Closed Bug 700193 Opened 13 years ago Closed 13 years ago

crash [@ nsPNGEncoder::GetImageBufferSize]

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: nhirata, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [native-crash:P4], str-wanted)

Crash Data

From Soccorro: https://crash-stats.mozilla.com/report/index/c4021a4a-7e85-4f9f-a79e-028532111103 Crashing Thread Frame Module Signature [Expand] Source 0 libmozalloc.so mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:66 1 libc.so libc.so@0x10d16 2 libnspr4.so PR_Unlock nsprpub/pr/src/pthreads/ptsynch.c:237 3 @0x5cf884ae 4 libnspr4.so PR_Unlock nsprpub/pr/src/pthreads/ptsynch.c:237 5 libnspr4.so PR_Unlock nsprpub/pr/src/pthreads/ptsynch.c:237 6 @0x0 7 libxul.so nsPNGEncoder::GetImageBufferSize image/encoders/png/nsPNGEncoder.cpp:215 8 libxul.so NS_CancelAsyncCopy xpcom/io/nsStreamUtils.cpp:635 9 @0x5cf5e19e 10 libxul.so nsWindow::OnGlobalAndroidEvent widget/src/android/nsWindow.cpp:939 11 libxul.so nsAppShell::ProcessNextNativeEvent widget/src/android/nsAppShell.cpp:421 12 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/src/xpwidgets/nsBaseAppShell.cpp:171 13 libxul.so nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:324 14 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:595 15 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 16 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 17 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 18 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 19 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 20 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:228 21 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3547 22 libxul.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun toolkit/xre/nsAndroidStartup.cpp:141 23 libmozutils.so Java_org_mozilla_gecko_GeckoAppShell_nativeRun other-licenses/android/APKOpen.cpp:232 24 libdvm.so libdvm.so@0x11c76 25 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x215612 26 dalvik-heap (deleted) dalvik-heap @0x6eb52e 27 libdvm.so libdvm.so@0x40f6d 28 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x22368 29 libmozutils.so Java_org_mozilla_gecko_GeckoAppShell_nativeInit other-licenses/android/APKOpen.cpp:231 30 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x215612 31 libdvm.so libdvm.so@0x40f27 32 dalvik-heap (deleted) dalvik-heap @0x6eb52e 33 libdvm.so libdvm.so@0x46537 34 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x215612 35 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x1590c 36 dalvik-heap (deleted) dalvik-heap @0x6eb52e 37 libdvm.so libdvm.so@0x11e3e 38 libdvm.so libdvm.so@0x16e8a 39 libdvm.so libdvm.so@0x1bd56 40 libdvm.so libdvm.so@0x1bcc6 41 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x273a 42 libdvm.so libdvm.so@0x1ae12 43 libdvm.so libdvm.so@0x16b06 44 system@framework@core.jar@classes.dex system@framework@core.jar@classes.dex@0x99328 45 dalvik-heap (deleted) dalvik-heap @0x91ca5e 46 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x215abe 47 dalvik-mark-stack (deleted) dalvik-mark-stack @0x4d5426e 48 libdvm.so libdvm.so@0x9ef76 49 libdvm.so libdvm.so@0x16b6a 50 libdvm.so libdvm.so@0x16be2 51 libdvm.so libdvm.so@0x16a8a 52 libdvm.so libdvm.so@0x16ab2 53 libdvm.so libdvm.so@0x16b06 54 system@framework@core.jar@classes.dex system@framework@core.jar@classes.dex@0x8a3da 55 system@framework@core.jar@classes.dex system@framework@core.jar@classes.dex@0x8a3b0 56 system@framework@core.jar@classes.dex system@framework@core.jar@classes.dex@0x8a3b8 57 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x3fe2c4 58 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x4dc52d 59 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x4d87e0 60 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x4005c3 61 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x32ee28 62 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x3fea20 63 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x3fe018 64 org.mozilla.fennec-2.apk org.mozilla.fennec-2.apk@0x37c93f
Component: General → Graphics
Product: Fennec Native → Core
QA Contact: general → thebes
Brian, does this trigger anything in your mind?
Component: Graphics → ImageLib
QA Contact: thebes → imagelib
It's familiar ya but I'm not sure what the problem is without extra details or STR. It's called like this: PRUint32 imageBufferSize; mContainedEncoder->GetImageBufferSize(&imageBufferSize); And the implementation is straightforward: // Returns the image buffer size NS_IMETHODIMP nsPNGEncoder::GetImageBufferSize(PRUint32 *aOutputSize) { NS_ENSURE_ARG_POINTER(aOutputSize); *aOutputSize = mImageBufferSize; return NS_OK; }
This may depend on bug #392867.
Depends on: 392867
Well I think it is likely stack corruption because the call stack doesn't make sense. I don't know if that's the cause though or if it is some other type of stack corruption.
Illegally returning from the png_error() replacement can cause stack corruption. That's why I think bug #392867 might be involved here.
Ya gotcha, thnaks for linking them up.
Str wanted, most likely a bad stack, need to have bug 392867 before we see the proper stack. most likely should try to get the currently STR while it is busted so that we can see what the correct stack looks like when crashing. Marking as P4 for now.
Whiteboard: [native-crash] → [native-crash:P4], str-wanted
We should either not see this anymore, or see a much better stack, depending on whether this was a real bug or just a duplicate of bug 392867. Naoki, any data?
Socorro doesn't report anything with this crash signature in the last 30 days. I suppose we can just close this off as a duplicate?
or WFM might be better?
yeah
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.