Closed
Bug 639168
Opened 14 years ago
Closed 14 years ago
Fennec 4.0b5 crash [@ gfxContext::gfxContext]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: jdm, Assigned: roc)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
1.06 KB,
patch
|
tnikkel
:
review+
jpr
:
approval-mozilla-aurora+
jpr
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-c9f10352-4dcb-4049-9783-c60b52110223 .
=============================================================
Looks like the line
64 mCairo = cairo_create(surface->CairoSurface());
is crashing, since surface is presumably null (crash address of 0x4 on every reported crash). ThebesLayerBuffer::GetContextForQuadrantUpdate seems to pass mBuffer to |new gfxContext| unconditionally, when it can potentially be null.
0 libxul.so gfxContext::gfxContext gfx/thebes/gfxContext.cpp:64
1 libxul.so mozilla::layers::ThebesLayerBuffer::GetContextForQuadrantUpdate nsAutoPtr.h:992
2 libxul.so mozilla::layers::ThebesLayerBuffer::BeginPaint nsAutoPtr.h:954
3 libxul.so mozilla::layers::BasicThebesLayer::Paint nsRegion.h:385
4 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1431
5 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1436
6 libxul.so mozilla::layers::BasicLayerManager::EndTransactionInternal gfx/layers/basic/BasicLayers.cpp:1308
7 libxul.so mozilla::layers::BasicLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:1256
8 libxul.so mozilla::layers::BasicShadowLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:2699
9 libxul.so nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:541
10 libxul.so nsDisplayList::PaintRoot layout/base/nsDisplayList.cpp:460
11 libxul.so nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1570
12 libxul.so PresShell::Paint layout/base/nsPresShell.cpp:6190
13 libxul.so nsViewManager::RenderViews view/src/nsViewManager.cpp:459
14 libxul.so nsViewManager::Refresh view/src/nsViewManager.h:250
15 libxul.so nsViewManager::DispatchEvent nsCOMPtr.h:492
16 libxul.so HandleEvent nsCOMPtr.h:492
17 libxul.so mozilla::widget::PuppetWidget::DispatchEvent widget/src/xpwidgets/PuppetWidget.cpp:308
18 libxul.so mozilla::widget::PuppetWidget::DispatchPaintEvent widget/src/xpwidgets/PuppetWidget.cpp:514
19 libxul.so mozilla::widget::PuppetWidget::PaintTask::Run widget/src/xpwidgets/PuppetWidget.cpp:556
20 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633
21 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250
22 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111
23 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230
24 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220
25 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512
26 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:198
27 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:678
28 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222
29 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:220
30 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:512
31 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:519
32 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:778
33 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69
34 libc.so libc.so@0xd67a
More crashes at https://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&date=2011-03-05%2005%3A00%3A00&signature=gfxContext%3A%3AgfxContext&version=Fennec%3A4.0b5
|
Reporter | |
Updated•14 years ago
|
Component: General → Graphics
Product: Fennec → Core
QA Contact: general → thebes
|
||
Comment 1•14 years ago
|
||
It is #15 top crasher in 4.0.
|
|
||
Updated•14 years ago
|
|
||
Comment 2•14 years ago
|
||
maybe just a OOM, but mBuffer is being tested before use in other places in this file. Maybe it is comment that mBuffer is nulled out (like in Clear()).
|
Assignee | |
Comment 3•14 years ago
|
||
This might help. BufferSizeOkFor might return true even if the buffer dimensions are 0,0 after being cleared, if the needed region is empty.
With this patch, I can't see that we'd get to GetContextForQuadrantUpdate with a null mBuffer.
Assignee: nobody → roc
Attachment #534989 -
Flags: review?(tnikkel)
|
|
Assignee | |
Comment 4•14 years ago
|
||
Attachment #534989 -
Attachment is obsolete: true
Attachment #534989 -
Flags: review?(tnikkel)
|
|
Assignee | |
Updated•14 years ago
|
Attachment #534990 -
Flags: review?(tnikkel)
|
||
Comment 5•14 years ago
|
||
Comment on attachment 534990 [details] [diff] [review]
actual patch
Seems fine, although I'm not very familiar with this code.
Attachment #534990 -
Flags: review?(tnikkel) → review+
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [needs landing]
|
|
Assignee | |
Comment 6•14 years ago
|
||
Whiteboard: [needs landing] → [fixed-in-cedar]
|
||
Comment 7•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Whiteboard: [fixed-in-cedar]
Target Milestone: --- → mozilla7
Version: 2.0 Branch → Trunk
|
|
Assignee | |
Comment 8•14 years ago
|
||
Comment on attachment 534990 [details] [diff] [review]
actual patch
Review of attachment 534990 [details] [diff] [review]:
-----------------------------------------------------------------
Super-safe patch, might fix topcrash.
Attachment #534990 -
Flags: approval-mozilla-beta?
Attachment #534990 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•14 years ago
|
Attachment #534990 -
Flags: approval-mozilla-beta?
Attachment #534990 -
Flags: approval-mozilla-beta+
Attachment #534990 -
Flags: approval-mozilla-aurora?
Attachment #534990 -
Flags: approval-mozilla-aurora+
|
|
Assignee | |
Comment 9•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-aurora/rev/c43281466451
http://hg.mozilla.org/releases/mozilla-beta/rev/77075f01ce94
status-firefox5:
--- → fixed
status-firefox6:
--- → fixed
|
||
Updated•14 years ago
|
Crash Signature: [@ gfxContext::gfxContext]
|
|
Reporter | |
Comment 10•14 years ago
|
||
Still seeing the same stack on Fennec 5.
https://crash-stats.mozilla.com/report/index/2513d055-8f36-400c-8292-7f28c2110622
|
|
Reporter | |
Updated•14 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Reporter | |
Comment 11•14 years ago
|
||
Bug 665218 has STR that end in a gfxContext::gfxContext crash.
|
|
||
Updated•14 years ago
|
Crash Signature: [@ gfxContext::gfxContext] → [@ gfxContext::gfxContext]
[@ gfxContext::gfxContext(gfxASurface*) ]
|
|
||
Comment 12•14 years ago
|
||
There have been no crashes in Fennec versions above 5.0 for the last four weeks.
I close it as fixed.
Status: REOPENED → RESOLVED
Crash Signature: [@ gfxContext::gfxContext]
[@ gfxContext::gfxContext(gfxASurface*) ] → [@ gfxContext::gfxContext]
Closed: 14 years ago → 14 years ago
Depends on: 665218
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•