Closed Bug 745662 Opened 13 years ago Closed 13 years ago

Trigger a release-build crash when the discard tracker is used off the main thread

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
14 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla15

People

(Reporter: justin.lebar+bug, Unassigned)

References

Details

Attachments

(1 file)

Patch v1
3.54 KB, patch
joe
: review+
Details | Diff | Splinter Review
+++ This bug was initially created as a clone of Bug #745141 +++ We have no idea why the discard tracker is being used off the main thread, so here's a patch to cause a crash which we can investigate via breakpad.
Attached patch Patch v1Splinter Review
Attachment #615223 - Flags: review?(joe)
Blocks: 745141
No longer depends on: 745141
Attachment #615223 - Flags: review?(joe) → review+
Pushed to birch for FF15.
Target Milestone: --- → mozilla15
Well, that was easy. First set of test runs: https://tbpl.mozilla.org/php/getParsedLog.php?id=10994000&tree=Birch#error0 khuey says this is the windows 7 task bar tooltip preview thing. It's apparently transcoding the image from PNG to some other format, off main thread. I guess we just need to make the discard tracker thread-safe. > Thread 32 (crashed) > 0 KERNELBASE.dll + 0x3194b > eip = 0x757d194b esp = 0x05edefa0 ebp = 0x05edf3bc ebx = 0x00000040 > esi = 0x696c1440 edi = 0x00000000 eax = 0x00000000 ecx = 0x05edefb8 > edx = 0x00000000 efl = 0x00000202 > Found by: given as instruction pointer in context > 1 xul.dll!mozilla::image::DiscardTracker::EnsureMainThread() [DiscardTracker.cpp:b938f2e550c0 : 156 + 0x17] > eip = 0x69dfe53d esp = 0x05edf3c4 ebp = 0x05edf3dc > Found by: previous frame's frame pointer > 2 xul.dll!mozilla::image::DiscardTracker::InformAllocation(__int64) [DiscardTracker.cpp:b938f2e550c0 : 137 + 0x4] > eip = 0x69dfe8cc esp = 0x05edf3dc ebp = 0x05edf3dc > Found by: stack scanning > 3 xul.dll!imgFrame::Init(int,int,int,int,gfxASurface::gfxImageFormat,unsigned char) [imgFrame.cpp:b938f2e550c0 : 243 + 0x11] > eip = 0x69e099f6 esp = 0x05edf3e4 ebp = 0x05edf400 > Found by: call frame info > 4 xul.dll!mozilla::image::RasterImage::InternalAddFrame(unsigned int,int,int,int,int,gfxASurface::gfxImageFormat,unsigned char,unsigned char * *,unsigned int *,unsigned int * *,unsigned int *) [RasterImage.cpp:b938f2e550c0 : 1083 + 0x26] > eip = 0x69e029b8 esp = 0x05edf408 ebp = 0x05edf454 > Found by: call frame info > 5 xul.dll!mozilla::image::RasterImage::EnsureFrame(unsigned int,int,int,int,int,gfxASurface::gfxImageFormat,unsigned char,unsigned char * *,unsigned int *,unsigned int * *,unsigned int *) [RasterImage.cpp:b938f2e550c0 : 1221 + 0x25] > eip = 0x69e03a56 esp = 0x05edf45c ebp = 0x05edf4a4 > Found by: call frame info > 6 xul.dll!mozilla::image::RasterImage::EnsureFrame(unsigned int,int,int,int,int,gfxASurface::gfxImageFormat,unsigned char * *,unsigned int *) [RasterImage.cpp:b938f2e550c0 : 1233 + 0x21] > eip = 0x69e03a82 esp = 0x05edf4ac ebp = 0x05edf4d8 > Found by: call frame info > 7 xul.dll!mozilla::image::nsPNGDecoder::CreateFrame(unsigned int,unsigned int,int,int,gfxASurface::gfxImageFormat) [nsPNGDecoder.cpp:b938f2e550c0 : 122 + 0x28] > eip = 0x69e1a357 esp = 0x05edf4e0 ebp = 0x05edf50c > Found by: call frame info > 8 xul.dll!mozilla::image::nsPNGDecoder::info_callback(png_struct_def *,png_info_def *) [nsPNGDecoder.cpp:b938f2e550c0 : 644 + 0x11] > eip = 0x69e1abb9 esp = 0x05edf514 ebp = 0x05edf580 > Found by: call frame info > 9 xul.dll!MOZ_PNG_push_have_info [pngpread.c:b938f2e550c0 : 1966 + 0x5] > eip = 0x6aaf8001 esp = 0x05edf588 ebp = 0x05edf590 > Found by: call frame info > 10 xul.dll!MOZ_PNG_push_read_chunk [pngpread.c:b938f2e550c0 : 454 + 0x1e] > eip = 0x6aaf8482 esp = 0x05edf598 ebp = 0x05edf5b8 > Found by: call frame info > 11 xul.dll!MOZ_PNG_proc_some_data [pngpread.c:b938f2e550c0 : 121 + 0x8] > eip = 0x6aaf8e0e esp = 0x05edf5c0 ebp = 0x05edf5c8 > Found by: call frame info > 12 xul.dll!MOZ_PNG_process_data [pngpread.c:b938f2e550c0 : 40 + 0x8] > eip = 0x6aaf8e49 esp = 0x05edf5d0 ebp = 0x05edf5e0 > Found by: call frame info > 13 xul.dll!mozilla::image::nsPNGDecoder::WriteInternal(char const *,unsigned int) [nsPNGDecoder.cpp:b938f2e550c0 : 360 + 0x13] > eip = 0x69e1a529 esp = 0x05edf5e8 ebp = 0x05edf608 > Found by: call frame info > 14 xul.dll!mozilla::image::Decoder::Write(char const *,unsigned int) [Decoder.cpp:b938f2e550c0 : 112 + 0xc] > eip = 0x69dfdac9 esp = 0x05edf610 ebp = 0x05edf61c > Found by: call frame info > 15 xul.dll!mozilla::image::RasterImage::WriteToDecoder(char const *,unsigned int) [RasterImage.cpp:b938f2e550c0 : 2390 + 0x1e] > eip = 0x69e02f9c esp = 0x05edf624 ebp = 0x05edf63c > Found by: call frame info > 16 xul.dll!mozilla::image::RasterImage::AddSourceData(char const *,unsigned int) [RasterImage.cpp:b938f2e550c0 : 1496 + 0xe] > eip = 0x69e03f03 esp = 0x05edf644 ebp = 0x05edf658 > Found by: call frame info > 17 xul.dll!mozilla::image::RasterImage::WriteToRasterImage(nsIInputStream *,void *,char const *,unsigned int,unsigned int,unsigned int *) [RasterImage.cpp:b938f2e550c0 : 2826 + 0xf] > eip = 0x69e04489 esp = 0x05edf660 ebp = 0x05edf66c > Found by: call frame info > 18 xul.dll!nsStringInputStream::ReadSegments(unsigned int (*)(nsIInputStream *,void *,char const *,unsigned int,unsigned int,unsigned int *),void *,unsigned int,unsigned int *) [nsStringStream.cpp:b938f2e550c0 : 261 + 0xe] > eip = 0x6a9c3175 esp = 0x05edf674 ebp = 0x05edf698 > Found by: call frame info > 19 xul.dll!imgTools::DecodeImageData(nsIInputStream *,nsACString_internal const &,imgIContainer * *) [imgTools.cpp:b938f2e550c0 : 118 + 0x1c] > eip = 0x69e18a53 esp = 0x05edf6a0 ebp = 0x05edf6e0 > Found by: call frame info > 20 xul.dll!mozilla::widget::AsyncWriteIconToDisk::Run() [JumpListBuilder.cpp:b938f2e550c0 : 623 + 0x36] > eip = 0x6a7c771a esp = 0x05edf6e8 ebp = 0x05edf750 > Found by: call frame info > 21 xul.dll!nsThread::ProcessNextEvent(bool,bool *) [nsThread.cpp:b938f2e550c0 : 656 + 0xd] > eip = 0x6a9d5c48 esp = 0x05edf758 ebp = 0x05edf780 > Found by: call frame info > 22 xul.dll!NS_ProcessNextEvent_P(nsIThread *,bool) [nsThreadUtils.cpp:b938f2e550c0 : 245 + 0xc] > eip = 0x6a998003 esp = 0x05edf788 ebp = 0x05edf794 > Found by: call frame info > 23 xul.dll!nsThread::ThreadFunc(void *) [nsThread.cpp:b938f2e550c0 : 289 + 0x7] > eip = 0x6a9d5487 esp = 0x05edf79c ebp = 0x05edf7bc > Found by: call frame info > 24 nspr4.dll!_PR_NativeRunThread [pruthr.c:b938f2e550c0 : 426 + 0x8] > eip = 0x697f92eb esp = 0x05edf7c4 ebp = 0x05edf81c > Found by: call frame info > 25 nspr4.dll!pr_root [w95thred.c:b938f2e550c0 : 122 + 0xc] > eip = 0x697fb6ad esp = 0x05edf7e0 ebp = 0x05edf81c > Found by: stack scanning > 26 MSVCR100D.dll + 0x4a292 > eip = 0x696aa293 esp = 0x05edf7e8 ebp = 0x05edf81c > Found by: stack scanning > 27 MSVCR100D.dll + 0x4a223 > eip = 0x696aa224 esp = 0x05edf824 ebp = 0x05edf828 > Found by: previous frame's frame pointer > 28 kernel32.dll + 0x51173 > eip = 0x773b1174 esp = 0x05edf830 ebp = 0x05edf834 > Found by: previous frame's frame pointer > 29 ntdll.dll + 0x5b3f4 > eip = 0x775db3f5 esp = 0x05edf83c ebp = 0x05edf874 > Found by: previous frame's frame pointer > 30 ntdll.dll + 0x5b3c7 > eip = 0x775db3c8 esp = 0x05edf87c ebp = 0x05edf88c > Found by: previous frame's frame pointer
And backed out from Birch, since this change has gotten us the stack we'd hoped for. https://hg.mozilla.org/projects/birch/rev/b577f8acc6f7
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: