Closed
Bug 1508811
Opened 6 years ago
Closed 6 years ago
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested clipped drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:601
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla65
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | --- | unaffected |
| firefox65 | --- | fixed |
People
(Reporter: tsmith, Assigned: kats)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, crash, testcase)
Attachments
(2 files)
Reduced with m-c: BuildID=20181120164749 SourceStamp=8eff0a4f5d8f4442ce233d492185a90c460846ef Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested clipped drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:601 #0 mozilla::gfx::DrawTargetRecording::CreateClippedDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::BaseMatrix<float> const&, mozilla::gfx::SurfaceFormat) const src/gfx/2d/DrawTargetRecording.cpp:601:5 #1 GenerateAndPushTextMask(nsIFrame*, gfxContext*, nsRect const&, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:780:45 #2 nsDisplayBackgroundColor::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:5117:10 #3 mozilla::layers::PaintItemByDrawTarget(nsDisplayItem*, mozilla::gfx::DrawTarget*, mozilla::gfx::PointTyped<mozilla::LayoutDevicePixel, float> const&, nsDisplayListBuilder*, RefPtr<mozilla::layers::BasicLayerManager> const&, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::Maybe<mozilla::gfx::Color>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1832:12 #4 mozilla::layers::WebRenderCommandBuilder::GenerateFallbackData(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1990:28 #5 mozilla::layers::WebRenderCommandBuilder::PushItemAsImage(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2099:48 #6 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1519:9 #7 mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, mozilla::wr::TypedSize2D<float, mozilla::wr::LayoutPixel>&, nsTArray<mozilla::wr::WrFilterOp> const&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1362:5 #8 mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, nsTArray<mozilla::wr::WrFilterOp> const&, mozilla::layers::WebRenderBackgroundData*) src/gfx/layers/wr/WebRenderLayerManager.cpp:300:30 #9 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2790:18 #10 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3991:12 #11 mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) src/layout/base/PresShell.cpp:6401:5 #12 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:480:19 #13 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:412:33 #14 nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1102:5 #15 nsRefreshDriver::Tick(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2049:11 #16 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:301:7 #17 mozilla::RefreshDriverTimer::Tick(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:319:5 #18 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:676:16 #19 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:573:9 #20 mozilla::layout::VsyncChild::RecvNotify(mozilla::TimeStamp const&) src/layout/ipc/VsyncChild.cpp:76:16 #21 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:167:20 #22 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:2446:28 #23 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2244:25 #24 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2171:17 #25 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:2008:5 #26 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:2041:15 #27 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1244:14 #28 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:530:10 #29 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21 #30 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:325:10 #31 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298:3 #32 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:158:27 #33 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:961:22 #34 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:269:9 #35 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:325:10 #36 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298:3 #37 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:787:34 #38 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #39 main src/browser/app/nsBrowserApp.cpp:287:18 #40 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #41 _start (firefox+0x349f4)
Flags: in-testsuite?
|
Assignee | |
Comment 1•6 years ago
|
||
Fallout from bug 1466613, this is one of the other "badly-behaved consumers" that we made crash in that bug. Presumably we should add another guard somewhere in the top few frames of this callstack similar and do an early-exit if the target size is too big.
Blocks: 1466613
|
|
Assignee | |
Comment 2•6 years ago
|
||
I think we just need to check if !CanCreateSimilarDrawTarget before the call at [1] and if not, then do the same thing as the !maskDT codepath (i.e. return false). [1] https://searchfox.org/mozilla-central/rev/8f89901f2d69d9783f946a7458a6d7ee70635a94/layout/painting/nsDisplayList.cpp#780
Assignee: nobody → kats
|
|
Assignee | |
Comment 3•6 years ago
|
||
Pushed by kgupta@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d4a83923369d Guard against trying to create an oversized DrawTargetRecording with WebRender. r=mstange
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/d4a83923369d
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
|
||
Updated•6 years ago
|
status-firefox63:
--- → unaffected
status-firefox64:
--- → unaffected
status-firefox-esr60:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•