Closed
Bug 525990
Opened 15 years ago
Closed 14 years ago
Null deref crash in [@ _moz_cairo_surface_flush - gfxASurface::Flush - nsGLPbufferCGL::ThebesSurface]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
INVALID
Tracking | Status | |
---|---|---|
status1.9.2 | --- | unaffected |
status1.9.1 | --- | unaffected |
People
(Reporter: halb.halb, Unassigned)
Details
(Keywords: crash, testcase, Whiteboard: [sg:dos null-deref])
Crash Data
Attachments
(1 file)
7.96 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a1pre) Gecko/20091101 Minefield/3.7a1pre Null dereference crash in WebGL stuff, affects 3.7 and not 3.5. Related to canvas with large width. Reproducible: Always Steps to Reproduce: Use recent Firefox 3.7 (this doesn't affect 3.5). Set webgl.enabled_for_all_sites = true in about:config Open attached html file Actual Results: Crash. Process: firefox-bin [47053] Path: /Volumes/data_apps/obj-x86_64-apple-darwin10.0.0/dist/MinefieldDebug.app/Contents/MacOS/firefox-bin Identifier: org.mozilla.firefox Version: 3.7a1pre (3.7a1pre) Code Type: X86-64 (Native) Parent Process: launchd [200] Date/Time: 2009-11-02 13:06:50.235 -0800 OS Version: Mac OS X 10.6.1 (10B504) Report Version: 6 Interval Since Last Report: 1886 sec Crashes Since Last Report: 2 Per-App Interval Since Last Report: 610 sec Per-App Crashes Since Last Report: 2 Anonymous UUID: 3D956540-F69B-4457-B4A4-761A72189954 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000014 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 libthebes.dylib 0x000000011506b328 _moz_cairo_surface_flush + 16 1 libthebes.dylib 0x00000001150029b1 gfxASurface::Flush() + 25 (gfxASurface.cpp:262) 2 libgklayout.dylib 0x0000000115630c8e nsGLPbufferCGL::ThebesSurface() + 418 (nsGLPbufferCGL.cpp:246) 3 libgklayout.dylib 0x000000011561da20 mozilla::WebGLContext::Render(gfxContext*, gfxPattern::GraphicsFilter) + 168 (WebGLContext.cpp:253) 4 libgklayout.dylib 0x0000000115690b00 nsHTMLCanvasElement::RenderContexts(gfxContext*, gfxPattern::GraphicsFilter) + 86 (nsHTMLCanvasElement.cpp:488) 5 libgklayout.dylib 0x0000000115326e52 nsHTMLCanvasFrame::PaintCanvas(nsIRenderingContext&, nsRect const&, nsPoint) + 432 (nsHTMLCanvasFrame.cpp:257) 6 libgklayout.dylib 0x00000001153276c9 nsDisplayItemCanvas::Paint(nsDisplayListBuilder*, nsIRenderingContext*) + 75 (nsHTMLCanvasFrame.cpp:74) 7 libgklayout.dylib 0x0000000115265596 nsDisplayList::Paint(nsDisplayListBuilder*, nsIRenderingContext*) const + 112 (nsDisplayList.cpp:407) 8 libgklayout.dylib 0x00000001152655db nsDisplayWrapList::Paint(nsDisplayListBuilder*, nsIRenderingContext*) + 41 (nsDisplayList.cpp:925) 9 libgklayout.dylib 0x000000011526574c nsDisplayClip::Paint(nsDisplayListBuilder*, nsIRenderingContext*) + 90 (nsDisplayList.cpp:1121) 10 libgklayout.dylib 0x0000000115265596 nsDisplayList::Paint(nsDisplayListBuilder*, nsIRenderingContext*) const + 112 (nsDisplayList.cpp:407) ...
Looks like the same bug/cause as bug 525984.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
I don't think this is a duplicate. It still crashes with a patch in place for 525984.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Ah. mQuartzSurface needs nsnull treatment, and needs error checking to make sure it's valid when ThebesSurface() is called.
Keywords: crash
Summary: Null deref crash in _moz_cairo_surface_flush / nsGLPbufferCGL::ThebesSurface() → Null deref crash in [@ _moz_cairo_surface_flush - gfxASurface::Flush - nsGLPbufferCGL::ThebesSurface]
Comment 5•15 years ago
|
||
nsGLPbufferCGL::ThebesSurface() exists on the 1.9.2 branch but not WebGLContext. Is there some way other than WebGL to get to the buggy code, or was that NPOTB on 1.9.2? Definitely not in FF 3.5 (1.9.1-branch).
Status: UNCONFIRMED → NEW
status1.9.1:
--- → unaffected
Ever confirmed: true
Keywords: testcase
Whiteboard: [sg:dos null-deref]
NPOTB in 1.9.2.
Updated•15 years ago
|
status1.9.2:
--- → unaffected
Component: Canvas: 2D → Canvas: WebGL
nsGLPbufferCGL is gone
Status: NEW → RESOLVED
Closed: 15 years ago → 14 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ _moz_cairo_surface_flush - gfxASurface::Flush - nsGLPbufferCGL::ThebesSurface]
You need to log in
before you can comment on or make changes to this bug.
Description
•