SeaMonkey sometimes asserts on cairo IMAGE_FORMAT_VALID when using the tab preview feature

VERIFIED WORKSFORME

Status

()

Core
Graphics
--
critical
VERIFIED WORKSFORME
11 years ago
11 years ago

People

(Reporter: mcsmurf, Unassigned)

Tracking

({crash, regression})

Trunk
x86
Windows XP
crash, regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
With a current self-built trunk build from today SeaMonkey sometimes crashes when using the tab preview feature on some sites (for some it works, for some it doesn't). And if it doesn't crash the first time then you do not seem to get any preview for that website. Normally you hover over a tab and then you see a small preview of the loaded site in that tab. For testing I used http://gemal.dk/mozilla/blogupdates.html in the tab I am previewing and any other site in the second tab (you can also use three or four tabs to test...).

Stacktrace:
0:000> kp
ChildEBP RetAddr  
0012bd24 0153551e thebes!_moz_cairo_surface_get_type(struct _cairo_surface * surface = 0x01545599)+0x4 [f:\mozilla\tree-cvsmo\mozilla\gfx\cairo\cairo\src\cairo-surface.c @ 136]
0012bd2c 01541f17 thebes!gfxASurface::GetType(void)+0x8 [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxasurface.cpp @ 199]
0012bd34 01542eb2 thebes!GetDCFromSurface(class gfxASurface * aSurface = 0x01545599)+0xc [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxwindowsfonts.cpp @ 83]
0012bd84 01545599 thebes!SetupContextFont(class gfxContext * aContext = 0x03ae1b38, class gfxWindowsFont * aFont = 0x03a6d7c8)+0x1e [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxwindowsfonts.cpp @ 595]
0012c1a0 01545822 thebes!gfxWindowsFontGroup::InitTextRunGDI(class gfxContext * aContext = 0x03d022c0, class gfxTextRun * aRun = 0x03c8ad30, unsigned short * aString = 0x0012c1f0, unsigned int aLength = 0xd)+0x53 [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxwindowsfonts.cpp @ 706]
0012c274 01541b16 thebes!gfxWindowsFontGroup::MakeTextRun(unsigned char * aString = 0x0012c6f0 "Profile files", unsigned int aLength = 0xd, struct gfxTextRunFactory::Parameters * aParams = 0x0012c298, unsigned int aFlags = 0x1100a81)+0xd1 [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxwindowsfonts.cpp @ 580]
0012c7bc 01541cd9 thebes!TextRunWordCache::MakeTextRun(unsigned char * aText = 0x0012daf8 "Profile files3c}???", unsigned int aLength = 0xd, class gfxFontGroup * aFontGroup = 0x037ebde0, struct gfxTextRunFactory::Parameters * aParams = 0x0012c84c, unsigned int aFlags = 0x1100a80)+0x345 [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxtextrunwordcache.cpp @ 503]
*** WARNING: Unable to verify checksum for F:\MOZILLA\TREE-C~1\MOZILLA\OBJSUITE\DIST\BIN\components\gklayout.dll
0012c7d8 01942184 thebes!gfxTextRunWordCache::MakeTextRun(unsigned char * aText = 0x0012daf8 "Profile files3c}???", unsigned int aLength = 0xd, class gfxFontGroup * aFontGroup = 0x037ebde0, struct gfxTextRunFactory::Parameters * aParams = 0x0012c84c, unsigned int aFlags = 0x1100a80)+0x25 [f:\mozilla\tree-cvsmo\mozilla\gfx\thebes\src\gfxtextrunwordcache.cpp @ 654]
0012c7f8 0194363f gklayout!MakeTextRun(unsigned char * aText = 0x00000000 "", unsigned int aLength = 0xd, class gfxFontGroup * aFontGroup = 0x03ae1b38, struct gfxTextRunFactory::Parameters * aParams = 0x0012c84c, unsigned int aFlags = 0x1100a80)+0x42 [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 684]
0012dad8 019438d7 gklayout!BuildTextRunsScanner::BuildTextRunForFrames(void * aTextBuffer = 0x0012daf8)+0x89b [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 1768]
0012eafc 01943d05 gklayout!BuildTextRunsScanner::FlushFrames(int aFlushLineBreaks = 1)+0xbf [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 1247]
0012ee70 01943d76 gklayout!BuildTextRuns(class nsIRenderingContext * aRC = 0x84cb0074, class nsTextFrame * aForFrame = 0x03a6c068, class nsIFrame * aLineContainer = 0x00000000, class nsLineList_iterator * aForFrameLine = 0x03ae1b38)+0x22d [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 1206]
0012eec8 01943f71 gklayout!nsTextFrame::EnsureTextRun(class nsIRenderingContext * aRC = 0x03de10a0, class nsIFrame * aLineContainer = 0x00000000, class nsLineList_iterator * aLine = 0x00000000, unsigned int * aFlowEndInTextRun = 0x00000000)+0x51 [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 1962]
0012f06c 019456e0 gklayout!nsTextFrame::PaintText(class nsIRenderingContext * aRenderingContext = 0x03de10a0, struct nsPoint aPt = struct nsPoint, struct nsRect * aDirtyRect = 0x0012f144)+0x22 [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 4196]
0012f084 0192df2a gklayout!nsDisplayText::Paint(class nsDisplayListBuilder * aBuilder = 0x0012f104, class nsIRenderingContext * aCtx = 0x03d88870, struct nsRect * aDirtyRect = 0x00000400)+0x26 [f:\mozilla\tree-cvsmo\mozilla\layout\generic\nstextframethebes.cpp @ 3609]
0012f098 0190b6e2 gklayout!nsDisplayList::Paint(class nsDisplayListBuilder * aBuilder = 0x0012f104, class nsIRenderingContext * aCtx = 0x03d88870, struct nsRect * aDirtyRect = 0x00000400)+0x18 [f:\mozilla\tree-cvsmo\mozilla\layout\base\nsdisplaylist.cpp @ 292]
0012f15c 01a26848 gklayout!PresShell::RenderDocument(struct nsRect * aRect = 0x0012f188, int aUntrusted = 0, int aIgnoreViewportScrolling = 1, unsigned int aBackgroundColor = 0x3de10a0, class gfxContext * aThebesContext = 0x03d022c0)+0x1cc [f:\mozilla\tree-cvsmo\mozilla\layout\base\nspresshell.cpp @ 4792]
*** WARNING: Unable to verify checksum for F:\MOZILLA\TREE-C~1\MOZILLA\OBJSUITE\DIST\BIN\xpcom_core.dll
0012f1ac 002b008b gklayout!nsCanvasRenderingContext2D::DrawWindow(class nsIDOMWindow * aWindow = 0x00000000, int aX = 0, int aY = 228, int aW = 1278, int aH = 49696664, class nsAString_internal * aBGColor = 0x03c728a0)+0x119 [f:\mozilla\tree-cvsmo\mozilla\content\canvas\src\nscanvasrenderingcontext2d.cpp @ 2347]
*** WARNING: Unable to verify checksum for F:\MOZILLA\TREE-C~1\MOZILLA\OBJSUITE\DIST\BIN\components\xpc3250.dll
0012f1e8 01466f33 xpcom_core!NS_InvokeByIndex_P(class nsISupports * that = 0x03cc59a8, unsigned int methodIndex = 0x3f, unsigned int paramCount = 6, struct nsXPTCVariant * params = 0x0012f20c)+0x27 [f:\mozilla\tree-cvsmo\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp @ 102]
0012f258 03c728a0 xpc3250!XPCWrappedNative::CallMethod(class XPCCallContext * ccx = 0x00000002, XPCWrappedNative::CallMode mode = CALL_METHOD (0))+0x748 [f:\mozilla\tree-cvsmo\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp @ 2277]

For frame 0:
surface 0x01545599 struct _cairo_surface *
    type -1921223591 (No matching enumerant)
(Reporter)

Comment 1

11 years ago
Previewing http://gemal.dk/mozilla/blogupdates.html worked fine with a build from yesterday (2007-08-01-02), but crashes with a build from today (2007-08-02-02), so this is probably a regression from the Cairo landing. I also tested with hourly builds from today (which include the rest of the Cairo fixes), those builds also crash.

Breakpad report: http://crash-stats.mozilla.com/report/index/8df19d59-414b-11dc-985f-001a4bd46e84?date=2007-08-02-22
Same stack, except that it has _cairo_array_num_elements as frame 0 stack signature.
Keywords: regression
(Reporter)

Comment 2

11 years ago
When crashing with a debug build, I get these assertions before it crashes:
Assertion failed at f:/mozilla/tree-cvsmo/mozilla/gfx/cairo/cairo/src/cairo-imag
e-surface.c:394: CAIRO_FORMAT_VALID (image_surface->format)
###!!! ASSERTION: gfxASurface::AddRef without mSurface: 'mSurface != nsnull', fi
le f:/mozilla/tree-cvsmo/mozilla/gfx/thebes/src/gfxASurface.cpp, line 66
(Reporter)

Updated

11 years ago
Blocks: 383960

Comment 3

11 years ago
Bug 391243 fixes the crash, but it still asserts and the tooltip
is "blank" so we still need to track down why this bug occurs.
Depends on: 391243
I'm guessing that you're running a non-depth-24 X server, and/or you have an odd set of RGB masks (e.g. BGR instead of RGB).  Xvnc in particular creates a 16bpp display by default, and when you give -depth 24, it'll use BGR.
Summary: SeaMonkey sometimes crashes when using the tab preview feature [@ _moz_cairo_surface_get_type] → SeaMonkey sometimes asserts on cairo IMAGE_FORMAT_VALID when using the tab preview feature
(Reporter)

Comment 5

11 years ago
If you mean my setup, I run a simple plain Windows XP with a color depth of 32 bits :).
(Reporter)

Comment 6

11 years ago
Actually, with a current build this seems to be wfm now and the assertion is also gone.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
Ah ok, sorry, I thought you were on linux due to the IMAGE_FORMAT bit.  If on win32, then this was almost certainly bug 391243/bug 390668.

Comment 8

11 years ago
Verified.  (and I believe this was a Windows-only bug)
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.