Closed
Bug 1758168
Opened 3 years ago
Closed 3 years ago
Hit MOZ_CRASH(assertion failed: task_size.width <= MAX_SURFACE_SIZE as i32) at gfx/wr/webrender/src/picture.rs:6814
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
VERIFIED
FIXED
100 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox98 | --- | unaffected |
| firefox99 | --- | fixed |
| firefox100 | --- | verified |
People
(Reporter: tsmith, Assigned: gw)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
|
691 bytes,
text/html
|
Details | |
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-beta+
|
Details | Review |
Found while fuzzing m-c 20220304-b01b8627f45f (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --xvfb
Hit MOZ_CRASH(assertion failed: task_size.width <= MAX_SURFACE_SIZE as i32) at gfx/wr/webrender/src/picture.rs:6814
#0 0x7fa7f5a9d945 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3
#1 0x7fa7f5a9d945 in RustMozCrash src/mozglue/static/rust/wrappers.cpp:18:3
#2 0x7fa7f5a9d7a4 in mozglue_static::panic_hook::h773f18c382903796 src/mozglue/static/rust/lib.rs:91:9
#3 0x7fa7f5a9d30b in core::ops::function::Fn::call::ha1de6d8c8d2b790f /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/ops/function.rs:70:5
#4 0x7fa7f688bd44 in std::panicking::rust_panic_with_hook::h1a5ea2d6c23051aa /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:610:17
#5 0x7fa7f688ba11 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h07f549390938b73f /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:500:13
#6 0x7fa7f6887923 in std::sys_common::backtrace::__rust_end_short_backtrace::h5ec3758a92cfb00d /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:139:18
#7 0x7fa7f688b778 in rust_begin_unwind /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:498:5
#8 0x7fa7ec25f3e0 in core::panicking::panic_fmt::h3a79a6a99affe1d5 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/panicking.rs:116:14
#9 0x7fa7ec25f32c in core::panicking::panic::h97167cd315d19cd4 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/panicking.rs:48:5
#10 0x7fa7f542ba66 in webrender::picture::get_surface_rects::h2498a292b762deae src/gfx/wr/webrender/src/picture.rs:6814:5
#11 0x7fa7f542ba66 in webrender::picture::PicturePrimitive::take_context::hc9431cfe24337ed5 src/gfx/wr/webrender/src/picture.rs:4929:43
#12 0x7fa7f543b361 in webrender::prepare::prepare_prim_for_render::h7a87af478aecc343 src/gfx/wr/webrender/src/prepare.rs:159:15
#13 0x7fa7f543b361 in webrender::prepare::prepare_primitives::hddf1ba99a8ddad2e src/gfx/wr/webrender/src/prepare.rs:108:16
#14 0x7fa7f53e8f5a in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::hffb17423832a954a src/gfx/wr/webrender/src/frame_builder.rs:502:17
#15 0x7fa7f53e8f5a in webrender::frame_builder::FrameBuilder::build::he9c3d4392d7dc5fa src/gfx/wr/webrender/src/frame_builder.rs:593:9
#16 0x7fa7f5466926 in webrender::render_backend::Document::build_frame::hdb47e483955b9990 src/gfx/wr/webrender/src/render_backend.rs:493:25
#17 0x7fa7f547cf4a in webrender::render_backend::RenderBackend::update_document::hddcfd3ccea10d6f7 src/gfx/wr/webrender/src/render_backend.rs:1387:41
#18 0x7fa7f5471e70 in webrender::render_backend::RenderBackend::prepare_transactions::hb5ea8d5add0fff26 src/gfx/wr/webrender/src/render_backend.rs:1236:28
#19 0x7fa7f5471e70 in webrender::render_backend::RenderBackend::process_api_msg::h420b35c10dc36626 src/gfx/wr/webrender/src/render_backend.rs:1088:17
#20 0x7fa7f54a452c in webrender::render_backend::RenderBackend::run::h2e623193e95a1225 src/gfx/wr/webrender/src/render_backend.rs:758:21
#21 0x7fa7f54a452c in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::h71d03fd1931e9bd6 src/gfx/wr/webrender/src/renderer/mod.rs:1328:13
#22 0x7fa7f54a452c in std::sys_common::backtrace::__rust_begin_short_backtrace::haa681597b7253c7c /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:123:18
#23 0x7fa7f5239dee in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h2164df2487f01841 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/thread/mod.rs:477:17
#24 0x7fa7f5239dee in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h0247046a4e5f6a61 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/panic/unwind_safe.rs:271:9
#25 0x7fa7f5239dee in std::panicking::try::do_call::h34f69670c47ed47f /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:406:40
#26 0x7fa7f5239dee in std::panicking::try::hb1c8891e6e1c3b28 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:370:19
#27 0x7fa7f5239dee in std::panic::catch_unwind::he0e01a26201bb699 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panic.rs:133:14
#28 0x7fa7f5239dee in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h6c42819231972e85 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/thread/mod.rs:476:30
#29 0x7fa7f5239dee in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::hbe8f8a7be2039d20 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/ops/function.rs:227:5
#30 0x7fa7f6897992 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h49b6c7c5155a2296 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/alloc/src/boxed.rs:1854:9
#31 0x7fa7f6897992 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::ha8b5234bfeb15105 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/alloc/src/boxed.rs:1854:9
#32 0x7fa7f6897992 in std::sys::unix::thread::Thread::new::thread_start::h6f207dd842d64859 /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys/unix/thread.rs:108:17
#33 0x7fa8030da608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#34 0x7fa802ca2292 in __clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
Reporter | |
Comment 1•3 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/nqmHKSx9emTFYaOgx1uHfQ/index.html
|
||
Comment 2•3 years ago
|
||
Bugmon Analysis
Verified bug as reproducible on mozilla-central 20220304214025-967ae1edad41.
The bug appears to have been introduced in the following build range:
Start: cd1ca5184c73edfc4af351ad4c89ea994311625b (20220228215749)
End: 9f3cb0197f1ff639627e97ea474596fc6ccb2a1f (20220228232435)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=cd1ca5184c73edfc4af351ad4c89ea994311625b&tochange=9f3cb0197f1ff639627e97ea474596fc6ccb2a1f
Keywords: regression
Whiteboard: [bugmon:bisected,confirmed]
|
Assignee | |
Updated•3 years ago
|
Assignee: nobody → gwatson
|
|
Assignee | |
Comment 3•3 years ago
|
||
|
||
Comment 4•3 years ago
|
||
:gw, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
Flags: needinfo?(gwatson)
|
|
||
Comment 5•3 years ago
|
||
Set release status flags based on info from the regressing bug 1757002
status-firefox100:
--- → affected
status-firefox98:
--- → unaffected
status-firefox-esr91:
--- → unaffected
|
|
||
Updated•3 years ago
|
Has Regression Range: --- → yes
Pushed by gwatson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1ed627ed1041
Fix for fractional sizes when scaling surfaces > max size r=gfx-reviewers,lsalzman
|
||
Comment 7•3 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
|
|
||
Comment 8•3 years ago
|
||
Bugmon Analysis
Verified bug as fixed on rev mozilla-central 20220314094248-7e01ab125e4c.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
Assignee | |
Comment 9•3 years ago
|
||
Comment on attachment 9266947 [details]
Bug 1758168 - Fix for fractional sizes when scaling surfaces > max size
Beta/Release Uplift Approval Request
- User impact if declined: Fixes crashes when off-screen surface size is very large on a fractional boundary.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): It's a small fix for a typo.
- String changes made/needed:
Attachment #9266947 -
Flags: approval-mozilla-beta?
|
||
Comment 11•3 years ago
|
||
Comment on attachment 9266947 [details]
Bug 1758168 - Fix for fractional sizes when scaling surfaces > max size
Approved for 99.0b5. Thanks.
Attachment #9266947 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 12•3 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•