Closed
Bug 746813
Opened 13 years ago
Closed 13 years ago
nsCanvasRenderingContext2D::GetMozCurrentTransformInverse crash with large canvas
Categories
(Core :: Graphics: Canvas2D, defect)
Core
Graphics: Canvas2D
Tracking
()
RESOLVED
FIXED
mozilla16
People
(Reporter: jruderman, Assigned: cjones)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
No description provided.
Reporter | ||
Comment 1•13 years ago
|
||
Reporter | ||
Comment 2•13 years ago
|
||
Assignee | ||
Comment 3•13 years ago
|
||
Needs moar EnsureCurrentSurface.
phone
Comment 4•13 years ago
|
||
On Windows 7: bp-72e70eb8-0995-401d-b377-406672120419
Crash Signature: [@ gfxContext::CurrentMatrix ]
[@ nsCanvasRenderingContext2D::GetMozCurrentTransformInverse ] → [@ gfxContext::CurrentMatrix ]
[@ nsCanvasRenderingContext2D::GetMozCurrentTransformInverse ]
[@ gfxContext::CurrentMatrix()]
OS: Linux → All
Hardware: x86_64 → All
Assignee | ||
Comment 5•13 years ago
|
||
Thanks Jesse!
Assignee: nobody → jones.chris.g
Attachment #616774 -
Flags: review?(joe)
Comment 6•13 years ago
|
||
Comment on attachment 616774 [details] [diff] [review]
Check for context allocation failure before returning inverse transform
Review of attachment 616774 [details] [diff] [review]:
-----------------------------------------------------------------
This needs to be fixed in nsCanvasRenderingContext2DAzure as well - otherwise we'll a) have this bug on some systems but not others and b) make crashtest go orange.
Attachment #616774 -
Flags: review?(joe) → review-
Assignee | ||
Comment 7•13 years ago
|
||
Well, OK, but in the port to azure canvas many/most of the EnsureCurrentSurface()-style checks were lost. This is putting ones finger in dike. Is there a bug on file for restoring them? Are we fuzzing azure canvas?
Reporter | ||
Comment 8•13 years ago
|
||
We are fuzzing azure canvas, but only on the (OS version, hardware) combinations in the build pool. The fuzzer randomizes gfx.canvas.azure.enabled so both azure and non-azure canvas are tested on as many platforms as possible.
Assignee | ||
Comment 9•13 years ago
|
||
OK. There are many azure-canvas interfaces that don't check for a valid surface whereas the same cairo-canvas interface does. (I assumed the checks weren't needed for azure-canvas.) Apparently we have a dearth of tests for those cases, and perhaps our fuzzer is getting unlucky?
Comment 10•13 years ago
|
||
fwiw, crash automation reproduced this on all three branches: Beta/12, Aurora/13, Nightly/14 and all 3 platforms.
Assignee | ||
Comment 11•13 years ago
|
||
Was cleaning mq house and came back across this.
This version puts a few more fingers in the azure context dike.
Attachment #616774 -
Attachment is obsolete: true
Attachment #631615 -
Flags: review?(joe)
Comment 12•13 years ago
|
||
Comment on attachment 631615 [details] [diff] [review]
Check for context allocation failure before returning inverse transform, v2
Review of attachment 631615 [details] [diff] [review]:
-----------------------------------------------------------------
Well, not azure content so much as azure canvas, but hooray. And thanks for fixing both implementations!
Attachment #631615 -
Flags: review?(joe) → review+
Assignee | ||
Comment 13•13 years ago
|
||
Target Milestone: --- → mozilla16
Comment 14•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•