Closed Bug 1631335 Opened 4 years ago Closed 4 years ago

Crash in [@ Allocator<T>::free | replace_free | SkCanvas::~SkCanvas]

Categories

(Core :: Graphics, defect, P3)

Product:
Core
Component:
Graphics
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr68 --- disabled
firefox-esr78 --- fixed
firefox77 --- disabled
firefox78 --- fixed
firefox79 --- fixed

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-9fadb73b-5ce5-46cf-a741-c10350200419.

Top 10 frames of crashing thread:

0 mozglue.dll static Allocator<MozJemallocBase>::free memory/build/malloc_decls.h:54
1 mozglue.dll replace_free memory/replace/phc/PHC.cpp:1312
2 xul.dll SkCanvas::~SkCanvas gfx/skia/skia/src/core/SkCanvas.cpp:604
3 xul.dll SkCanvas::~SkCanvas gfx/skia/skia/src/core/SkCanvas.cpp:597
4 xul.dll SkSurface_Raster::~SkSurface_Raster gfx/skia/skia/src/image/SkSurface_Raster.cpp:15
5 xul.dll mozilla::gfx::DrawTargetSkia::~DrawTargetSkia gfx/2d/DrawTargetSkia.cpp:295
6 xul.dll mozilla::gfx::DrawTargetSkia::~DrawTargetSkia gfx/2d/DrawTargetSkia.cpp:277
7 xul.dll mozilla::gfx::SourceSurfaceCapture::~SourceSurfaceCapture gfx/2d/SourceSurfaceCapture.cpp:65
8 xul.dll mozilla::gfx::SourceSurfaceCapture::~SourceSurfaceCapture gfx/2d/SourceSurfaceCapture.cpp:65
9 xul.dll mozilla::gfx::MaskSurfaceCommand::~MaskSurfaceCommand gfx/2d/DrawCommands.h:689

Only a handful of crashes but the stacks are consistent across at least two completely different machines. The oldest buildid for this crash is 20200417100143.

Nothing jumps out in the changes around that build for me. It also seems like there were a couple of crashes and later builds haven't reported any more crashes, but since this seems to be a memory related crash, maybe it moved to a different crash callstack.

@Lee: Could you take a look?

Flags: needinfo?(lsalzman)

Bob, this looks like it might be related to bug 1630521?

Flags: needinfo?(lsalzman) → needinfo?(bobowencode)
See Also: → 1630521
Severity: -- → normal
Priority: -- → P1

(In reply to Lee Salzman [:lsalzman] from comment #2)

Bob, this looks like it might be related to bug 1630521?

I've stared at this quite a lot, but I can't see how the changes from that patch would mess up the deletion of the pointer.

Flags: needinfo?(bobowencode)

The severity field is not set for this bug.
:jbonisteel, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(jbonisteel)
Severity: normal → S3
Flags: needinfo?(jbonisteel)
Priority: P1 → P3

Fixed by commit in bug 1644208.

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox77: --- → unaffected
status-firefox78: --- → fixed
status-firefox79: --- → fixed
Depends on: 1644208
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.