Closed
Bug 746813
Opened 9 years ago
Closed 9 years ago
nsCanvasRenderingContext2D::GetMozCurrentTransformInverse crash with large canvas
Categories
(Core :: Canvas: 2D, defect)
Core
Canvas: 2D
Tracking
()
RESOLVED
FIXED
mozilla16
People
(Reporter: jruderman, Assigned: cjones)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
No description provided.
Reporter | ||
Comment 1•9 years ago
|
||
Reporter | ||
Comment 2•9 years ago
|
||
Opt: bp-bdbe2955-d9ce-487c-a72e-d0a0a2120419
Assignee | ||
Comment 3•9 years ago
|
||
Needs moar EnsureCurrentSurface. phone
Comment 4•9 years ago
|
||
On Windows 7: bp-72e70eb8-0995-401d-b377-406672120419
Crash Signature: [@ gfxContext::CurrentMatrix ]
[@ nsCanvasRenderingContext2D::GetMozCurrentTransformInverse ] → [@ gfxContext::CurrentMatrix ]
[@ nsCanvasRenderingContext2D::GetMozCurrentTransformInverse ]
[@ gfxContext::CurrentMatrix()]
OS: Linux → All
Hardware: x86_64 → All
Assignee | ||
Comment 5•9 years ago
|
||
Thanks Jesse!
Assignee: nobody → jones.chris.g
Attachment #616774 -
Flags: review?(joe)
Comment 6•9 years ago
|
||
Comment on attachment 616774 [details] [diff] [review] Check for context allocation failure before returning inverse transform Review of attachment 616774 [details] [diff] [review]: ----------------------------------------------------------------- This needs to be fixed in nsCanvasRenderingContext2DAzure as well - otherwise we'll a) have this bug on some systems but not others and b) make crashtest go orange.
Attachment #616774 -
Flags: review?(joe) → review-
Assignee | ||
Comment 7•9 years ago
|
||
Well, OK, but in the port to azure canvas many/most of the EnsureCurrentSurface()-style checks were lost. This is putting ones finger in dike. Is there a bug on file for restoring them? Are we fuzzing azure canvas?
Reporter | ||
Comment 8•9 years ago
|
||
We are fuzzing azure canvas, but only on the (OS version, hardware) combinations in the build pool. The fuzzer randomizes gfx.canvas.azure.enabled so both azure and non-azure canvas are tested on as many platforms as possible.
Assignee | ||
Comment 9•9 years ago
|
||
OK. There are many azure-canvas interfaces that don't check for a valid surface whereas the same cairo-canvas interface does. (I assumed the checks weren't needed for azure-canvas.) Apparently we have a dearth of tests for those cases, and perhaps our fuzzer is getting unlucky?
Comment 10•9 years ago
|
||
fwiw, crash automation reproduced this on all three branches: Beta/12, Aurora/13, Nightly/14 and all 3 platforms.
Assignee | ||
Comment 11•9 years ago
|
||
Was cleaning mq house and came back across this. This version puts a few more fingers in the azure context dike.
Attachment #616774 -
Attachment is obsolete: true
Attachment #631615 -
Flags: review?(joe)
Comment 12•9 years ago
|
||
Comment on attachment 631615 [details] [diff] [review] Check for context allocation failure before returning inverse transform, v2 Review of attachment 631615 [details] [diff] [review]: ----------------------------------------------------------------- Well, not azure content so much as azure canvas, but hooray. And thanks for fixing both implementations!
Attachment #631615 -
Flags: review?(joe) → review+
Assignee | ||
Comment 13•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/a07fd72eb33d
Target Milestone: --- → mozilla16
Comment 14•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a07fd72eb33d
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•