Closed
Bug 672361
Opened 14 years ago
Closed 14 years ago
Firefox 8.0a1 Crash @ IOSurface@0xb5b
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla8
People
(Reporter: marcia, Assigned: BenWa)
References
()
Details
(Keywords: crash, reproducible, Whiteboard: [inbound])
Crash Data
Attachments
(1 file)
2.47 KB,
patch
|
smichaud
:
review+
|
Details | Diff | Splinter Review |
Seen while reviewing crash stats and reproducible using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1) Gecko/20110718 Firefox/8.0a1
https://crash-stats.mozilla.com/report/index/bp-b9fccba7-9b41-4ec7-bda3-6aac12110718
STR:
1. http://fullproduct.download.microsoft.com/download/release/3/9/8/SW_DVD5_Windows_Vista_Business_32BIT_Brazilian_Full_Int_SP2_MLF_X15-39885.ISO?LCID=1033&PGM=VLSC&TID=40516574&__gda__=1311102765_ab37533b6655d0c01947f9f92ed2caf7
2. Deny the Java applet.
3. Crash.
Frame Module Signature [Expand] Source
0 IOSurface IOSurface@0xb5b
1 XUL nsPluginInstanceOwner::RenderCoreAnimation dom/plugins/base/nsPluginInstanceOwner.cpp:1481
2 XUL nsObjectFrame::PaintPlugin layout/generic/nsObjectFrame.cpp:1780
3 XUL nsDisplayPlugin::Paint layout/generic/nsObjectFrame.cpp:1014
4 XUL mozilla::FrameLayerBuilder::DrawThebesLayer layout/base/FrameLayerBuilder.cpp:2142
5 XUL mozilla::layers::ThebesLayerOGL::RenderLayer gfx/layers/opengl/ThebesLayerOGL.cpp:711
6 XUL mozilla::layers::ContainerLayerOGL::RenderLayer gfx/layers/opengl/ContainerLayerOGL.cpp:245
7 XUL mozilla::layers::ContainerLayerOGL::RenderLayer gfx/layers/opengl/ContainerLayerOGL.cpp:245
8 XUL mozilla::layers::LayerManagerOGL::Render gfx/layers/opengl/LayerManagerOGL.cpp:796
9 XUL mozilla::layers::LayerManagerOGL::EndTransaction gfx/layers/opengl/LayerManagerOGL.cpp:423
10 XUL nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:630
11 XUL nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1639
12 XUL PresShell::Paint layout/base/nsPresShell.cpp:6165
13 XUL nsViewManager::Refresh view/src/nsViewManager.cpp:440
14 XUL nsViewManager::DispatchEvent view/src/nsViewManager.cpp:918
15 XUL HandleEvent view/src/nsView.cpp:160
16 XUL nsChildView::DispatchEvent widget/src/cocoa/nsChildView.mm:1705
17 XUL nsChildView::DispatchWindowEvent widget/src/cocoa/nsChildView.mm:1715
18 XUL -[ChildView drawRect:inContext:] widget/src/cocoa/nsChildView.mm:2793
19 XUL -[ChildView drawRect:] widget/src/cocoa/nsChildView.mm:2699
20 AppKit AppKit@0x100d74
21 AppKit AppKit@0xfbfe6
22 AppKit AppKit@0x73eeff
23 AppKit AppKit@0xfb89b
24 Foundation Foundation@0x16d95
25 AppKit AppKit@0x8046ff
26 AppKit AppKit@0xfe54a
27 libSystem.B.dylib libSystem.B.dylib@0x9d78
28 libSystem.B.dylib libSystem.B.dylib@0x9d78
29 AppKit AppKit@0x755a57
30 AppKit AppKit@0x239a2
31 CoreFoundation CoreFoundation@0xbc54
32 CoreFoundation CoreFoundation@0x1055b
33 CoreFoundation CoreFoundation@0xfd06
34 CoreFoundation CoreFoundation@0xfb5e
35 CoreFoundation CoreFoundation@0x24834
36 CoreFoundation CoreFoundation@0x246a8
37 Foundation Foundation@0x14f1b
38 AppKit AppKit@0xfeed5
39 libSystem.B.dylib libSystem.B.dylib@0x9d78
40 AppKit AppKit@0x755a57
41 AppKit AppKit@0x239a2
42 CoreFoundation CoreFoundation@0xbc54
43 CoreFoundation CoreFoundation@0x13e1a7
44 CoreFoundation CoreFoundation@0xfd06
Reporter | ||
Comment 1•14 years ago
|
||
I put this in Core Plugins but it is probably not the correct component so would appreciate any help in putting it in the correct component.
Comment 2•14 years ago
|
||
I can't reproduce this crash. I tested on OS X 3.6.8 with FF 5.0 and 6.0b2.
So we need to round up the usual suspects :-)
Do you crash with a clean profile?
Reporter | ||
Comment 3•14 years ago
|
||
I can reproduce the crash using the lastest trunk nightly with a clean profile.
I will try other versions as well. I first saw the signature associated with someone running 10.7 in crash stats and that is where I got the URL.
Comment 4•14 years ago
|
||
I don't crash (even with today's trunk nightly) on OS X 10.6.8.
I do crash on OS X 10.7:
bp-347bd19d-ef49-47f6-9a7d-5d3062110718
Comment 5•14 years ago
|
||
But now Microsoft's done something to break your testcase :-(
Now I get the following error, and no Java applet:
An error occurred while processing your request.
Reference #50.b5ec54b8.1311028747.208abf4d
Comment 6•14 years ago
|
||
(Following up comment #5)
I find I can get rid of this error, and start crashing again, if I do the following in Terminal:
$ rm -rf ~/Library/Caches/Java/cache/6.0
Comment 7•14 years ago
|
||
(Following up comment #6)
To get rid of the error (and start crashing again) you also have to clear FF's cache (Preferences : Advanced : Network : Offline Storage : Clear Now).
Comment 8•14 years ago
|
||
Finding a regression range for this is going to be complicated by bug 663688, which makes FF *terribly* crashy on OS X 10.7 (and which has only been fixed on trunk, one way or another, since 2011-06-20).
Comment 9•14 years ago
|
||
> Finding a regression range for this is going to be complicated by
> bug 663688, which makes FF *terribly* crashy on OS X 10.7 (and which
> has only been fixed on trunk, one way or another, since 2011-06-20).
But not, of course, if you set gfx.downloadable_fonts.enabled to false
:-)
Comment 10•14 years ago
|
||
This appears to be a recent regression. Here's the regression range
(testing on OS X 10.7):
firefox-2011-07-13-03-07-41-mozilla-central
firefox-2011-07-14-03-07-41-mozilla-central
Here's the full STR over again:
1) Do the following in Terminal:
rm -rf ~/Library/Caches/Java/cache/6.0
2) Run Firefox and clear its cache (Preferences : Advanced : Network :
Offline Storage : Clear Now).
3) Visit http://fullproduct.download.microsoft.com/download/release/3/9/8/SW_DVD5_Windows_Vista_Business_32BIT_Brazilian_Full_Int_SP2_MLF_X15-39885.ISO?LCID=1033&PGM=VLSC&TID=40516574&__gda__=1311102765_ab37533b6655d0c01947f9f92ed2caf7
4) Wait 15-20 seconds for the Java applet to finish loading, then
"deny" it access to your computer.
Comment 11•14 years ago
|
||
Benoit, I'd bet the trigger here is your patch for bug 663259 ("Enable Mac Async plugin by default"). Changing plugins.use_layers from 'true' to 'false' doesn't stop the crashes, but I'm not sure that settings change is enough to fully reverse the effects of your patch.
Assignee | ||
Comment 12•14 years ago
|
||
Thanks for looking into this Steven, I'll work on this bug I have a few ideas.
Assignee: nobody → bgirard
Assignee | ||
Comment 13•14 years ago
|
||
I carelessly changed mIOSurface from nsIOSurface* to nsRefPtr<nsIOSurface> without fixing all the implications. This patch addresses these omissions.
Attachment #546789 -
Flags: review?(smichaud)
Comment 14•14 years ago
|
||
Comment on attachment 546789 [details] [diff] [review]
Fix mIOSurface memory management
This looks fine to me.
Do we know that it fixes this bug's crashes?
Attachment #546789 -
Flags: review?(smichaud) → review+
Assignee | ||
Comment 15•14 years ago
|
||
No, I was unable to reproduce the issue on 10.6 and don't have a 10.7 ready. It seem consistent with the crash report in this bug however.
Comment 16•14 years ago
|
||
> It seems consistent with the crash report in this bug however.
I agree. Marcia and I can test your patch when it gets into a nightly.
Whether or not your patch fixes this bug, though, it does fix things that need to be fixed.
Assignee | ||
Comment 17•14 years ago
|
||
Pushed to mozilla-inbound:
http://hg.mozilla.org/integration/mozilla-inbound/rev/4c27fe0139bf
Whiteboard: [inbound]
Comment 18•14 years ago
|
||
> don't have a 10.7 ready
Marcia, do you know if we have a way to distribute copies of the 10.7 GM to employees/contractors?
Assignee | ||
Comment 19•14 years ago
|
||
(In reply to comment #18)
> > don't have a 10.7 ready
>
> Marcia, do you know if we have a way to distribute copies of the 10.7 GM to
> employees/contractors?
We have a corporate account for MoCo that Josh setup. I just have an old seed from May without a dev environment. I've been meaning to set it up once I get assigned a complex Lion bug.
Reporter | ||
Comment 20•14 years ago
|
||
I have not heard anything from IT yet regarding this. I purchased an individual yearly membership so I could get the seeds.
(In reply to comment #18)
> > don't have a 10.7 ready
>
> Marcia, do you know if we have a way to distribute copies of the 10.7 GM to
> employees/contractors?
Comment 21•14 years ago
|
||
> I purchased an individual yearly membership so I could get the seeds.
So did I :-)
It's not expensive -- just $99 (http://developer.apple.com/programs/mac/).
But this is really something Mozilla should provide for its employees/contractors -- whether by allowing us to expense the $99 or by doing it centrally. I'll beat the bushes to see what I can find out.
Assignee | ||
Comment 22•14 years ago
|
||
(In reply to comment #21)
> > I purchased an individual yearly membership so I could get the seeds.
>
> So did I :-)
>
> It's not expensive -- just $99 (http://developer.apple.com/programs/mac/).
>
> But this is really something Mozilla should provide for its
> employees/contractors -- whether by allowing us to expense the $99 or by
> doing it centrally. I'll beat the bushes to see what I can find out.
Contact Josh, he set up a Mozilla account a last month.
Comment 23•14 years ago
|
||
> Contact Josh, he set up a Mozilla account a last month.
I will. But if we *do* manage this centrally, it really should be IT
(or someone in IT) that takes care of it.
To my mind Josh shouldn't be saddled with this. Nor am I particularly
eager to be :-)
Comment 24•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
Assignee | ||
Comment 25•14 years ago
|
||
Here's the M-I build in case you want to try it out now:
http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-inbound-macosx64/1311091070/firefox-8.0a1.en-US.mac.dmg
Comment 26•14 years ago
|
||
Testing with this M-I build, I no longer crash using my STR from comment #10.
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•