Closed Bug 1493593 Opened 3 years ago Closed 2 years ago

Crash in avx::memset32

Categories

(Core :: Graphics, defect, P3)

Unspecified
Linux
defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is
report bp-09bc6b07-297c-489d-aa37-1ba600180924.
=============================================================

Top 10 frames of crashing thread:

0 libxul.so avx::memset32 gfx/skia/skia/src/opts/SkNx_sse.h:280
1 libxul.so SkDraw::drawPaint const gfx/skia/skia/src/core/SkDraw.cpp:183
2 libxul.so SkBitmapDevice::drawPaint gfx/skia/skia/src/core/SkBitmapDevice.cpp:287
3 libxul.so SkCanvas::internalDrawPaint gfx/skia/skia/src/core/SkCanvas.cpp:1971
4 libxul.so SkCanvas::drawPaint gfx/skia/skia/src/core/SkCanvas.cpp:1706
5 libxul.so mozilla::gfx::DrawTargetSkia::ClearRect gfx/skia/skia/src/core/SkCanvas.cpp:2741
6 libxul.so mozilla::gfx::DrawTarget::DrawCapturedDT gfx/2d/DrawTargetCapture.cpp:379
7 libxul.so mozilla::detail::RunnableFunction<mozilla::layers::PaintThread::QueuePaintTask gfx/layers/PaintThread.cpp:244
8 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1166
9 libxul.so NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:519

=============================================================

This looks like a Skia issue, all reports have an unaligned write (movdqu) failing. One interesting tidbit is that all the reports have crashing addresses that are divisible by 4096 so this might be a buffer overflow with the final store going to an unmapped page.
Also, going a bit up the stack one always finds a mozilla::gfx::DrawTargetSkia::ClearRect() call.
Flags: needinfo?(lsalzman)
Priority: -- → P3
This is an OMTP related issue. It just so happens that the memory is somehow freed by the time it is being cleared. It's not really an overflow. The fact that it is avx is a red-herring as well, since there are similar sse2::memset32 results.
Flags: needinfo?(lsalzman)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.