Closed Bug 530940 Opened 15 years ago Closed 15 years ago

New crash [@ imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)] in Firefox 3.6b3

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Version:
1.9.2 Branch
Platform:
All
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 523528

People

(Reporter: jst, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

There's a new crash in Firefox 3.6b3 with the signature "imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)" in Firefox 3.6b3 that hasn't been seen in any of the versions 3\.5.*.
Flags: blocking1.9.2?
Signature	imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)
UUID	e9ae2017-16b5-408c-b56a-5a0ed2091122
Time 	2009-11-22 21:11:01.552778
Uptime	4430
Last Crash	6511 seconds before submission
Product	Firefox
Version	3.6b3
Build ID	20091115182845
Branch	1.9.2
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	AuthenticAMD family 6 model 8 stepping 1
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0x4
User Comments	the webpage freezes and closes

OPEN        * 530940 NEW New crash [@imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)] in Firefox 3.6b3
FIXED        * 523528 RESOLVED Crashes at [@imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&) ]

Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	imgFrame::Draw 	modules/libpr0n/src/imgFrame.cpp:522
1 	xul.dll 	DrawImageInternal 	layout/base/nsLayoutUtils.cpp:2886
2 	xul.dll 	nsLayoutUtils::DrawSingleImage 	layout/base/nsLayoutUtils.cpp:2953
3 	xul.dll 	nsImageFrame::PaintImage 	layout/generic/nsImageFrame.cpp:1164
4 	xul.dll 	nsDisplayImage::Paint 	layout/generic/nsImageFrame.cpp:1149
5 	xul.dll 	nsDisplayList::Paint 	layout/base/nsDisplayList.cpp:405
6 	xul.dll 	nsDisplayClip::Paint 	layout/base/nsDisplayList.cpp:1132
7 	xul.dll 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1132
8 	xul.dll 	PresShell::Paint 	layout/base/nsPresShell.cpp:5802
9 	xul.dll 	nsViewManager::RenderViews 	view/src/nsViewManager.cpp:534
10 	xul.dll 	nsViewManager::Refresh 	view/src/nsViewManager.cpp:493
11 	xul.dll 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:1006
12 	xul.dll 	HandleEvent 	view/src/nsView.cpp:167
13 	xul.dll 	nsWindow::DispatchEvent 	widget/src/windows/nsWindow.cpp:2885
14 	xul.dll 	nsWindow::DispatchWindowEvent 	widget/src/windows/nsWindow.cpp:2918
15 	xul.dll 	nsWindow::OnPaint 	widget/src/windows/nsWindowGfx.cpp:510
16 	xul.dll 	nsWindow::ProcessMessage 	widget/src/windows/nsWindow.cpp:3801
17 	xul.dll 	nsWindow::WindowProc 	widget/src/windows/nsWindow.cpp:3501
18 	user32.dll 	InternalCallWinProc 	
19 	user32.dll 	UserCallWinProcCheckWow 	
20 	user32.dll 	DispatchClientMessage 	
21 	user32.dll 	__fnDWORD 	
22 	ntdll.dll 	KiUserCallbackDispatcher 	
23 	xul.dll 	xul.dll@0x176f2f 	
24 	xul.dll 	nsWindow::Update 	widget/src/windows/nsWindow.cpp:2124
25 	firefox.exe 	firefox.exe@0x3010b 	
26 	xul.dll 	nsViewManager::ForceUpdate 	view/src/nsViewManager.cpp:1864
27 	xul.dll 	nsViewManager::Composite 	view/src/nsViewManager.cpp:588
28 	xul.dll 	nsViewManager::UpdateViewAfterScroll 	view/src/nsViewManager.cpp:691
29 	xul.dll 	nsScrollPortView::Scroll 	view/src/nsScrollPortView.cpp:717
30 	xul.dll 	xul.dll@0x3a313c 	
31 	xul.dll 	nsScrollPortView::IncrementalScroll 	view/src/nsScrollPortView.cpp:857
32 	xul.dll 	nsScrollPortView::AsyncScrollCallback 	view/src/nsScrollPortView.cpp:833
33 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:427
34 	nspr4.dll 	_PR_MD_UNLOCK 	nsprpub/pr/src/md/windows/w95cv.c:344
35 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:519
36 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:527
37 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:170
38 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:182
39 	nspr4.dll 	PR_GetEnv 	
40 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:120
41 	firefox.exe 	__tmainCRTStartup 	obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591
42 	kernel32.dll 	BaseProcessStart 	

joe@30479
522 nsRefPtr<gfxPattern> pattern = new gfxPattern(surface);
joe@30479
523 pattern->SetMatrix(userSpaceToImageSpace); 

I'd like an oom check after 522, but normally one would assume since the debugger claims we're on 522 that we're on 522 or earlier, not at 523. the blob immediately before new is an os x only blob which i'd hope FPO would optimize away. the condition before that involves Wrap() which would crash or return a valid wrapper of a cairo object, cairo promises to always return an object (either a useful one or a static error object), and aContext is dereferenced too early. But the crash is a relatively simple offset from null.
Keywords: crash
Summary: New crash [@imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)] in Firefox 3.6b3 → New crash [@ imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)] in Firefox 3.6b3
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Flags: blocking1.9.2?
Crash Signature: [@ imgFrame::Draw(gfxContext*, gfxPattern::GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntMargin const&, nsIntRect const&)]
You need to log in before you can comment on or make changes to this bug.