Closed Bug 1897745 Opened 5 months ago Closed 4 months ago

Crash in [@ mozilla::dom::ScaleDataSourceSurface]

Categories

(Core :: Graphics: Canvas2D, defect)

Unspecified
Windows 11
defect

Tracking

()

RESOLVED FIXED
128 Branch
Tracking Status
firefox-esr115 --- unaffected
firefox127 --- wontfix
firefox128 --- fixed

People

(Reporter: gsvelto, Assigned: lsalzman)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Crash report: https://crash-stats.mozilla.org/report/index/7fc88b87-eed7-42e6-98b9-c8e600240519

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  xul.dll  mozilla::dom::ScaleDataSourceSurface(mozilla::gfx::DataSourceSurface*, mozill...  dom/canvas/ImageBitmap.cpp:293
1  xul.dll  mozilla::dom::ImageBitmap::CreateImageBitmapInternal(nsIGlobalObject*, mozill...  dom/canvas/ImageBitmap.cpp:1097
2  xul.dll  mozilla::dom::ImageBitmap::CreateInternal(nsIGlobalObject*, mozilla::dom::HTM...  dom/canvas/ImageBitmap.cpp:1273
3  xul.dll  mozilla::dom::ImageBitmap::Create(nsIGlobalObject*, mozilla::dom::HTMLImageEl...  dom/canvas/ImageBitmap.cpp:1821
4  xul.dll  already_AddRefed<mozilla::dom::Promise>::take()  mfbt/AlreadyAddRefed.h:153
4  xul.dll  RefPtr<mozilla::dom::Promise>::RefPtr(already_AddRefed<mozilla::dom::Promise>&&)  mfbt/RefPtr.h:126
4  xul.dll  mozilla::dom::StrongOrRawPtr(already_AddRefed<mozilla::dom::Promise>&&)  dom/bindings/BindingUtils.h:3198
4  xul.dll  mozilla::dom::Window_Binding::createImageBitmap(JSContext*, JS::Handle<JSObje...  dom/bindings/WindowBinding.cpp:0
4  xul.dll  mozilla::dom::Window_Binding::createImageBitmap_promiseWrapper(JSContext*, JS...  dom/bindings/WindowBinding.cpp:19280
5  xul.dll  mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::May...  dom/bindings/BindingUtils.cpp:3268

Low-volume, looks like maybe aSurface is NULL here?

The severity field is not set for this bug.
:lsalzman, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(lsalzman)

Every use of ScaleDataSourceSurface checks for a null result and just spits out
a warning. So here it seems reasonable to check the input is valid, and if not,
just spit out that null result. This should give us more consistent behavior
between debug and opt builds.

Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Flags: needinfo?(lsalzman)
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/731a472347c8 Check for null surface in ScaleDataSourceSurface. r=aosmond
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: