Closed Bug 743767 Opened 13 years ago Closed 13 years ago

Firefox crash @ memcpy | GlyphBufferAzure::Flush

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla14

People

(Reporter: marcia, Assigned: jfkthame)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

patch (untested) - fix the pattern matrix issues
1.90 KB, patch
bas.schouten
: review+
Details | Diff | Splinter Review 
Seen while looking at trunk crash stats. Crashes started showing up in crash stats using the 2012040603 build. Fairly small volume but looks like different users based on driver versions.

Comments: "Browsing the list of official components for Foobar2000 media player."

Possible regression range based on crash stats: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ed9cbe6a817e&tochange=da0d07b5ca1e

https://crash-stats.mozilla.com/report/index/be348524-39fb-402d-8781-737652120409

Frame 	Module 	Signature 	Source
0 	msvcr100.dll 	memcpy 	f:\\dd\\vctools\\crt_bld\\SELF_64_amd64\\crt\\src\\amd64\\memcpy.asm:274
1 	xul.dll 	GlyphBufferAzure::Flush 	gfx/thebes/gfxFont.cpp:1517
2 	mozglue.dll 	choose_arena 	memory/jemalloc/jemalloc.c:2969
3 	uxtheme.dll 	_InternalSystemParametersInfo 	
4 	uxtheme.dll 	ThemeSystemParametersInfoA 	
5 	xul.dll 	gfxFont::Draw 	gfx/thebes/gfxFont.cpp:1922
Version: unspecified → Trunk
I see a couple of issues with the code in GlyphBufferAzure::Flush:

(a) incorrect casts, so that it'll look at the wrong location for the matrix in radial-gradient and surface patterns;

(b) it doesn't check whether the pattern may be one (color) that doesn't have a matrix at all.

(This code landed in bug 738691.)
Blocks: 738691

  

  



        Attachment #613360 -
        Flags: review?(bas.schouten)

    
    

    
  
Comment on attachment 613360 [details] [diff] [review]
patch (untested) - fix the pattern matrix issues

Review of attachment 613360 [details] [diff] [review]:
-----------------------------------------------------------------

I'm ashamed.

  

  



        Attachment #613360 -
        Flags: review?(bas.schouten) → review+

    
    

    
  
https://hg.mozilla.org/integration/mozilla-inbound/rev/ca10513eff60

  

  


Assignee: nobody → jfkthame
Target Milestone: --- → mozilla14

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/ca10513eff60

  

  


Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
  
Blocks: 742727

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: