Closed Bug 1741124 Opened 6 months ago Closed 6 months ago

Playing certain Google Slides transitions causes crash

Categories

(Core :: Web Painting, defect)

Firefox 94
x86_64
Linux
defect

Tracking

()

VERIFIED FIXED
96 Branch
Tracking Status
firefox-esr91 --- wontfix
firefox94 --- wontfix
firefox95 --- verified
firefox96 --- verified

People

(Reporter: karthin, Assigned: emilio)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(4 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0

Steps to reproduce:

  1. Create a new Google Slides presentation.
  2. Click "Transitions" near the top, select "Flip", "Cube" or "Gallery".
  3. Click "Play".

Actual results:

Sudden spike in memory usage before Firefox is killed.

Expected results:

Transition should have played.

OS: Unspecified → Linux
Hardware: Unspecified → x86_64

The Bugbug bot thinks this bug should belong to the 'Core::Audio/Video: Playback' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Audio/Video: Playback
Product: Firefox → Core
Component: Audio/Video: Playback → Web Painting

can repro this

  1. Create a new presentation on google slides - Choose any prebuilt templates
  2. Select a slide->Slide->Transition
  3. From the newly opened panel on the right, select cube.
  4. Click on apply to all slides
  5. Click on the Play button

ER: Normal transition
AR: OOM and browser crash

Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached file about:support
Has Regression Range: --- → yes

Set release status flags based on info from the regressing bug 1716904

Applying it to SVG-transformed frames is wrong, and causes us to
rasterize rather massive SVGs. This is consistent with the other CSS
3d transforms code, and our rendering of the test-case matches other
browsers.

Assignee: nobody → emilio
Status: NEW → ASSIGNED

Comment on attachment 9252320 [details]
Bug 1741124 - Don't apply CSS perspective to non-CSS-transformed frames. r=miko,nical

Beta/Release Uplift Approval Request

  • User impact if declined: Crash on Google Slides. If the fix looks good to the reviewers I think we should consider uplifting.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: comment 3
  • List of other uplifts needed: none
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Relatively simple tweak to CSS perspective handling so that it doesn't apply to SVG inner frames.
  • String changes made/needed: none
Flags: needinfo?(emilio)
Attachment #9252320 - Flags: approval-mozilla-beta?
Flags: qe-verify+
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/936ee887c40c
Don't apply CSS perspective to non-CSS-transformed frames. r=miko
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/31733 for changes under testing/web-platform/tests
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
QA Whiteboard: [qa-triaged]

Comment on attachment 9252320 [details]
Bug 1741124 - Don't apply CSS perspective to non-CSS-transformed frames. r=miko,nical

Approved for 95 beta 12, thanks.

Attachment #9252320 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

I have reproduced the issue using Firefox 94.0.2 and I've verified the fix using Firefox Nightly 96.0a1 (20211125043756) on MacOS 11, Ubuntu 20.04 and Windows 10.

I've also verified the fix on Firefox Beta 95.0b12 (20211125101315)

Upstream PR merged by moz-wptsync-bot

this was verified on fixed versions

QA Whiteboard: [qa-triaged]
Flags: qe-verify+
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.