crash in memcpy | mozilla::gl::GLContext::TexImage2D

RESOLVED INCOMPLETE

Status

()

--
critical
RESOLVED INCOMPLETE
7 years ago
3 years ago

People

(Reporter: scoobidiver, Unassigned)

Tracking

({crash})

14 Branch
ARM
Android
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [native-crash], crash signature)

(Reporter)

Description

7 years ago
There are three crashes in 14.0a1.

Signature 	memcpy | mozilla::gl::GLContext::TexImage2D More Reports Search
UUID	e831763e-3520-4644-901b-865a82120328
Date Processed	2012-03-28 17:34:12
Uptime	1820
Last Crash	37.0 minutes before submission
Install Age	6.5 days since version was first installed.
Install Time	2012-03-22 06:23:03
Product	FennecAndroid
Version	14.0a1
Build ID	20120321031151
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux 2.6.35.10-g931a37e #1 PREEMPT Wed Nov 9 14:04:03 CST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x4db0ec00
App Notes 	
EGL? EGL+ AdapterVendorID: spade, AdapterDeviceID: HTC Desire HD A9191.
AdapterDescription: 'Android, Model: 'HTC Desire HD A9191', Product: 'htc_ace', Manufacturer: 'HTC', Hardware: 'spade''.
GL Context? GL Context+ GL Layers? GL Layers+ 
HTC HTC Desire HD A9191
htc_wwe/htc_ace/ace:2.3.5/GRJ90/$:user/release-keys
EMCheckCompatibility	True

Frame 	Module 	Signature 	Source
0 	libc.so 	memcpy 	
1 	libxul.so 	mozilla::gl::GLContext::TexImage2D 	gfx/gl/GLContext.cpp:533
2 	libxul.so 	mozilla::gl::GLContext::UploadSurfaceToTexture 	gfx/gl/GLContext.cpp:2225
3 	libxul.so 	mozilla::gl::TextureImageEGL::DirectUpdate 	gfx/gl/GLContextProviderEGL.cpp:1058
4 	libxul.so 	mozilla::gl::TiledTextureImage::DirectUpdate 	gfx/gl/GLContext.cpp:910
5 	libxul.so 	mozilla::layers::ShadowBufferOGL::DirectUpdate 	gfx/layers/opengl/ThebesLayerOGL.cpp:942
6 	libxul.so 	mozilla::layers::ShadowThebesLayerOGL::ProgressiveUpload 	gfx/layers/opengl/ThebesLayerOGL.cpp:1141
7 	libxul.so 	RunnableMethod<mozilla::layers::ShadowThebesLayerOGL, void , Tuple0>::Run 	ipc/chromium/src/base/tuple.h:383
8 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:318
9 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:326
10 	libxul.so 	MessageLoop::DoDelayedWork 	ipc/chromium/src/base/message_loop.cc:453
11 	libxul.so 	base::MessagePumpDefault::Run 	ipc/chromium/src/base/message_pump_default.cc:27
12 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:208
13 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:201
14 	libxul.so 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:156
15 	libxul.so 	ThreadFunc 	ipc/chromium/src/base/platform_thread_posix.cc:26
16 	libc.so 	__thread_entry 	
17 	libc.so 	pthread_create 	
18 		@0xc4286 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=memcpy+|+mozilla%3A%3Agl%3A%3AGLContext%3A%3ATexImage2D
(Reporter)

Updated

7 years ago
Crash Signature: [@ memcpy | mozilla::gl::GLContext::TexImage2D] → [@ memcpy | mozilla::gl::GLContext::TexImage2D] [@ mozilla::gl::GLContext::TexImage2D]
Specifically this crashes at:
http://hg.mozilla.org/mozilla-central/annotate/4c43cfe73516/gfx/gl/GLContext.cpp#l547

It could be any number of things. The code looks alright, but there are a bunch of variables which could be almost anything. This should probably have some sanity checks, and even aborts for clearly-bad cases.
I am closing this as incomplete as there are no recent reports of this crash with a modern product version. Please reopen this bug report if you are still able to reproduce this crash.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.