FF allocates huge portions of memory and then crashes [@ nsCanvasRenderingContext2D::CairoSurfaceFromElement]

RESOLVED WORKSFORME

Status

()

Core
Canvas: 2D
P2
critical
RESOLVED WORKSFORME
10 years ago
7 years ago

People

(Reporter: Manuel, Unassigned)

Tracking

({crash})

1.8 Branch
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [needs stack evaluated for usefulness - canvas], crash signature)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

I had three tabs open, at first FF allocated huge portions of memory according to Task Manager, after a few moments FF crashed

Reproducible: Sometimes

Steps to Reproduce:
1. Work with FF for a time 
2. Have some tabs open

Actual Results:  
I have 1.5 GB RAM and FF consumed approx. 860 MB.
After a few moments FF crashed

Expected Results:  
Normal work with FF

TB41645734Z
(Reporter)

Updated

10 years ago
Keywords: crash

Comment 1

10 years ago
what extensions do you have installed and what web site were you visiting?

Incident ID: 41645734
Stack Signature	nsCanvasRenderingContext2D::CairoSurfaceFromElement c163c87f
Product ID	Firefox2
Build ID	2008020121
Trigger Time	2008-02-19 07:36:52.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	firefox.exe + (001e7f26)
URL visited	
User Comments	
Since Last Crash	348604 sec
Total Uptime	348604 sec
Trigger Reason	Access violation
Source File, Line No.	c:/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp, line 2314
Stack Trace 	
nsCanvasRenderingContext2D::CairoSurfaceFromElement  [mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp, line 2314]
nsCanvasRenderingContext2D::DrawImage  [mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp, line 1902]
XPTC_InvokeByIndex  [mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2169]
XPC_WN_CallMethod  [mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1455]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1379]
js_Interpret  [mozilla/js/src/jsinterp.c, line 3950]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1398]
fun_apply  [mozilla/js/src/jsfun.c, line 1703]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1379]
js_Interpret  [mozilla/js/src/jsinterp.c, line 3950]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1398]
js_InternalInvoke  [mozilla/js/src/jsinterp.c, line 1473]
JS_CallFunctionValue  [mozilla/js/src/jsapi.c, line 4353]
nsJSContext::CallEventHandler  [mozilla/dom/src/base/nsJSEnvironment.cpp, line 1493]
nsJSEventListener::HandleEvent  [mozilla/dom/src/events/nsJSEventListener.cpp, line 195]
nsEventListenerManager::HandleEventSubType  [mozilla/content/events/src/nsEventListenerManager.cpp, line 1655]
nsEventListenerManager::HandleEvent  [mozilla/content/events/src/nsEventListenerManager.cpp, line 1762]
nsGenericElement::HandleDOMEvent  [mozilla/content/base/src/nsGenericElement.cpp, line 2234]
nsHTMLImageElement::HandleDOMEvent  [mozilla/content/html/content/src/nsHTMLImageElement.cpp, line 509]
nsImageLoadingContent::Event::Handle  [mozilla/content/base/src/nsImageLoadingContent.cpp, line 729]
PL_HandleEvent  [mozilla/xpcom/threads/plevent.c, line 689]
0x778b0c24
AppendDOMNode  [mozilla/content/base/src/nsCopySupport.cpp, line 500]
0x831a8916
0x3a06283b
Component: General → GFX: Thebes
Product: Firefox → Core
Summary: FF allocates huge portions of memory and then crashes → FF allocates huge portions of memory and then crashes [@ nsCanvasRenderingContext2D::CairoSurfaceFromElement]
Version: unspecified → 1.8 Branch
(Reporter)

Comment 2

10 years ago
I was visiting an intranet site using a Java applet (HP Open View NNM) in the first tab, in the second tab was GMail and in the third tab (active at the time of the crash) was the administrator page of a Joomla installation.

Installed Add-Ons (always the latest version):
- Adblock Plus
- FireFTP
- IE Tab
- myurlbar_a
- PDF Download
- Switch Proxy Tool
- Deutsches Wörterbuch
- Google Gears
Component: GFX: Thebes → Layout: Canvas
QA Contact: general → layout.canvas
Priority: -- → P2
Vlad, can you figure this bug out based on the stack trace?
Whiteboard: [needs stack evaluated for usefulness - canvas]
Hm, that code is old, but this sounds like a similar bug that we fixed; I think what was happening is that this spot:

http://mxr.mozilla.org/mozilla/source/content/canvas/src/nsCanvasRenderingContext2D.cpp#2276

wasn't being checked for cairo surface creation failure (check for CairoStatus).  Looks like we have the same code in 1.9.1:

http://hg.mozilla.org/releases/mozilla-1.9.1/file/d08f35b964dd/content/canvas/src/nsCanvasRenderingContext2D.cpp#l3288

A throwing operator new won't save us, because creating the object might succeed, but the underlying cairo surface creation will fail.  However, that's /supposed/ to return a cairo surface that's "in error", which should still be valid to use for rendering to (just everything you do to it results in an error).

Not sure if checking the surface status is the right fix or not, that's mainly a guess.

Comment 5

8 years ago
Manuel, is it as easy to reproduce crash in version 3.5 or 3.6?
(Reporter)

Comment 6

8 years ago
No, in 3.6 I cannot reproduce this error anymore. So from my point of view it might be fixex

Comment 7

8 years ago
WFM per reporter and no crashes found on crash-stats
Severity: normal → critical
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

7 years ago
Crash Signature: [@ nsCanvasRenderingContext2D::CairoSurfaceFromElement]
You need to log in before you can comment on or make changes to this bug.