Closed
Bug 613000
Opened 14 years ago
Closed 14 years ago
Fennec OpenGL layer crashes [@ShadowBufferOGL::Upload] [@ gfxContext::SetOperator ] in WebM video playback and in WebGL.
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
fennec | 2.0b4+ | --- |
People
(Reporter: bjacob, Assigned: cjones)
References
Details
Attachments
(1 file)
2.24 KB,
patch
|
jrmuizel
:
review+
|
Details | Diff | Splinter Review |
Fennec crashes with the following backtrace when playing WebM videos on youtube/html5, and also on simple WebGL pages (spidergl.org demos). #0 0x000000322d2a6a4d in nanosleep () at ../sysdeps/unix/syscall-template.S:82 #1 0x000000322d2a68c0 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138 #2 0x00007f9c016c39fc in ah_crap_handler (signum=11) at /home/bjacob/mozilla-central/toolkit/xre/nsSigHandlers.cpp:132 #3 0x00007f9c016c822e in nsProfileLock::FatalSignalHandler (signo=11, info=0x7ffff4567ab0, context=0x7ffff4567980) at nsProfileLock.cpp:226 #4 <signal handler called> #5 0x00007f9c02e71c05 in gfxContext::SetOperator (this=0x0, op=gfxContext::OPERATOR_SOURCE) at /home/bjacob/mozilla-central/gfx/thebes/gfxContext.cpp:554 #6 0x00007f9c02ee58ab in mozilla::layers::ShadowBufferOGL::Upload (this=0x351a2e0, aUpdate= 0x2bc4fe0, aUpdated=..., aRect=..., aRotation=...) at /home/bjacob/mozilla-central/gfx/layers/opengl/ThebesLayerOGL.cpp:628 #7 0x00007f9c02ee5d62 in mozilla::layers::ShadowThebesLayerOGL::Swap (this=0x2b73e50, aNewFront=..., aUpdatedRegion=..., aNewBack=0x7ffff4568070, aNewBackValidRegion= 0x7ffff4568030, aNewXResolution=0x7ffff45680cc, aNewYResolution=0x7ffff45680c8, aReadOnlyFront=0x7ffff4567ff0, aFrontUpdatedRegion=0x7ffff4567fb0) at /home/bjacob/mozilla-central/gfx/layers/opengl/ThebesLayerOGL.cpp:681 #8 0x00007f9c02eeed3c in mozilla::layers::ShadowLayersParent::RecvUpdate (this=0x34d1cd0, cset= ..., reply=0x7ffff4568890) at /home/bjacob/mozilla-central/gfx/layers/ipc/ShadowLayersParent.cpp:383 #9 0x00007f9c02bcae84 in mozilla::layers::PLayersParent::OnMessageReceived (this=0x34d1cd0, __msg=..., __reply=@0x7ffff4568b78) at PLayersParent.cpp:221 #10 0x00007f9c02bbd8b3 in mozilla::dom::PContentParent::OnMessageReceived (this=0x2e76640, __msg=..., __reply=@0x7ffff4568b78) at PContentParent.cpp:974 #11 0x00007f9c02b7d963 in mozilla::ipc::SyncChannel::OnDispatchMessage (this=0x2e76650, msg=...) at /home/bjacob/mozilla-central/ipc/glue/SyncChannel.cpp:169 #12 0x00007f9c02b7465b in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x2e76650) at /home/bjacob/mozilla-central/ipc/glue/RPCChannel.cpp:436 #13 0x00007f9c02b7a5c6 in void DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()>(mozilla::ipc::RPCChannel*, bool (mozilla::ipc::RPCChannel::*)(), Tuple0 const&) () from /home/bjacob/build/firefoxmobile/dist/bin/libxul.so ---Type <return> to continue, or q <return> to quit--- #14 0x00007f9c02b7a516 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run() () from /home/bjacob/build/firefoxmobile/dist/bin/libxul.so #15 0x00007f9c02b75fe9 in mozilla::ipc::RPCChannel::RefCountedTask::Run() () from /home/bjacob/build/firefoxmobile/dist/bin/libxul.so #16 0x00007f9c02b760ec in mozilla::ipc::RPCChannel::DequeueTask::Run() () from /home/bjacob/build/firefoxmobile/dist/bin/libxul.so #17 0x00007f9c02dec288 in MessageLoop::RunTask (this=0x1cdacf0, task=0x7f9bf401b620) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:343 #18 0x00007f9c02dec2f8 in MessageLoop::DeferOrRunPendingTask (this=0x1cdacf0, pending_task=...) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:351 #19 0x00007f9c02dec6dc in MessageLoop::DoWork (this=0x1cdacf0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:451 #20 0x00007f9c02b71e7f in mozilla::ipc::DoWorkRunnable::Run (this=0x1cdb340) at /home/bjacob/mozilla-central/ipc/glue/MessagePump.cpp:70 #21 0x00007f9c02d85499 in nsThread::ProcessNextEvent (this=0x1cecd30, mayWait=1, result= 0x7ffff4568e8c) at /home/bjacob/mozilla-central/xpcom/threads/nsThread.cpp:610 #22 0x00007f9c02d11348 in NS_ProcessNextEvent_P (thread=0x1cecd30, mayWait=1) at nsThreadUtils.cpp:250 #23 0x00007f9c02b72229 in mozilla::ipc::MessagePump::Run (this=0x1cdaf60, aDelegate=0x1cdacf0) at /home/bjacob/mozilla-central/ipc/glue/MessagePump.cpp:134 #24 0x00007f9c02debd93 in MessageLoop::RunInternal (this=0x1cdacf0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:219 #25 0x00007f9c02debd18 in MessageLoop::RunHandler (this=0x1cdacf0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:202 #26 0x00007f9c02debca9 in MessageLoop::Run (this=0x1cdacf0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:176 #27 0x00007f9c02a121d3 in nsBaseAppShell::Run (this=0x1d00040) at /home/bjacob/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:181 #28 0x00007f9c02781a0d in nsAppStartup::Run (this=0x1ff8210) at /home/bjacob/mozilla-central/toolkit/components/startup/src/nsAppStartup.cpp:191 #29 0x00007f9c016b56bb in XRE_main (argc=4, argv=0x7ffff4569ae8, aAppData=0x1c76cd0) ---Type <return> to continue, or q <return> to quit--- at /home/bjacob/mozilla-central/toolkit/xre/nsAppRunner.cpp:3682 #30 0x00000000004010ef in main (argc=4, argv=0x7ffff4569ae8) at /home/bjacob/mozilla-central/mobile/app/nsBrowserApp.cpp:155
Reporter | ||
Comment 1•14 years ago
|
||
This is crashing at ThebesLayerOGL.cpp:628: dest->SetOperator(gfxContext::OPERATOR_SOURCE); because dest is null. It was obtained just above at ThebesLayerOGL.cpp:626: nsRefPtr<gfxContext> dest = mTexImage->BeginUpdate(destRegion); the console output says "update outside of image" which means that BeginUpdate returned null here at GLContext.cpp:572: nsIntSize rgnSize = mUpdateRect.Size(); if (!nsIntRect(nsIntPoint(0, 0), mSize).Contains(mUpdateRect)) { NS_ERROR("update outside of image"); return NULL; } in this frame (in BeginUpdate), just before it returns NULL here, just before it crashes, let's print some local variables: (gdb) print mSize $3 = {width = 523, height = 4} (gdb) print mUpdateRect $4 = {x = 0, y = 0, width = 640, height = 4, static kMaxSizedIntRect = {x = 0, y = 0, width = 2147483647, height = 2147483647, static kMaxSizedIntRect = <same as static member of an already seen type>}} Thus, mUpdateRect is 640x4, does not fit in the 523x4 rect. Letting the the authors handle this as I don't want to hide a real bug by sweeping it under the carpet...
Assignee | ||
Comment 2•14 years ago
|
||
Not resizing texture images properly might be leading to drawing glitches, if that's what's going on here.
Reporter | ||
Comment 3•14 years ago
|
||
By the way. Since this NS_ERROR here cause a pointer, which is going to be dereferenced, to be null, shouldn't it be a fatal error? i.e. replace NS_ERROR by NS_ABORT ? This sure would have made this bug easier to understand !
Updated•14 years ago
|
Blocks: opengl-mobile
Updated•14 years ago
|
Assignee: nobody → jones.chris.g
Updated•14 years ago
|
tracking-fennec: --- → ?
Updated•14 years ago
|
Summary: Fennec OpenGL layer crashes [@ShadowBufferOGL::Upload] in WebM video playback and in WebGL. → Fennec OpenGL layer crashes [@ShadowBufferOGL::Upload] [@ gfxContext::SetOperator ] in WebM video playback and in WebGL.
Comment 4•14 years ago
|
||
I'm hitting this crash repeatedly when I try to view a crash report with layers.accelerate-all enabled.
Assignee | ||
Comment 5•14 years ago
|
||
I can reliably reproduce a crash that looks a lot like this, on desktop, with (1) Load http://double.co.nz/video_test/test2.html (2) Resize fennec's window smaller (3) Press the "Play" button on the page The crash happens almost instantly, and there's the "update out of range" assertion. Doesn't happen on resizing larger.
Assignee | ||
Comment 6•14 years ago
|
||
Comment in the patch describes the issue. (After I finished the patch, I got sense of deja vu. Did Matt already fix this somewhere else?)
Attachment #496618 -
Flags: review?(matt.woodrow+bugzilla)
Attachment #496618 -
Flags: review?(jmuizelaar)
Assignee | ||
Comment 7•14 years ago
|
||
This absolutely needs to block fennec beta4. This bug cause both crashes and bad rendering glitches.
Updated•14 years ago
|
tracking-fennec: ? → 2.0b4+
Comment 8•14 years ago
|
||
Comment on attachment 496618 [details] [diff] [review] Updates to thebes-layer textures must account for resolution This looks good to me.
Attachment #496618 -
Flags: review?(jmuizelaar) → review+
Assignee | ||
Comment 9•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/4df7a503fcb3
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 10•14 years ago
|
||
Kudos!
Updated•13 years ago
|
Attachment #496618 -
Flags: review?(matt.woodrow)
You need to log in
before you can comment on or make changes to this bug.
Description
•