Closed Bug 1627689 Opened 5 years ago Closed 5 years ago

Crash in [@ mozilla::gfx::DrawTargetCairo::DrawSurfaceWithShadow]

Categories

(Core :: Graphics, defect, P3)

Product:
Core
Component:
Graphics
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox75 --- wontfix
firefox76 --- fixed
firefox77 --- fixed

People

(Reporter: gsvelto, Assigned: lsalzman)

References

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

aptitude-2.log
3.16 KB, text/x-log
Details
Bug 1627689 - check for valid surfaces in DrawTargetCairo::DrawSurfaceWithShadow. r?jrmuizel
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review

This bug is for crash report bp-191481fa-96c1-48da-bff7-be8a30200405.

Top 10 frames of crashing thread:

0 libxul.so mozilla::gfx::DrawTargetCairo::DrawSurfaceWithShadow /build/firefox-8TuxxS/firefox-74.0.1+build1/gfx/2d/DrawTargetCairo.cpp:844
1 libxul.so mozilla::dom::AdjustedTargetForShadow::~AdjustedTargetForShadow /build/firefox-8TuxxS/firefox-74.0.1+build1/dom/canvas/CanvasRenderingContext2D.cpp:525
2 libxul.so mozilla::dom::AdjustedTarget::~AdjustedTarget /build/firefox-8TuxxS/firefox-74.0.1+build1/dom/canvas/CanvasRenderingContext2D.cpp:633
3 libxul.so mozilla::dom::CanvasBidiProcessor::DrawText /build/firefox-8TuxxS/firefox-74.0.1+build1/dom/canvas/CanvasRenderingContext2D.cpp:3680
4 libxul.so nsBidiPresUtils::ProcessText /build/firefox-8TuxxS/firefox-74.0.1+build1/layout/base/nsBidiPresUtils.cpp:2235
5 libxul.so mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText /build/firefox-8TuxxS/firefox-74.0.1+build1/dom/canvas/CanvasRenderingContext2D.cpp:3988
6 libxul.so mozilla::dom::CanvasRenderingContext2D_Binding::strokeText /build/firefox-8TuxxS/firefox-74.0.1+build1/obj-x86_64-linux-gnu/dom/bindings/CanvasRenderingContext2DBinding.cpp:6342
7 libxul.so bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> /build/firefox-8TuxxS/firefox-74.0.1+build1/dom/bindings/BindingUtils.cpp:3170
8 libxul.so js::InternalCallOrConstruct /build/firefox-8TuxxS/firefox-74.0.1+build1/js/src/vm/Interpreter.cpp:562
9 libxul.so Interpret /build/firefox-8TuxxS/firefox-74.0.1+build1/js/src/vm/Interpreter.cpp:629

This crash seems to have been around for a while, I can find crashes going all the way back to Firefox 52 with consistent stacks. Not many useful comments but more than one mentions Google maps and these two URLs show up in 20 crashes:

https://www.google.pl/maps/@51.7760999,19.4986041,3a,75y,11.64h,90t/data=!3m5!1e1!3m3!1srtPAv6SOE5spLjZsT_sCgQ!2e0!6s%2F%2Fgeo2.ggpht.com%2Fcbk%3Fpanoid%3DrtPAv6SOE5spLjZsT_sCgQ%26output%3Dthumbnail%26cb_client%3Dmaps_sv.tactile.gps%26thumb%3D2%26w%3D203%26h%3D100%26yaw%3D7.2664423%26pitch%3D0%26thumbfov%3D100

https://www.google.de/maps/@50.694663,7.1438117,3a,75y,3.21h,90t/data=!3m5!1e1!3m3!1sSTD6etyuUeA8aq-MVOiHZA!2e0!6s%2F%2Fgeo1.ggpht.com%2Fcbk%3Fpanoid%3DSTD6etyuUeA8aq-MVOiHZA%26output%3Dthumbnail%26cb_client%3Dmaps_sv.tactile.gps%26thumb%3D2%26w%3D203%26h%3D100%26yaw%3D2.0354276%26pitch%3D0%26thumbfov%3D100

Many crashes also have some private URLs from:

https://webmail.earthlink.net

Flags: needinfo?(lsalzman)
Priority: -- → P3

This issue seems to be related: https://bugzilla.mozilla.org/show_bug.cgi?id=1626668

Attached file aptitude-2.log

I had the same issue (my crash reports redirected me to this bug report).

The problem seems to be SOLVED for me now after updating nVidia drivers (see attached aptitude log).

Firefox also got updated some time before (included in log), but that didn't solve the problem on its own.

Thanks! ~99 % of these crashes happened with Nvidia since it spiked.

All the Linux crashes are with nVidia driver version 440.64.0.0 and Ubuntu 19.10. From the update log in comment 2 it suggests that there might have been a problem with that specific version of the closed-source nVidia driver packaged for Ubuntu.

Unfortunately the issue is back. With no action from my side (software or plugin installation or update).

It was perfectly fine after https://bugzilla.mozilla.org/show_bug.cgi?id=1627689#c2 - from 2020-04-09 to 2020-04-14.
But today I just had those crashes again.
Reproducible after restarting the browser (clean history, cookies), even in --safe-mode.

https://crash-stats.mozilla.org/report/index/4cae681d-1453-496b-8303-2aeff0200415

Ary, can you please attach your "about:support" information?

Flags: needinfo?(lsalzman) → needinfo?(arymoonc)

I have reviewed my "about:support" contents and found preference "gfx.canvas.azure.backends" modified to "cairo" (from default "skia").
Toggling this entry between those two values (and restarting the browser) seems to fix/reproduce the issue 100% of the time.

I also had "gfx.content.azure.backends" set alike, but changing this does not seem to have any negative effect.

So with both set to "skia" the issue seems solved for me.

Flags: needinfo?(arymoonc)

Changing "cairo" to "skia" (as noted above) also fixed the two Google Maps links from the original report. Previously they also caused a crash for me.

Sorry for my naive question: Why was cairo kept allowed for Gtk and is there an opportunity to remove this deprecated backend (cleanup)?

This just duplicates some error checking we already do in DrawSurface to this case.

Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c3946caf19d6 check for valid surfaces in DrawTargetCairo::DrawSurfaceWithShadow. r=jrmuizel

https://hg.mozilla.org/mozilla-central/rev/c3946caf19d6

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77

The patch landed in nightly and beta is affected.
:lsalzman, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(lsalzman)
status-firefox76: affectedwontfix
Flags: needinfo?(lsalzman)

Comment on attachment 9141056 [details]
Bug 1627689 - check for valid surfaces in DrawTargetCairo::DrawSurfaceWithShadow. r?jrmuizel

Beta/Release Uplift Approval Request

  • User impact if declined: Potential Linux crashes on webpages that use Canvas2d
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This just duplicates some bail-out code we have in other places in DrawTargetCairo so that we ultimately don't crash but just print out an error instead. Likewise, we don't actively use Cairo as a canvas2d backend anymore unless the user explicitly prefs it on, so most users should remain unaffected by this. However, some users might still unknowingly or purposely pref Cairo on, for which this will resolve the crash.
  • String changes made/needed:
Attachment #9141056 - Flags: approval-mozilla-beta?

Comment on attachment 9141056 [details]
Bug 1627689 - check for valid surfaces in DrawTargetCairo::DrawSurfaceWithShadow. r?jrmuizel

Fixes a Linux crash. Approved for 76.0b7.

Attachment #9141056 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: