Closed Bug 1897745 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::dom::ScaleDataSourceSurface]

Categories

(Core :: Graphics: Canvas2D, defect)

Product:
Core
Component:
Graphics: Canvas2D
Platform:
Unspecified
Windows 11
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
128 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox127 --- wontfix
firefox128 --- fixed

People

(Reporter: gsvelto, Assigned: lsalzman)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1897745 - Check for null surface in ScaleDataSourceSurface. r?aosmond
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/7fc88b87-eed7-42e6-98b9-c8e600240519

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  xul.dll  mozilla::dom::ScaleDataSourceSurface(mozilla::gfx::DataSourceSurface*, mozill...  dom/canvas/ImageBitmap.cpp:293
1  xul.dll  mozilla::dom::ImageBitmap::CreateImageBitmapInternal(nsIGlobalObject*, mozill...  dom/canvas/ImageBitmap.cpp:1097
2  xul.dll  mozilla::dom::ImageBitmap::CreateInternal(nsIGlobalObject*, mozilla::dom::HTM...  dom/canvas/ImageBitmap.cpp:1273
3  xul.dll  mozilla::dom::ImageBitmap::Create(nsIGlobalObject*, mozilla::dom::HTMLImageEl...  dom/canvas/ImageBitmap.cpp:1821
4  xul.dll  already_AddRefed<mozilla::dom::Promise>::take()  mfbt/AlreadyAddRefed.h:153
4  xul.dll  RefPtr<mozilla::dom::Promise>::RefPtr(already_AddRefed<mozilla::dom::Promise>&&)  mfbt/RefPtr.h:126
4  xul.dll  mozilla::dom::StrongOrRawPtr(already_AddRefed<mozilla::dom::Promise>&&)  dom/bindings/BindingUtils.h:3198
4  xul.dll  mozilla::dom::Window_Binding::createImageBitmap(JSContext*, JS::Handle<JSObje...  dom/bindings/WindowBinding.cpp:0
4  xul.dll  mozilla::dom::Window_Binding::createImageBitmap_promiseWrapper(JSContext*, JS...  dom/bindings/WindowBinding.cpp:19280
5  xul.dll  mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::May...  dom/bindings/BindingUtils.cpp:3268

Low-volume, looks like maybe aSurface is NULL here?

The severity field is not set for this bug.
:lsalzman, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(lsalzman)

Every use of ScaleDataSourceSurface checks for a null result and just spits out
a warning. So here it seems reasonable to check the input is valid, and if not,
just spit out that null result. This should give us more consistent behavior
between debug and opt builds.

Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Flags: needinfo?(lsalzman)
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/731a472347c8 Check for null surface in ScaleDataSourceSurface. r=aosmond

https://hg.mozilla.org/mozilla-central/rev/731a472347c8

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox128: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: