Closed Bug 1451294 Opened 6 years ago Closed 6 years ago

IPC: crash with PCompositorBridge::Msg_PTextureConstructor [@mozilla::layers::TextureReadLock::Deserialize]

Categories

(Core :: Graphics: Layers, defect, P3)

Product:
Core
Component:
Graphics: Layers
Type:
defect

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox61 --- affected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, Whiteboard: [gfx-noted])

Attachments

(2 files)

message.zip
1.35 KB, application/zip
Details
faulty.txt
15.75 KB, text/plain
Details
Attached file message.zip 
The following message was identified to be responsible for this crash and got blacklisted from fuzzing until fixed.

Message: PCompositorBridge::Msg_PTextureConstructor


$ hexdiff message.2844.32185.{o,m}
Attached file faulty.txt 

    
    

    
  
This is hitting a release assert:

https://searchfox.org/mozilla-central/rev/11a2ae294f50049e12515b5821f5a396d951aacb/gfx/layers/client/TextureClient.cpp#1584

Looks like the message passed in a bad shmem. The best we could do is pass the error up and let the texture creation fail, but I'm not sure if that is really an improvement over the assert as it stands.

    
    

    
  
As in comment 2, I think we are doing the right thing with the assert.
Status: NEW → RESOLVED
Closed: 6 years ago
Priority: -- → P3
Resolution: --- → INVALID
Whiteboard: [gfx-noted]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: