Closed
Bug 439343
Opened 18 years ago
Closed 17 years ago
Crash [@ _moz_cairo_surface_set_device_offset ] with text-shadow, large text-indent, font-size and letter-spacing
Categories
(Core :: Graphics, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9.1a1
People
(Reporter: martijn.martijn, Assigned: ventnor.bugzilla)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(2 files, 2 obsolete files)
|
2.05 KB,
text/html
|
Details | |
|
620 bytes,
patch
|
Details | Diff | Splinter Review |
See testcase, which crashes current trunk build for me.
Without the use of text-shadow, it doesn't crash for me, so I guess this is a regression from bug 10713, somehow.
http://crash-stats.mozilla.com/report/index/5d51bf54-3b0a-11dd-8795-001cc45a2c28?p=1
0 xul.dll _moz_cairo_surface_set_device_offset cairo-surface.c:823
1 xul.dll gfxASurface::SetDeviceOffset gfxASurface.cpp:220
2 xul.dll nsContextBoxBlur::Init nsCSSRendering.cpp:4813
3 xul.dll nsTextFrame::PaintOneShadow nsTextFrameThebes.cpp:3995
4 xul.dll nsTextFrame::PaintText nsTextFrameThebes.cpp:4279
5 xul.dll nsDisplayText::Paint nsTextFrameThebes.cpp:3537
6 xul.dll nsDisplayList::Paint nsDisplayList.cpp:296
7 xul.dll nsDisplayClip::Paint nsDisplayList.cpp:880
8 xul.dll nsDisplayList::Paint nsDisplayList.cpp:296
9 xul.dll nsDisplayClip::Paint nsDisplayList.cpp:880
10 xul.dll nsDisplayList::Paint nsDisplayList.cpp:296
11 xul.dll nsLayoutUtils::PaintFrame nsLayoutUtils.cpp:988
12 xul.dll PresShell::Paint nsPresShell.cpp:5413
13 xul.dll nsViewManager::RenderViews nsViewManager.cpp:614
14 xul.dll nsViewManager::Refresh nsViewManager.cpp:502
15 xul.dll xul.dll@0x30975d
16 xul.dll HandleEvent nsView.cpp:168
17 xul.dll nsWindow::DispatchEvent nsWindow.cpp:985
18 xul.dll nsWindow::DispatchWindowEvent nsWindow.cpp:1010
19 xul.dll xul.dll@0x2fb0ec
20 xul.dll nsWindow::ProcessMessage nsWindow.cpp:4288
21 xul.dll nsWindow::WindowProc nsWindow.cpp:1200
22 user32.dll InternalCallWinProc
23 user32.dll UserCallWinProcCheckWow
24 user32.dll DispatchClientMessage
25 user32.dll __fnDWORD
26 ntdll.dll KiUserCallbackDispatcher
27 xul.dll nsCxPusher::Push
28 user32.dll DispatchMessageW
29 xul.dll nsAppShell::ProcessNextNativeEvent nsAppShell.cpp:148
| Assignee | ||
Comment 1•18 years ago
|
||
Looks like a Cairo bug. I'll try to see if there are any sore spots; vlad, could you also try to have a look?
| Assignee | ||
Comment 2•18 years ago
|
||
Got it. We're getting an invalid surface due to the ridiculous values, and simple GFX API's don't do safety checking obviously for perf reasons. Cairo was dereferencing a null pointer.
This fixes it by making it public whether the surface is valid or not.
Assignee: nobody → ventnor.bugzilla
Status: NEW → ASSIGNED
Attachment #325209 -
Flags: superreview?(roc)
Attachment #325209 -
Flags: review?(roc)
Comment on attachment 325209 [details] [diff] [review]
Patch
I'll let Vlad take this to make sure he's OK with the API.
Attachment #325209 -
Flags: superreview?(vladimir)
Attachment #325209 -
Flags: superreview?(roc)
Attachment #325209 -
Flags: review?(vladimir)
Attachment #325209 -
Flags: review?(roc)
Just use CairoStatus() that's already there -- see http://hg.mozilla.org/mozilla-central/index.cgi/file/5034371d2778/gfx/thebes/src/gfxASurface.cpp#l272 . Check mImageSurface->CairoStatus() != 0 to see if there's an error/invalid surface. Not ideal, but it's what's used in a few other places now.. we don't have anything good in place for dealing with errors there.
| Assignee | ||
Comment 5•18 years ago
|
||
Attachment #325209 -
Attachment is obsolete: true
Attachment #325225 -
Flags: superreview?(vladimir)
Attachment #325225 -
Flags: review?(vladimir)
Attachment #325209 -
Flags: superreview?(vladimir)
Attachment #325209 -
Flags: review?(vladimir)
Updated•18 years ago
|
Summary: Crash [@ _moz_cairo_surface_set_device_offset ] with text-shadow, large text-indent, font-size and letters-spacing → Crash [@ _moz_cairo_surface_set_device_offset ] with text-shadow, large text-indent, font-size and letter-spacing
| Assignee | ||
Comment 6•18 years ago
|
||
Comment on attachment 325225 [details] [diff] [review]
Patch 2
Throwing to roc since no API change is needed anymore.
Attachment #325225 -
Flags: superreview?(vladimir)
Attachment #325225 -
Flags: superreview?(roc)
Attachment #325225 -
Flags: review?(vladimir)
Attachment #325225 -
Flags: review?(roc)
Comment on attachment 325225 [details] [diff] [review]
Patch 2
+ if (!mImageSurface || mImageSurface->CairoStatus() != 0)
lose the "!= 0"
Attachment #325225 -
Flags: superreview?(roc)
Attachment #325225 -
Flags: superreview+
Attachment #325225 -
Flags: review?(roc)
Attachment #325225 -
Flags: review+
| Assignee | ||
Comment 8•18 years ago
|
||
Attachment #325225 -
Attachment is obsolete: true
| Assignee | ||
Updated•18 years ago
|
Keywords: checkin-needed
Comment 9•17 years ago
|
||
Pushed as changeset 15714:1b378971708e.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Flags: in-testsuite?
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1a1
| Reporter | ||
Comment 10•17 years ago
|
||
Well, the testcase doesn't crash anymore, but it is now massively slow with current trunk build and using a lot of memory.
| Reporter | ||
Comment 11•17 years ago
|
||
Anyway, no crash anymore, so this is fixed.
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1a1pre) Gecko/2008071504
Minefield/3.1a1pre
Status: RESOLVED → VERIFIED
Updated•15 years ago
|
Crash Signature: [@ _moz_cairo_surface_set_device_offset ]
Comment 12•13 years ago
|
||
Flags: in-testsuite? → in-testsuite+
Comment 13•13 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•