Closed
Bug 511473
Opened 15 years ago
Closed 14 years ago
cairo crash when TileManager.js is broken
Categories
(Firefox for Android Graveyard :: General, defect)
Firefox for Android Graveyard
General
All
Windows Mobile 6 Professional
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: blassey, Unassigned)
Details
(Whiteboard: mothballed)
Attachments
(1 file, 1 obsolete file)
|
2.07 KB,
patch
|
Details | Diff | Splinter Review |
I have a typo in patch which causes us to crash on start up (reproduced 4 times, including after full rebuild). My concern is that something similar could be done from content although I haven't tried.
*Crash details*
Console output:
<snip>
painting:{
result is null from dispatch
[0, 0, 961, 558],
}
painting:{
Data Abort: Thread=8944a400 Proc=80458cd0 'fennec.exe'
AKY=08000001 PC=7abf3c88(xul.dll+0x00be3c88) RA=000000ef(???+0x000000ef) BVA=6692e000 FSR=00000807
First-chance exception at 0x7abf3c88 in fennec.exe: 0xC0000005: Access violation writing location 0x6692e000.
<crash>
Registers:
R0 = 0xffdedede R1 = 0x6692d5e0 R2 = 0x6692e4e4 R3 = 0x6692e000 R4 = 0x000003c1
R5 = 0x000003c4 R6 = 0x39bcbe04 R7 = 0x00000001 R8 = 0x00000000 R9 = 0x662dbe20
R10 = 0x39bcbe48 R11 = 0xffdedede R12 = 0x39bcbe10 Sp = 0x39bcbdcc Lr = 0x000000ee
Pc = 0x7abf3c88 Psr = 0x80000010
Stack:
> xul.dll!_moz_pixman_fill(unsigned int* bits = 0xffdedede, int stride = 1720899040, int bpp = 1720902884, int x = 1720901632, int y = 0, int width = 961, int height = 558, unsigned int xor = 4292796126) Line: 178, Byte Offsets: 0x68 C
xul.dll!_moz_pixman_image_fill_rectangles(pixman_op_t op = -2171170, pixman_image* dest = 0x6692d5e0, pixman_color* color = 0x6692e4e4, int n_rects = 1720901632, pixman_rectangle16* rects = 0x39bcbe48) Line: 719, Byte Offsets: 0x11c C
xul.dll!_cairo_image_surface_fill_rectangles(void* abstract_surface = 0xffdedede, _cairo_operator op = 1720899040, _cairo_color* color = 0x6692e4e4, _cairo_rectangle_int* rects = 0x6692e000, int num_rects = 1) Line: 1075, Byte Offsets: 0x164 C
xul.dll!_cairo_surface_fill_rectangles(_cairo_surface* surface = 0xffdedede, _cairo_operator op = 1720899040, _cairo_color* color = 0x6692e4e4, _cairo_rectangle_int* rects = 0x6692e000, int num_rects = 1) Line: 1745, Byte Offsets: 0xa0 C
xul.dll!_cairo_surface_fill_region(_cairo_surface* surface = 0xffdedede, _cairo_operator op = 1720899040, _cairo_color* color = 0x6692e4e4, _cairo_region* region = 0x6692e000) Line: 1700, Byte Offsets: 0xf4 C
xul.dll!_clip_and_composite_trapezoids(_cairo_pattern* src = 0xffdedede, _cairo_operator op = 1720899040, _cairo_surface* dst = 0x6692e4e4, _cairo_traps* traps = 0x6692e000, _cairo_clip* clip = 0x00000000, _cairo_antialias antialias = 0) Line: 612, Byte Offsets: 0x208 C
xul.dll!_cairo_surface_fallback_fill(_cairo_surface* surface = 0xffdedede, _cairo_operator op = 1720899040, _cairo_pattern* source = 0x6692e4e4, _cairo_path_fixed* path = 0x6692e000, _cairo_fill_rule fill_rule = 0, double tolerance = 0.10000000000000001, _cairo_antialias antialias = 0) Line: 990, Byte Offsets: 0x1c8 C
xul.dll!_cairo_surface_fill(_cairo_surface* surface = 0xffdedede, _cairo_operator op = 1720899040, _cairo_pattern* source = 0x6692e4e4, _cairo_path_fixed* path = 0x6692e000, _cairo_fill_rule fill_rule = 0, double tolerance = 0.10000000000000001, _cairo_antialias antialias = 0, _cairo_rectangle_int* extents = 0x00000000) Line: 2004, Byte Offsets: 0xf0 C
xul.dll!_cairo_gstate_fill(_cairo_gstate* gstate = 0xffdedede, _cairo_path_fixed* path = 0x6692d5e0) Line: 1078, Byte Offsets: 0xa4 C
xul.dll!_moz_cairo_fill_preserve(_cairo* cr = 0xffdedede) Line: 2203, Byte Offsets: 0x20 C
xul.dll!nsThebesRenderingContext::FillRect(nsRect& aRect = {...}) Line: 627, Byte Offsets: 0x184 C++
xul.dll!nsDisplaySolidColor::Paint(nsDisplayListBuilder* aBuilder = 0x6692d5e0, nsIRenderingContext* aCtx = 0x6692e4e4, nsRect& aDirtyRect = {...}) Line: 558, Byte Offsets: 0x84 C++
xul.dll!nsDisplayList::Paint(nsDisplayListBuilder* aBuilder = 0x6692d5e0, nsIRenderingContext* aCtx = 0x6692e4e4, nsRect& aDirtyRect = {...}) Line: 374, Byte Offsets: 0x3c C++
xul.dll!nsLayoutUtils::PaintFrame(nsIRenderingContext* aRenderingContext = 0xffdedede, nsIFrame* aFrame = 0x6692d5e0, nsRegion& aDirtyRegion = {...}, unsigned int aBackstop = 1720901632, unsigned int aFlags = 0) Line: 1133, Byte Offsets: 0x318 C++
xul.dll!PresShell::Paint(nsIView* aView = 0x6692d5e0, nsIRenderingContext* aRenderingContext = 0x6692e4e4, nsRegion& aDirtyRegion = {...}) Line: 5716, Byte Offsets: 0x7c C++
xul.dll!nsViewManager::RenderViews(nsView* aView = 0x6692d5e0, nsIRenderingContext& aRC = {...}, nsRegion& aRegion = {...}) Line: 535, Byte Offsets: 0x158 C++
xul.dll!nsViewManager::Refresh(nsView* aView = 0x6692d5e0, nsIRenderingContext* aContext = 0x6692e4e4, nsIRegion* aRegion = 0x6692e000, unsigned int aUpdateFlags = 1) Line: 495, Byte Offsets: 0x340 C++
xul.dll!nsViewManager::DispatchEvent(nsGUIEvent* aEvent = 0x6692d5e0, nsIView* aView = 0x6692e4e4, nsEventStatus* aStatus = 0x6692e000) Line: 996, Byte Offsets: 0x308 C++
xul.dll!HandleEvent(nsGUIEvent* aEvent = 0xffdedede) Line: 168, Byte Offsets: 0xc4 C++
xul.dll!nsWindow::DispatchEvent(nsGUIEvent* event = 0x6692d5e0, nsEventStatus& aStatus = 0) Line: 2832, Byte Offsets: 0x48 C++
xul.dll!nsWindow::DispatchWindowEvent(nsGUIEvent* event = 0x6692d5e0, nsEventStatus& aStatus = 0) Line: 2866, Byte Offsets: 0x14 C++
xul.dll!nsWindow::PaintRect(tagRECT rcPaint = {...}, nsPaintEvent* event = 0x6692d5e0) Line: 888, Byte Offsets: 0x1fc C++
xul.dll!nsWindow::OnPaintImageDDraw16(void) Line: 1048, Byte Offsets: 0x3b8 C++
xul.dll!nsWindow::OnPaint(HDC__* aDC = 0x6692d5e0) Line: 645, Byte Offsets: 0x2c C++
xul.dll!nsWindow::ProcessMessage(unsigned int msg = 1720899040, unsigned int& wParam = 0, long int& lParam = 0, long int* aRetValue = 0x39bcdbd8) Line: 3745, Byte Offsets: 0x2e8 C++
xul.dll!nsWindow::WindowProc(HWND__* hWnd = 0xffdedede, unsigned int msg = 1720899040, unsigned int wParam = 1720902884, long int lParam = 1720901632) Line: 3448, Byte Offsets: 0x150 C++
0xf000fffc
If that backtrace's arguments are to be believed, all sorts of things are bogus (the cairo operator, the stride, etc). But this is coming in from windowproc, so anything JS-related would have had to scribble memory or something...
|
Reporter | |
Comment 2•15 years ago
|
||
(In reply to comment #1) > If that backtrace's arguments are to be believed, all sorts of things are bogus > (the cairo operator, the stride, etc). But this is coming in from windowproc, > so anything JS-related would have had to scribble memory or something... this is an optimized build so very typically the arguments in the back trace are garbage anyway
|
|
Reporter | |
Comment 3•15 years ago
|
||
sorry, attached the patch without the typo
Attachment #395360 -
Attachment is obsolete: true
Can you build debug and get a real stack?
|
||
Comment 5•15 years ago
|
||
This is the line with the missing paren:
+ dump("rederTile: "+t2-t1)+"\nappendTileSave: "+(t3-t2)+"\nholdTile: "+(t4-t3) +"\n");|
|
Reporter | |
Comment 6•15 years ago
|
||
(In reply to comment #5) > This is the line with the missing paren: > > + dump("rederTile: "+t2-t1)+"\nappendTileSave: "+(t3-t2)+"\nholdTile: > "+(t4-t3) +"\n"); yes
|
|
Reporter | |
Comment 7•15 years ago
|
||
here's a stack from a debug build:
> xul.dll!pixman_fill32(unsigned int* bits = 0x66f2d5e0, int stride = 964, int x = 0, int y = 0, int width = 961, int height = 239, unsigned int xor = 4292796126) Line: 133, Byte Offsets: 0x98 C
xul.dll!_moz_pixman_fill(unsigned int* bits = 0x66e02000, int stride = 964, int bpp = 32, int x = 0, int y = 0, int width = 961, int height = 558, unsigned int xor = 4292796126) Line: 179, Byte Offsets: 0xcc C
xul.dll!_moz_pixman_image_fill_rectangles(pixman_op_t op = 1, pixman_image* dest = 0x63c7abe0, pixman_color* color = 0x3bbc9944, int n_rects = 1, pixman_rectangle16* rects = 0x3bbc9138) Line: 720, Byte Offsets: 0x248 C
xul.dll!_cairo_image_surface_fill_rectangles(void* abstract_surface = 0x63ca6ad0, _cairo_operator op = 2, _cairo_color* color = 0x63cfe638, _cairo_rectangle_int* rects = 0x3bbc99e0, int num_rects = 1) Line: 1075, Byte Offsets: 0x27c C
xul.dll!_cairo_surface_fill_rectangles(_cairo_surface* surface = 0x63ca6ad0, _cairo_operator op = 2, _cairo_color* color = 0x63cfe638, _cairo_rectangle_int* rects = 0x3bbc99e0, int num_rects = 1) Line: 1744, Byte Offsets: 0x108 C
xul.dll!_cairo_surface_fill_region(_cairo_surface* surface = 0x63ca6ad0, _cairo_operator op = 2, _cairo_color* color = 0x63cfe638, _cairo_region* region = 0x63d2dea0) Line: 1698, Byte Offsets: 0x1b8 C
xul.dll!_clip_and_composite_trapezoids(_cairo_pattern* src = 0x63cfe5e0, _cairo_operator op = 2, _cairo_surface* dst = 0x63ca6ad0, _cairo_traps* traps = 0x3bbca330, _cairo_clip* clip = 0x00000000, _cairo_antialias antialias = 0) Line: 612, Byte Offsets: 0x364 C
xul.dll!_cairo_surface_fallback_fill(_cairo_surface* surface = 0x63ca6ad0, _cairo_operator op = 2, _cairo_pattern* source = 0x63cfe5e0, _cairo_path_fixed* path = 0x66349ae4, _cairo_fill_rule fill_rule = 0, double tolerance = 0.10000000000000001, _cairo_antialias antialias = 0) Line: 990, Byte Offsets: 0x2c4 C
xul.dll!_cairo_surface_fill(_cairo_surface* surface = 0x63ca6ad0, _cairo_operator op = 2, _cairo_pattern* source = 0x63cfe5e0, _cairo_path_fixed* path = 0x66349ae4, _cairo_fill_rule fill_rule = 0, double tolerance = 0.10000000000000001, _cairo_antialias antialias = 0, _cairo_rectangle_int* extents = 0x00000000) Line: 2004, Byte Offsets: 0x174 C
xul.dll!_cairo_gstate_fill(_cairo_gstate* gstate = 0x66c067c0, _cairo_path_fixed* path = 0x66349ae4) Line: 1076, Byte Offsets: 0x128 C
xul.dll!_moz_cairo_fill_preserve(_cairo* cr = 0x66349800) Line: 2203, Byte Offsets: 0x40 C
xul.dll!gfxContext::Fill(void) Line: 148, Byte Offsets: 0x1c C++
xul.dll!nsThebesRenderingContext::FillRect(nsRect& aRect = {...}) Line: 629, Byte Offsets: 0x4ac C++
xul.dll!nsDisplaySolidColor::Paint(nsDisplayListBuilder* aBuilder = 0x3bbca958, nsIRenderingContext* aCtx = 0x63c56500, nsRect& aDirtyRect = {...}) Line: 558, Byte Offsets: 0xac C++
xul.dll!nsDisplayList::Paint(nsDisplayListBuilder* aBuilder = 0x3bbca958, nsIRenderingContext* aCtx = 0x63c56500, nsRect& aDirtyRect = {...}) Line: 375, Byte Offsets: 0x70 C++
xul.dll!nsLayoutUtils::PaintFrame(nsIRenderingContext* aRenderingContext = 0x63c56500, nsIFrame* aFrame = 0x66b3d618, nsRegion& aDirtyRegion = {...}, unsigned int aBackstop = 4294967295, unsigned int aFlags = 0) Line: 1133, Byte Offsets: 0x4cc C++
xul.dll!PresShell::Paint(nsIView* aView = 0x662c2640, nsIRenderingContext* aRenderingContext = 0x63c56500, nsRegion& aDirtyRegion = {...}) Line: 5711, Byte Offsets: 0xf0 C++
xul.dll!nsViewManager::RenderViews(nsView* aView = 0x662c2640, nsIRenderingContext& aRC = {...}, nsRegion& aRegion = {...}) Line: 535, Byte Offsets: 0x148 C++
xul.dll!nsViewManager::Refresh(nsView* aView = 0x662c2640, nsIRenderingContext* aContext = 0x63c56500, nsIRegion* aRegion = 0x662d9600, unsigned int aUpdateFlags = 1) Line: 495, Byte Offsets: 0x490 C++
xul.dll!nsViewManager::DispatchEvent(nsGUIEvent* aEvent = 0x3bbcb3c0, nsIView* aView = 0x662c2640, nsEventStatus* aStatus = 0x3bbcb150) Line: 996, Byte Offsets: 0x6b8 C++
xul.dll!HandleEvent(nsGUIEvent* aEvent = 0x3bbcb3c0) Line: 168, Byte Offsets: 0xa0 C++
xul.dll!nsWindow::DispatchEvent(nsGUIEvent* event = 0x3bbcb3c0, nsEventStatus& aStatus = 0) Line: 2832, Byte Offsets: 0x80 C++
xul.dll!nsWindow::DispatchWindowEvent(nsGUIEvent* event = 0x3bbcb3c0, nsEventStatus& aStatus = 0) Line: 2866, Byte Offsets: 0x34 C++
xul.dll!nsWindow::PaintRect(tagRECT rcPaint = {...}, nsPaintEvent* event = 0x3bbcb3c0) Line: 887, Byte Offsets: 0x41c C++
xul.dll!nsWindow::OnPaintImageDDraw16(void) Line: 1048, Byte Offsets: 0x584 C++
xul.dll!nsWindow::OnPaint(HDC__* aDC = 0x00000000) Line: 259, Byte Offsets: 0x30 C++
xul.dll!nsWindow::ProcessMessage(unsigned int msg = 15, unsigned int& wParam = 0, long int& lParam = 0, long int* aRetValue = 0x3bbcbdd4) Line: 3745, Byte Offsets: 0x9bc C++
xul.dll!nsWindow::WindowProc(HWND__* hWnd = 0x7c0969a0, unsigned int msg = 15, unsigned int wParam = 0, long int lParam = 0) Line: 3448, Byte Offsets: 0x1b0 C++
0xf000fffc
and registers:
R0 = 0x66e02000 R1 = 0x00000288 R2 = 0x66f2e000 R3 = 0xffdedede R4 = 0x7b561c5c
R5 = 0x00000000 R6 = 0x00000000 R7 = 0x00000000 R8 = 0x7c0969a0 R9 = 0x00000000
R10 = 0x00000000 R11 = 0x3bbcbe74 R12 = 0x3bbc902c Sp = 0x3bbc9010 Lr = 0x7b5ef470
Pc = 0x7b5ef708 Psr = 0x80000010
and console output:
Data Abort: Thread=897f9400 Proc=80458dc0 'fennec.exe'
AKY=10000001 PC=7b5ef708(xul.dll+0x015df708) RA=7b5ef470(xul.dll+0x015df470) BVA=66f2e000 FSR=00000807
First-chance exception at 0x7b5ef708 in fennec.exe: 0xC0000005: Access violation writing location 0x66f2e000.
|
||
Comment 8•15 years ago
|
||
I don't see any JS being involved here. This looks like cairo insanity.
For sanity's sake, can you try replacing the entire tileManager.js file with something that causes a parse error, like a single "}" or something?
|
|
||
Updated•15 years ago
|
Assignee: general → nobody
Component: JavaScript Engine → Windows Mobile
Product: Core → Fennec
QA Contact: general → mobile-windows
|
|
||
Updated•14 years ago
|
Summary: crash with missing paren in TileManager.js → cairo crash when TileManager.js is broken
|
|
||
Updated•14 years ago
|
Group: core-security
|
||
Comment 10•14 years ago
|
||
This year we mothballed windows mobile development. See: http://blog.pavlov.net/2010/03/22/stopping-development-for-windows-mobile/ Marking bugs in the windows mobile / windows ce bucket as WONTFIX.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Whiteboard: mothballed
|
|
||
Updated•14 years ago
|
Component: Windows Mobile → General
QA Contact: mobile-windows → general
Hardware: ARM → All
You need to log in
before you can comment on or make changes to this bug.
Description
•