Closed
Bug 1650989
Opened 4 years ago
Closed 4 years ago
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at gfx/2d/DrawTargetRecording.cpp:545
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
VERIFIED
FIXED
mozilla80
People
(Reporter: tsmith, Assigned: kats)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(3 files)
|
201 bytes,
text/html
|
Details | |
|
8.78 KB,
application/x-javascript
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at gfx/2d/DrawTargetRecording.cpp:545
0|0|libxul.so|mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) const|hg:hg.mozilla.org/mozilla-central:gfx/2d/DrawTargetRecording.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|543|0x29
0|1|libxul.so|nsSVGIntegrationUtils::PaintMask(nsSVGIntegrationUtils::PaintFramesParams const&, bool&)|hg:hg.mozilla.org/mozilla-central:layout/svg/nsSVGIntegrationUtils.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|787|0x3e
0|2|libxul.so|nsDisplayMasksAndClipPaths::PaintMask(nsDisplayListBuilder*, gfxContext*, bool*)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|9223|0x8
0|3|libxul.so|mozilla::layers::WebRenderCommandBuilder::BuildWrMaskImage(nsDisplayMasksAndClipPaths*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|2525|0x19
0|4|libxul.so|nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|9485|0x182
0|5|libxul.so|mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1652|0x30
0|6|libxul.so|mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1757|0x26
0|7|libxul.so|nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|8012|0x25
0|8|libxul.so|mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1652|0x30
0|9|libxul.so|mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1757|0x26
0|10|libxul.so|mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderCommandBuilder.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1578|0x24
0|11|libxul.so|mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderLayerManager.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|322|0x26
0|12|libxul.so|nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|2400|0xb
0|13|libxul.so|nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|4261|0x1b
0|14|libxul.so|mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|6371|0x1d
0|15|libxul.so|nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|460|0x13
0|16|libxul.so|nsViewManager::ProcessPendingUpdatesForView(nsView*, bool)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|395|0x13
0|17|libxul.so|nsViewManager::ProcessPendingUpdates()|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|1018|0x11
0|18|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|2191|0xd
0|19|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|373|0xb
0|20|libxul.so|mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|367|0x12
0|21|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|737|0x17
0|22|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|639|0x10
0|23|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|538|0x14
0|24|libxul.so|mozilla::RunnableTask::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|209|0x11
0|25|libxul.so|mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|459|0xa
0|26|libxul.so|mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|337|0x5
0|27|libxul.so|mozilla::TaskController::ProcessPendingMTTask()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|152|0x8
0|28|libxul.so|mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:6cedb9c51fd839f6de2812cac6b95c5b9f4c7716|577|0xd
0|29|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/
Flags: in-testsuite?
|
Reporter | |
Comment 1•4 years ago
|
||
|
||
Updated•4 years ago
|
Crash Signature: [@ mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget ]
|
||
Updated•4 years ago
|
Whiteboard: [bugmon:bisected,confirmed]
|
|
||
Comment 2•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20200707034119-dd1766e040a2.
Failed to bisect testcase (Start build crashes!):
> Start: b782ed36b2e87f3466c4871f32649dfeb41a2ab5 (20190709034414)
> End: dd1766e040a2db3cf1497ffe4b221e5082a831ee (20200707034119)
> BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=False, coverage=False, valgrind=False)
|
||
Comment 3•4 years ago
|
||
Blocks: wr-stability
Keywords: crash
OS: Unspecified → All
Hardware: Unspecified → All
See Also: → 1524418
|
|
||
Updated•4 years ago
|
status-firefox77:
--- → wontfix
status-firefox78:
--- → wontfix
status-firefox79:
--- → affected
status-firefox-esr68:
--- → disabled
status-firefox-esr78:
--- → disabled
|
||
Updated•4 years ago
|
Flags: needinfo?(kats)
|
Assignee | |
Updated•4 years ago
|
Assignee: nobody → kats
Flags: needinfo?(kats)
|
|
Assignee | |
Comment 4•4 years ago
|
||
Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a54f73f87960
Abort mask creation instead of crashing when the size is too large. r=jrmuizel
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
|
||
Comment 7•4 years ago
|
||
The patch landed in nightly and beta is affected.
:kats, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.
For more information, please visit auto_nag documentation.
Flags: needinfo?(kats)
|
|
Assignee | |
Comment 8•4 years ago
|
||
Comment on attachment 9162342 [details]
Bug 1650989 - Abort mask creation instead of crashing when the size is too large. r?jrmuizel
Beta/Release Uplift Approval Request
- User impact if declined: Rare content process crash when the page uses a giant mask (WebRender only)
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Simple early-exit patch
- String changes made/needed:
Flags: needinfo?(kats)
Attachment #9162342 -
Flags: approval-mozilla-beta?
|
|
||
Updated•4 years ago
|
|
|
||
Comment 9•4 years ago
|
||
Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20200713095122-2c8bc998c107.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
|
||
Comment 10•4 years ago
|
||
Comment on attachment 9162342 [details]
Bug 1650989 - Abort mask creation instead of crashing when the size is too large. r?jrmuizel
Approved for 79.0b8.
Attachment #9162342 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 11•4 years ago
|
||
| bugherder uplift | ||
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•