Last Comment Bug 756555 - Coalescing upload region can cause us to try to upload outside the valid region
: Coalescing upload region can cause us to try to upload outside the valid region
Status: RESOLVED FIXED
[qa-]
:
Product: Core
Classification: Components
Component: Graphics: Layers (show other bugs)
: unspecified
: x86 Mac OS X
: -- normal (vote)
: mozilla15
Assigned To: Kartikaya Gupta (email:kats@mozilla.com)
:
:
Mentors:
Depends on:
Blocks: 739679 748384
  Show dependency treegraph
 
Reported: 2012-05-18 12:28 PDT by Benoit Girard (:BenWa)
Modified: 2012-08-14 08:11 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed
fixed
soft


Attachments
Patch (1.49 KB, patch)
2012-05-18 12:34 PDT, Kartikaya Gupta (email:kats@mozilla.com)
ajuma.bugzilla: review+
joe: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Benoit Girard (:BenWa) 2012-05-18 12:28:08 PDT
Coalescing upload region can cause us to try to upload outside the valid region. This happens when we get two paints from a layer at different offset back-to-back before we process the upload. We have to be careful that we only try to upload the region that is valid when coalescing these regions.
Comment 1 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-18 12:34:41 PDT
Created attachment 625196 [details] [diff] [review]
Patch

Since BenWa pretty much wrote this patch, asking ali for a review
Comment 2 Ali Juma [:ajuma] 2012-05-18 13:29:59 PDT
Comment on attachment 625196 [details] [diff] [review]
Patch

Review of attachment 625196 [details] [diff] [review]:
-----------------------------------------------------------------

::: gfx/layers/opengl/TiledThebesLayerOGL.cpp
@@ +167,5 @@
>    }
>  
> +  // If we coalesce uploads while the layers' valid region is changing we will
> +  // end up trying to upload area outside of the valid region. (bug 756555)
> +  mRegionToUpload = mRegionToUpload.And(mRegionToUpload, mMainMemoryTiledBuffer.GetValidRegion());

The assignment is just self-assignment here, so it isn't needed.
Comment 3 Benoit Girard (:BenWa) 2012-05-18 14:38:27 PDT
Kats, the reason these API return 'this' is to allow chaining X.And(...).Or(...).
Comment 4 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-18 18:21:52 PDT
Landed on inbound with the assignment part removed:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ab3f805f3210

(In reply to Benoit Girard (:BenWa) from comment #3)
> Kats, the reason these API return 'this' is to allow chaining
> X.And(...).Or(...).

That makes sense, but I still don't think it makes sense to be passing in the object itself as the first parameter. That's just confusing :)
Comment 5 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-18 18:23:13 PDT
Also noming for fennec blocker; this prevents a crash (I was able to reproduce the crash pretty easily by panning around on http://www.bbc.co.uk/persian/mobile/index.shtml with the patches from bug 748384 applied on the SGS 2).
Comment 6 Benoit Girard (:BenWa) 2012-05-18 18:24:00 PDT
(In reply to Kartikaya Gupta (:kats) from comment #4)
Agreed :)
Comment 7 Matt Brubeck (:mbrubeck) 2012-05-19 06:41:57 PDT
https://hg.mozilla.org/mozilla-central/rev/ab3f805f3210
Comment 8 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-21 06:41:27 PDT
Comment on attachment 625196 [details] [diff] [review]
Patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 739679
User impact if declined: possible crash in some cases
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): low-risk 
String or UUID changes made by this patch: none
Comment 9 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-22 12:47:43 PDT
https://hg.mozilla.org/releases/mozilla-aurora/rev/a5ef446a214c

Note You need to log in before you can comment on or make changes to this bug.