Closed Bug 1746356 Opened 4 years ago Closed 3 years ago

Crash in [@ mozilla::gfx::DrawTargetOffset::Init]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
103 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox101 --- wontfix
firefox102 --- wontfix
firefox103 --- fixed

People

(Reporter: wsmwk, Assigned: nical)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1746356 - Null-check the result of CreateSimilarDrawTarget. r=#gfx-reviewers
48 bytes, text/x-phabricator-request
Details | Review

Android crashes have increased in recent months, like bug 1746354 .. https://crash-stats.mozilla.org/signature/?proto_signature=~mozilla%3A%3Alayers%3A%3AWebRenderCommandBuilder%3A%3ACreateWebRenderCommands&signature=mozilla%3A%3Agfx%3A%3ADrawTargetOffset%3A%3AInit&date=%3E%3D2021-06-16T09%3A23%3A00.000Z&date=%3C2021-12-16T09%3A23%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=-date&page=1#graphs

Crash report: https://crash-stats.mozilla.org/report/index/64ab7320-97f4-4554-aa86-e560e0211216

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libxul.so mozilla::gfx::DrawTargetOffset::Init gfx/2d/DrawTargetOffset.cpp:19
1 libxul.so mozilla::gfx::Factory::CreateOffsetDrawTarget gfx/2d/Factory.cpp:465
2 libxul.so mozilla::gfx::DrawTargetSkia::CreateClippedDrawTarget gfx/2d/DrawTargetSkia.cpp:1498
3 libxul.so mozilla::nsDisplayBlendMode::Paint layout/painting/nsDisplayList.cpp:5041
4 libxul.so mozilla::nsDisplayList::Paint layout/painting/nsDisplayList.cpp:2100
5 libxul.so mozilla::nsDisplayBlendContainer::Paint layout/painting/nsDisplayList.cpp:5120
6 libxul.so mozilla::nsDisplayList::Paint layout/painting/nsDisplayList.cpp:2100
7 libxul.so mozilla::nsDisplayOpacity::Paint layout/painting/nsDisplayList.cpp:4745
8 libxul.so mozilla::nsDisplayList::Paint layout/painting/nsDisplayList.cpp:2100
9 libxul.so mozilla::nsDisplayTransform::Paint layout/painting/nsDisplayList.cpp:6817

Firefox crash https://crash-stats.mozilla.org/report/index/756d1788-1b13-4a7e-9c1b-020240211216

Looks like https://hg.mozilla.org/releases/mozilla-release/file/5a1a2f3b06c23a27532ba48f9999c59c643f3f36/gfx/2d/DrawTargetSkia.cpp#l1496 fails and returns a null draw target which is then unconditionally use in Init.

The reason for failing could be an allocation failure so fixing this might convert into OOM crashes somewhere else.

Assignee: nobody → nical.bugzilla
Status: NEW → ASSIGNED
Pushed by nsilva@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/af13e4c71c8d Null-check the result of CreateSimilarDrawTarget. r=gfx-reviewers,lsalzman

https://hg.mozilla.org/mozilla-central/rev/af13e4c71c8d

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox103: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch

The patch landed in nightly and beta is affected.
:nical, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(nical.bugzilla)

I don't expect this will impact crash rates enough to bother with an uplift.

status-firefox102: affectedwontfix
Flags: needinfo?(nical.bugzilla)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: