Closed Bug 756555 Opened 13 years ago Closed 13 years ago

Coalescing upload region can cause us to try to upload outside the valid region

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla15
Tracking Flags:
Tracking Status
firefox14 --- fixed
firefox15 --- fixed
blocking-fennec1.0 --- soft

People

(Reporter: BenWa, Assigned: kats)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file)

Patch
1.49 KB, patch
ajuma
: review+
joe
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Coalescing upload region can cause us to try to upload outside the valid region. This happens when we get two paints from a layer at different offset back-to-back before we process the upload. We have to be careful that we only try to upload the region that is valid when coalescing these regions.
Attached patch PatchSplinter Review
Since BenWa pretty much wrote this patch, asking ali for a review
Attachment #625196 - Flags: review?(ajuma)
Comment on attachment 625196 [details] [diff] [review] Patch Review of attachment 625196 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/layers/opengl/TiledThebesLayerOGL.cpp @@ +167,5 @@ > } > > + // If we coalesce uploads while the layers' valid region is changing we will > + // end up trying to upload area outside of the valid region. (bug 756555) > + mRegionToUpload = mRegionToUpload.And(mRegionToUpload, mMainMemoryTiledBuffer.GetValidRegion()); The assignment is just self-assignment here, so it isn't needed.
Attachment #625196 - Flags: review?(ajuma) → review+
Kats, the reason these API return 'this' is to allow chaining X.And(...).Or(...).
Landed on inbound with the assignment part removed: https://hg.mozilla.org/integration/mozilla-inbound/rev/ab3f805f3210 (In reply to Benoit Girard (:BenWa) from comment #3) > Kats, the reason these API return 'this' is to allow chaining > X.And(...).Or(...). That makes sense, but I still don't think it makes sense to be passing in the object itself as the first parameter. That's just confusing :)
status-firefox14: --- → affected
status-firefox15: --- → fixed
Target Milestone: --- → mozilla15
Also noming for fennec blocker; this prevents a crash (I was able to reproduce the crash pretty easily by panning around on http://www.bbc.co.uk/persian/mobile/index.shtml with the patches from bug 748384 applied on the SGS 2).
blocking-fennec1.0: --- → ?
Assignee: nobody → bugmail.mozilla
(In reply to Kartikaya Gupta (:kats) from comment #4) Agreed :)
https://hg.mozilla.org/mozilla-central/rev/ab3f805f3210
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
No longer blocks: 748384
Blocks: 748384
Comment on attachment 625196 [details] [diff] [review] Patch [Approval Request Comment] Bug caused by (feature/regressing bug #): 739679 User impact if declined: possible crash in some cases Testing completed (on m-c, etc.): on m-c Risk to taking this patch (and alternatives if risky): low-risk String or UUID changes made by this patch: none
Attachment #625196 - Flags: approval-mozilla-aurora?
blocking-fennec1.0: ? → soft
Attachment #625196 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: