Closed
Bug 546745
Opened 15 years ago
Closed 15 years ago
topcrash [@ nsDisplayText::Paint(nsDisplayListBuilder*, nsIRenderingContext*)]
Categories
(Core :: Layout: Text and Fonts, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a2
Tracking | Status | |
---|---|---|
status2.0 | --- | ? |
People
(Reporter: dbaron, Assigned: jtd)
References
Details
(Keywords: crash, topcrash)
Crash Data
There are top crashes in nsDisplayText::Paint(nsDisplayListBuilder*, nsIRenderingContext*) that look like a regression from the OOPP landing: http://crash-stats.mozilla.com/report/list?product=Firefox&branch=1.9.3&platform=windows&query_search=signature&query_type=exact&query=&date=&range_value=31&range_unit=days&process_type=all&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&signature=nsDisplayText%3A%3APaint%28nsDisplayListBuilder*%2C%20nsIRenderingContext*%29 The top URLs for this crash for 3.7a2pre builds observed on Feb 10-16, with query strings removed, are: 91 http://love.mail.ru/my/messages.phtml 48 http://love.mail.ru/my/message.phtml 39 http://smotri.com/broadcast/view/ 22 19 http://love.mail.ru/search.phtml 13 http://love.mail.ru/ 9 http://mamba.ru/my/messages.phtml 9 http://love.mail.ru/photo/ 8 http://www.finasta.ru/doc/bowse.php 8 http://video.qip.ru/broadcast/view/ 8 http://smotri.com/live/guvravi/ 7 http://love.rambler.ru/search.phtml 6 http://www.photo-wave.ru/user/edit/mode.avatar.html 5 javascript:false; 5 http://vkontakte.ru/mail.php 5 http://mamba.ru/my/message.phtml 5 http://love.rambler.ru/my/message.phtml
Comment 1•15 years ago
|
||
The crash occurs at http://hg.mozilla.org/mozilla-central/annotate/ed7d1a491a8e/layout/generic/nsTextFrameThebes.cpp#l3895 The crash address is very consistent: 0xfffffffff0de8017 The only consistency between the sites so far are that they have cyrillic characters.
Reporter | ||
Comment 2•15 years ago
|
||
(In reply to comment #1) > The crash address is very consistent: 0xfffffffff0de8017 The frame poison pattern is probably 0xf0de8000, so that's memory released to the frame arena. I suppose this could be a regression some other change in the regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=bcd9709de08a&tochange=6712bed154ed plus a baseline of some other bug at lower frequency.
Reporter | ||
Comment 3•15 years ago
|
||
I seem to recall ВКонтакте (VKontakte) having some sort of plugin. Could it be related to that?
Comment 4•15 years ago
|
||
jfkthame says this may be related to bug 533251, we should check the crash stats again when this lands
Depends on: 533251
Reporter | ||
Comment 5•15 years ago
|
||
(In reply to comment #3) > I seem to recall ВКонтакте (VKontakte) having some sort of plugin. Could it be > related to that? ... we even blocklisted some versions of it (bug 540692).
Reporter | ||
Comment 6•15 years ago
|
||
This went from 22 crashes in Feb. 22 builds and 24 crashes in Feb. 23 builds to none in today's (Feb. 24) builds yet, so it pretty clearly was fixed by bug 533251. I'm guessing it being a topcrash was a regression from bug 541924.
Assignee: nobody → jdaggett
Status: NEW → RESOLVED
Closed: 15 years ago
Component: Plug-ins → Layout: Text
Priority: -- → P1
QA Contact: plugins → layout.fonts-and-text
Resolution: --- → FIXED
Summary: [OOPP] topcrash [@ nsDisplayText::Paint(nsDisplayListBuilder*, nsIRenderingContext*)] → topcrash [@ nsDisplayText::Paint(nsDisplayListBuilder*, nsIRenderingContext*)]
Target Milestone: --- → mozilla1.9.3a2
Comment 7•14 years ago
|
||
This signature is showing up again on 3.6.x, and even higher rate on 4.0betas when you consider the size of the user population. guessing this is a new and different problem with the same signature. more details over in bug 593511
Updated•14 years ago
|
Crash Signature: [@ nsDisplayText::Paint(nsDisplayListBuilder*, nsIRenderingContext*)]
You need to log in
before you can comment on or make changes to this bug.
Description
•