Closed Bug 526976 Opened 16 years ago Closed 15 years ago

SIGFPE [@ _moz_cairo_format_stride_for_width] on BGR frame buffer

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
All
OpenSolaris
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ginnchen+exoracle, Assigned: ginnchen+exoracle)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files, 1 obsolete file)

stack
11.89 KB, text/plain
Details
use _cairo_image_surface_create_with_pixman_format
8.40 KB, patch
jrmuizel
: review+
Details | Diff | Splinter Review
Step: Try to browse some sites. Try to switch between Firefox and terminal. This bug is reproducible with DISPLAY on Sun Ray client, XVR-600, XVR-1200. xdpyinfo shows red, green, blue masks: 0xff, 0xff00, 0xff0000 It doesn't matter which machine Firefox is running on. You can use "ssh -X" to start Firefox from another Solaris machine. I think it's not reproducible with Linux, because gdb treats the following line differently. #define CAIRO_FORMAT_VALID(format) ((format) <= CAIRO_FORMAT_A1) For Sun Studio, if I change it to #define CAIRO_FORMAT_VALID(format) ((unsigned int)(format) <= CAIRO_FORMAT_A1) The crash is gone. This bug is not reproducible with Firefox 3.5.x or system cairo library (1.8.8). The CAIRO_FORMAT_VALID macro are same. So there must be another change triggered this bug. For current trunk, I didn't recreate the crash, but all the fonts are not readable with BGR fb, it must be another regression.
Filed Bug 526977 for the fonts issue on trunk.
The crash is also reproducible with mozilla-central.
Blocks: 484076
I didn't recreate this bug with pixman and cairo outside of firefox. Weird. I tried the rev in Bug 484076 comment #2 and HEAD.
Apparently the trigger is wrap-source_image.patch. I should notice that earlier. This bug is fixed if we fix CAIRO_FORMAT_VALID. But it looks like struct acquire_source_image_data *data is leaked if cairo_image_surface_create_for_data() or _cairo_user_date_array_set_data() fails. Jeff, am I right?
Attached file stack
Keywords: crash
The format passed to cairo_image_surface_create_for_data() should always be vaild. We need to figure out why it's not valid in this case.
image->pixman_format is PIXMAN_x8b8g8r8 There's no valid cairo_format for it. Perhaps we should use _cairo_image_surface_create_with_pixman_image() ? Although we don't expect these functions fail, we still need to free(data) before return.
Severity: normal → critical
Summary: SIGFPE [@_moz_cairo_format_stride_for_width] on BGR frame buffer → SIGFPE [@ _moz_cairo_format_stride_for_width] on BGR frame buffer
use _cairo_image_surface_create_for_pixman_image, free(data) on exceptions. Also changed some coding styles to match other cairo code.
Assignee: nobody → ginn.chen
Status: NEW → ASSIGNED
Attachment #416325 - Flags: review?(jmuizelaar)
Attachment #416325 - Flags: review?(jmuizelaar) → review+
http://hg.mozilla.org/mozilla-central/rev/cd3c2f16360c
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Backed out due to crashes on Mac and Windows http://hg.mozilla.org/mozilla-central/rev/63690d0994c3
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
_cairo_image_surface_create_with_pixman_format() is more close to cairo_image_surface_for_data(), and it bypasses pixman_format <-> cairo format. Try builds pass all tests on Mac OS X. There're a few yellow on Linux and Win, but I don't think it's related. Passes all tests on Solaris on my machine.
Attachment #416325 - Attachment is obsolete: true
Attachment #426192 - Flags: review?(jmuizelaar)
Attachment #426192 - Flags: review?(jmuizelaar) → review+
http://hg.mozilla.org/mozilla-central/rev/b81b287ca111
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Crash Signature: [@ _moz_cairo_format_stride_for_width]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: