1568858 - Crash in [@ hsw::gather_8888]

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[[:philipp]]

This bug is for crash report bp-7c5ddee6-fc9f-4370-8ca4-dfda00190724.

Top 10 frames of crashing thread:

0 xul.dll static void hsw::gather_8888 
1 xul.dll static void hsw::start_pipeline gfx/skia/skia/src/opts/SkRasterPipeline_opts.h:908
2 xul.dll void std::_Func_impl_no_alloc<`lambda at z:/task_1563383129/build/src/gfx/skia/skia/src/core/SkRasterPipeline.cpp:318:12', void, unsigned long long, unsigned long long, unsigned long long, unsigned long long>::_Do_call 
3 xul.dll void SkRasterPipelineBlitter::blitRect gfx/skia/skia/src/core/SkRasterPipelineBlitter.cpp:311
4 xul.dll void SkRasterPipelineBlitter::blitAntiH gfx/skia/skia/src/core/SkRasterPipelineBlitter.cpp:336
5 xul.dll SkAAClipBlitter::blitH gfx/skia/skia/src/core/SkAAClip.cpp:1877
6 xul.dll SkAAClipBlitter::blitRect gfx/skia/skia/src/core/SkAAClip.cpp:1972
7 xul.dll static void antifilldot8 gfx/skia/skia/src/core/SkScan_Antihair.cpp:683
8 xul.dll SkScan::AntiFillRect gfx/skia/skia/src/core/SkScan_Antihair.cpp
9 xul.dll SkScan::AntiFillRect gfx/skia/skia/src/core/SkScan_Antihair.cpp:813

this crash signature is starting to show up in firefox 68 cross-platform, but in low volume. the reports are generally looking security sensitive.

Comment 1

[Daniel Veditz [:dveditz]]

Guessing sec-moderate because these all seem to be reads of data, not objects with pointers or virtual functions.

Comment 2

[Lee Salzman [:lsalzman]]

Attachment: Bug 1568858 - always stretch box shadows except for Cairo. r?jrmuizel

Comment 3

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/integration/autoland/rev/226098b73429a4ad79f3916ee8c01fc9b4cb963a
https://hg.mozilla.org/mozilla-central/rev/226098b73429

Comment 4

[Ryan VanderMeulen [:RyanVM]]

Please nominate this for Beta and ESR68 approval when you get a chance.

Comment 5

[Lee Salzman [:lsalzman]]

Comment on attachment 9080746 [details]
Bug 1568858 - always stretch box shadows except for Cairo. r?jrmuizel

Beta/Release Uplift Approval Request

• User impact if declined: Potential crashes when drawing box shadows on Windows.
• Is this code covered by automated tests?: Yes
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): Just uses an alternative pre-existing drawing path that is as yet not known to cause any problems and should look the same.
• String changes made/needed:

ESR Uplift Approval Request

• If this is not a sec:{high,crit} bug, please state case for ESR consideration:
• User impact if declined:
• Fix Landed on Version:
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky):
• String or UUID changes made by this patch:

Comment 6

[Ryan VanderMeulen [:RyanVM]]

Comment on attachment 9080746 [details]
Bug 1568858 - always stretch box shadows except for Cairo. r?jrmuizel

Fixes a sec-sensitive crash on Windows. Approved for 69.0b9 and 68.1esr.

Comment 7

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-beta/rev/383500a28e6e

Comment 8

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-esr68/rev/248a7f849478