Closed Bug 1550725 Opened 5 years ago Closed 5 years ago

Crash in [@ GeckoCrash] (called `Option::unwrap()` on a `None` value)

Categories

(Core :: Graphics: WebRender, defect, P1)

Product:
Core
Component:
Graphics: WebRender
Version:
68 Branch
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox67 --- unaffected
firefox67.0.1 --- unaffected
firefox68 --- fixed

People

(Reporter: aosmond, Assigned: aosmond)

References

(Blocks 1 open bug, Regression,
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1550725 - Cull primitives with an empty clip.
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-286d3230-36af-44d9-9fa5-d56060190510.

Top 10 frames of crashing thread:

0 libxul.so GeckoCrash toolkit/xre/nsAppRunner.cpp:5070
1 libxul.so gkrust_shared::panic_hook toolkit/library/rust/shared/lib.rs:243
2 libxul.so core::ops::function::Fn::call src/libcore/ops/function.rs:69
3 libxul.so rust_panic_with_hook src/libstd/panicking.rs:482
4 libxul.so continue_panic_fmt src/libstd/panicking.rs:385
5 libxul.so rust_begin_unwind 
6 libxul.so panic_fmt src/libcore/panicking.rs:85
7 libxul.so panic src/libcore/panicking.rs:49
8 libxul.so <webrender::prim_store::SpaceMapper<F, T>>::map gfx/wr/webrender/src/util.rs
9 libxul.so webrender::prim_store::PrimitiveStore::update_visibility gfx/wr/webrender/src/prim_store/mod.rs:2070

From bug 1549993, comment 3:

I can reproduce it on linux too with url https://www.impots.gouv.fr/portail/.
In using mozregression and my profile, I got:
mozregression --profile /home/calixte/.mozilla/firefox/myprofile --pref "gfx.webrender.all:true" --good 2019-05-05

https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=5772a92c49cf6cc746fe0d22a797fe3f08a20f39&tochange=34510ca46cc61984ca775f30a7c4f288371cf329

:aosmond, could you investigate please? (if you need I can share my profile with you, just ping me on slack, irc, mail...)

Assignee: nobody → aosmond
Has Regression Range: --- → yes
Has STR: --- → yes
status-firefox67: --- → unaffected
status-firefox67.0.1: --- → unaffected
Keywords: regression
Priority: -- → P1
Regressed by: 1540200
Version: Trunk → 68 Branch
Target Milestone: --- → mozilla68
Blocks: wr-68

Looks like the visible rect is empty because the clip chain's local clip rect is also empty. We should cull these primitives.

Is bug 1550513 (now) a duplicate of this bug?

When the clip chain generates the local clip rect for a primitive, it
can be empty. This violated the assumption that the visible rect will
never be empty, and so when we snap, it produces NaNs, which in turn,
violates other assumptions when converting between spaces, and hence the
crash.

Now we cull the primitive from the visible list if the local clip rect
is empty.

Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0849b28c8e3d
Cull primitives with an empty clip. r=kvark

https://hg.mozilla.org/mozilla-central/rev/0849b28c8e3d

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox68: affectedfixed
Resolution: --- → FIXED
Crash Signature: [@ GeckoCrash] → [@ GeckoCrash] [@ webrender::prim_store::SpaceMapper<T>::map<T> ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: