1769491 - Crash in [@ IPC::ParamTraits<mozilla::layers::WebRenderScrollData>::Write]

Status: RESOLVED INACTIVE

(Core :: Graphics: WebRender, defect)

Description

[Gabriele Svelto [:gsvelto]]

Crash report: https://crash-stats.mozilla.org/report/index/ad93ba3c-be67-4e96-8b2e-9b4420220510

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll static IPC::ParamTraits<mozilla::layers::WebRenderScrollData>::Write gfx/layers/wr/WebRenderScrollData.cpp:409
1 xul.dll mozilla::layers::PWebRenderBridgeChild::SendSetDisplayList ipc/ipdl/PWebRenderBridgeChild.cpp:261
2 xul.dll mozilla::layers::WebRenderBridgeChild::EndTransaction gfx/layers/wr/WebRenderBridgeChild.cpp:127
3 xul.dll mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer gfx/layers/wr/WebRenderLayerManager.cpp:458
4 xul.dll mozilla::nsDisplayList::PaintRoot layout/painting/nsDisplayList.cpp:2291
5 xul.dll static nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:3446
6 xul.dll mozilla::PresShell::PaintInternal layout/base/PresShell.cpp:6417
7 xul.dll nsViewManager::ProcessPendingUpdatesPaint view/nsViewManager.cpp:440
8 xul.dll nsViewManager::ProcessPendingUpdatesForView view/nsViewManager.cpp:375
9 xul.dll nsViewManager::ProcessPendingUpdates view/nsViewManager.cpp:948

An odd crash that I spotted on nightly but seems to be present on release too. On the surface this appears to be a NULL pointer dereference, but looking through the crashes there are several where the crashing address appears to be a 32-bit value that has been sign-extended to 64-bits before being used as a pointer.

Comment 1

[Glenn Watson [:gw]]

Given the volume and lack of repro steps, there is nothing we can do about this. Closing for now, but please reopen if volume or relevant information changes.