtension.

The problem is that nsChildView::StartRemoteDrawingInRegion uses mBounds as the view rect, but mBounds does not accurately reflect the view's bounds. Instead, it's empty, so creating the IOSurface inside mBasicCompositorImage->BeginUpdate(renderSize, dirtyRegion); fails, and then later we attempt to bind a null IOSurface.
Comment on attachment 8966392 [details]
Bug 1444373 - Don't crash when trying to draw an empty RectTextureImage.
Attachment #8966392 - Flags: review?(matt.woodrow) → review+
Comment on attachment 8966393 [details]
Bug 1444373 - Update mBounds on mPopupContentView every time mBounds on the containing window changes.
Attachment #8966393 - Flags: review?(spohl.mozilla.bugs) → review+
Pushed by
Update mBounds on mPopupContentView every time mBounds on the containing window changes. r=spohl
Don't crash when trying to draw an empty RectTextureImage. r=mattwoodrow
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Is this something we should consider for backport to 60 or can it ride the 61 train to release? Crash volume looks pretty low.
Flags: needinfo?(mstange)
We only have OOP extensions enabled for non-release builds on OS-X in 60, so there probably isn't much point in backporting. It will only affect dev edition users, and only for a couple more weeks.
Good enough for me, thanks.
Issue was reproduced on Firefox 60.0a1 (20180201100326).
Retested and verified in Firefox 60.0a1 (20180424013604) on Mac OS 10.13.3.
Updated correct FF version.

Issue was reproduced on Firefox 60.0a1 (20180201100326).
Retested and verified in Firefox 61.0a1 (20180424013604) on Mac OS 10.13.3.
You need to log in before you can comment on or make changes to this bug.