Closed Bug 1478040 Opened 7 years ago Closed 7 years ago

Crash in static struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build

Categories

(Core :: Graphics: WebRender, defect, P3)

Product:
Core
Component:
Graphics: WebRender
Platform:
x86_64
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox63 --- affected

People

(Reporter: jan, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, nightly-community)

Crash Data

Nvidia, GK208B [GeForce GT 710] This bug was filed from the Socorro interface and is report bp-9ba062ac-f7dd-4ff5-9bd5-449fc0180724. > index out of bounds: the len is 107 but the index is 16565899579919558117 ============================================================= Top 10 frames of crashing thread: 0 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/panicking.rs:521 1 xul.dll static void std::panicking::continue_panic_fmt src/libstd/panicking.rs:426 2 xul.dll static void std::panicking::rust_begin_panic src/libstd/panicking.rs:337 3 xul.dll static void core::panicking::panic_fmt src/libcore/panicking.rs:92 4 xul.dll static void core::panicking::panic_bounds_check src/libcore/panicking.rs:60 5 xul.dll static struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build gfx/webrender/src/frame_builder.rs:333 6 xul.dll static struct webrender::internal_types::RenderedDocument webrender::render_backend::Document::render gfx/webrender/src/render_backend.rs:283 7 xul.dll static void webrender::render_backend::RenderBackend::update_document gfx/webrender/src/render_backend.rs:1112 8 xul.dll static bool webrender::render_backend::RenderBackend::process_api_msg gfx/webrender/src/render_backend.rs:988 9 xul.dll static void webrender::render_backend::RenderBackend::run gfx/webrender/src/render_backend.rs:798 =============================================================
dec 16565899579919558117 = hex 0xe5e5e5e5e5e5e5e5 So this is similar to bug 1460087, but with a different decimal number. (Kartikaya Gupta (email:kats@mozilla.com) from bug 1424126 comment 2) > However, the value `3857049061` is 0xE5E5E5E5 which is jemalloc fills in for freed memory. so this is really a use-after-free instance which is bad news. > Hopefully it doesn't come back.
See Also: → 1478047
Priority: -- → P3
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.