Closed Bug 1560182 Opened 6 years ago Closed 3 years ago

Crash in [@ mozilla::gfx::CaptureCommandList::Clear]

Categories

(Core :: Graphics, defect, P2)

Product:
Core
Component:
Graphics
Version:
66 Branch
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr91 --- unaffected
firefox67 --- wontfix
firefox68 --- wontfix
firefox69 --- wontfix

People

(Reporter: philipp, Unassigned)

References

Details

(4 keywords)

Crash Data

This bug is for crash report bp-f71f19b9-2e9b-46c9-be42-0c4e80190619.

Top 10 frames of crashing thread:

0  @0x2620268 
1 xul.dll void mozilla::gfx::CaptureCommandList::Clear gfx/2d/CaptureCommandList.cpp:18
2 xul.dll mozilla::gfx::CaptureCommandList::~CaptureCommandList gfx/2d/CaptureCommandList.cpp:13
3 xul.dll void mozilla::gfx::DrawTargetCaptureImpl::~DrawTargetCaptureImpl gfx/2d/DrawTargetCapture.cpp:23
4 xul.dll void mozilla::gfx::DrawTargetCaptureImpl::~DrawTargetCaptureImpl gfx/2d/DrawTargetCapture.cpp:18
5 xul.dll mozilla::layers::PaintTask::~PaintTask gfx/layers/PaintThread.h:39
6 xul.dll static void mozilla::detail::RunnableFunction<`lambda at z:/task_1560787761/build/src/gfx/layers/PaintThread.cpp:177:30'>::~RunnableFunction xpcom/threads/nsThreadUtils.h:553
7 xul.dll unsigned long CheckResponsivenessTask::Release xpcom/io/InputStreamLengthHelper.cpp:256
8 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1222
9 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486

this crash signature is newly showing up from windows installations since firefox 66 (it's rather low volume though). a couple of the reports are looking security sensitive.

around 50% of reports come with MOZ_RELEASE_ASSERT(advance == redundant) that got added in bug 1440937.

going with sec-critical because of the _EXEC access violation. Although most of the crashes don't look quite as bad we now know that's lurking in there.

Keywords: sec-critical
See Also: → 1440937

The priority flag is not set for this bug.
:jbonisteel, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(jbonisteel)
Flags: needinfo?(jbonisteel)
Priority: -- → P2

Jeff - any thoughts about this bug?

Flags: needinfo?(jmuizelaar)

Do you have any suggestions or thoughts about this bug?

Flags: needinfo?(rhunt)

This appears to have the same root cause as bug 1440937. Bug 1440937 comment 25 has an explanation of what this diagnostic assert means (most likely memory corruption). That bug is stalled, so we'd need to find some new approach to get these bugs actionable again.

Flags: needinfo?(rhunt)
Keywords: stalled

Re-rating to sec-high per new rating system

Keywords: sec-criticalsec-high

AFAICT, this code no longer exists. Can we close this out?

Flags: needinfo?(bhood)

Done. :)

Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(bhood)
Resolution: --- → FIXED
Group: gfx-core-security → core-security-release
status-firefox69: affectedwontfix
Flags: needinfo?(jmuizelaar)
Resolution: FIXED → INCOMPLETE

Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit auto_nag documentation.

Keywords: stalled
status-firefox-esr91: --- → unaffected
Resolution: INCOMPLETE → WORKSFORME
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.