Crash in [@ mozilla::dom::ImageBitmap::CreateFromCloneData]
Categories
(Core :: Graphics: Canvas2D, defect)
Tracking
()
People
(Reporter: gsvelto, Assigned: aosmond)
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr115-
RyanVM
:
approval-mozilla-esr128+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/c0579800-80b0-42d3-a020-e181d0221009
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll mozilla::dom::ImageBitmap::CreateFromCloneData dom/canvas/ImageBitmap.cpp:832
1 xul.dll mozilla::dom::StructuredCloneHolder::CustomReadTransferHandler dom/base/StructuredCloneHolder.cpp:1200
2 xul.dll mozilla::dom:: dom/base/StructuredCloneHolder.cpp:118
3 xul.dll ReadStructuredClone js/src/vm/StructuredClone.cpp:765
4 xul.dll JSAutoStructuredCloneBuffer::read js/src/vm/StructuredClone.cpp:3943
5 xul.dll mozilla::dom::StructuredCloneHolder::Read dom/base/StructuredCloneHolder.cpp:385
6 xul.dll mozilla::dom::MessageEventRunnable::DispatchDOMEvent dom/workers/MessageEventRunnable.cpp:74
7 xul.dll mozilla::dom::MessageEventRunnable::WorkerRun dom/workers/MessageEventRunnable.cpp:139
8 xul.dll mozilla::dom::WorkerRunnable::Run dom/workers/WorkerRunnable.cpp:377
9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1199
This looks like the effect of an out-of-memory situation that we didn't properly address earlier in the code flow:
- We're accessing a NULL pointer
- All crashes have very low amounts of commit space left
It's likely that the allocation of an object failed at some point and returned NULL and then we crashed trying to access it.
|
||
Comment 1•3 years ago
|
||
Since the crash volume is low (less than 15 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
|
||
Updated•1 year ago
|
|
Assignee | |
Comment 2•1 year ago
|
||
|
||
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
||
Comment 4•1 year ago
|
||
| bugherder | ||
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 6•1 year ago
|
||
Comment on attachment 9439361 [details]
Bug 1794360 - Fail to clone ImageBitmap if no data surface available.
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Low volume content process crash
- User impact if declined: Content process may continue to crash with sites that use canvas and DOM workers
- Fix Landed on Version: 134
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Change is trivial, just adding a new null pointer check.
|
|
||
Comment 7•1 year ago
|
||
Comment on attachment 9439361 [details]
Bug 1794360 - Fail to clone ImageBitmap if no data surface available.
Approved for 128.7esr.
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 9•1 year ago
|
||
It seems like most of the remaining crash volume is in ESR115 FWIW?
|
|
||
Comment 10•1 year ago
|
||
ESR115 is only open for critical fixes at this point as part of the limited support extension beyond its originally-planned EOL date.
Description
•