Closed
Bug 1478040
Opened 6 years ago
Closed 6 years ago
Crash in static struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build
Categories
(Core :: Graphics: WebRender, defect, P3)
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox63 | --- | affected |
People
(Reporter: jan, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, nightly-community)
Crash Data
Nvidia, GK208B [GeForce GT 710] This bug was filed from the Socorro interface and is report bp-9ba062ac-f7dd-4ff5-9bd5-449fc0180724. > index out of bounds: the len is 107 but the index is 16565899579919558117 ============================================================= Top 10 frames of crashing thread: 0 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/panicking.rs:521 1 xul.dll static void std::panicking::continue_panic_fmt src/libstd/panicking.rs:426 2 xul.dll static void std::panicking::rust_begin_panic src/libstd/panicking.rs:337 3 xul.dll static void core::panicking::panic_fmt src/libcore/panicking.rs:92 4 xul.dll static void core::panicking::panic_bounds_check src/libcore/panicking.rs:60 5 xul.dll static struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build gfx/webrender/src/frame_builder.rs:333 6 xul.dll static struct webrender::internal_types::RenderedDocument webrender::render_backend::Document::render gfx/webrender/src/render_backend.rs:283 7 xul.dll static void webrender::render_backend::RenderBackend::update_document gfx/webrender/src/render_backend.rs:1112 8 xul.dll static bool webrender::render_backend::RenderBackend::process_api_msg gfx/webrender/src/render_backend.rs:988 9 xul.dll static void webrender::render_backend::RenderBackend::run gfx/webrender/src/render_backend.rs:798 =============================================================
Reporter | ||
Comment 1•6 years ago
|
||
dec 16565899579919558117 = hex 0xe5e5e5e5e5e5e5e5 So this is similar to bug 1460087, but with a different decimal number. (Kartikaya Gupta (email:kats@mozilla.com) from bug 1424126 comment 2) > However, the value `3857049061` is 0xE5E5E5E5 which is jemalloc fills in for freed memory. so this is really a use-after-free instance which is bad news. > Hopefully it doesn't come back.
Updated•6 years ago
|
Priority: -- → P3
Updated•6 years ago
|
Blocks: stage-wr-next
Comment 2•6 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•