Coalescing upload region can cause us to try to upload outside the valid region

RESOLVED FIXED in Firefox 14

Status

()

Core
Graphics: Layers
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: BenWa, Assigned: kats)

Tracking

unspecified
mozilla15
x86
Mac OS X
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox14 fixed, firefox15 fixed, blocking-fennec1.0 soft)

Details

(Whiteboard: [qa-])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Coalescing upload region can cause us to try to upload outside the valid region. This happens when we get two paints from a layer at different offset back-to-back before we process the upload. We have to be careful that we only try to upload the region that is valid when coalescing these regions.
Created attachment 625196 [details] [diff] [review]
Patch

Since BenWa pretty much wrote this patch, asking ali for a review
Attachment #625196 - Flags: review?(ajuma)
Blocks: 748384

Comment 2

5 years ago
Comment on attachment 625196 [details] [diff] [review]
Patch

Review of attachment 625196 [details] [diff] [review]:
-----------------------------------------------------------------

::: gfx/layers/opengl/TiledThebesLayerOGL.cpp
@@ +167,5 @@
>    }
>  
> +  // If we coalesce uploads while the layers' valid region is changing we will
> +  // end up trying to upload area outside of the valid region. (bug 756555)
> +  mRegionToUpload = mRegionToUpload.And(mRegionToUpload, mMainMemoryTiledBuffer.GetValidRegion());

The assignment is just self-assignment here, so it isn't needed.
Attachment #625196 - Flags: review?(ajuma) → review+
(Reporter)

Comment 3

5 years ago
Kats, the reason these API return 'this' is to allow chaining X.And(...).Or(...).
Landed on inbound with the assignment part removed:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ab3f805f3210

(In reply to Benoit Girard (:BenWa) from comment #3)
> Kats, the reason these API return 'this' is to allow chaining
> X.And(...).Or(...).

That makes sense, but I still don't think it makes sense to be passing in the object itself as the first parameter. That's just confusing :)
status-firefox14: --- → affected
status-firefox15: --- → fixed
Target Milestone: --- → mozilla15
Also noming for fennec blocker; this prevents a crash (I was able to reproduce the crash pretty easily by panning around on http://www.bbc.co.uk/persian/mobile/index.shtml with the patches from bug 748384 applied on the SGS 2).
blocking-fennec1.0: --- → ?
Assignee: nobody → bugmail.mozilla
(Reporter)

Comment 6

5 years ago
(In reply to Kartikaya Gupta (:kats) from comment #4)
Agreed :)
https://hg.mozilla.org/mozilla-central/rev/ab3f805f3210
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
No longer blocks: 748384

Updated

5 years ago
Blocks: 748384
Blocks: 739679
Comment on attachment 625196 [details] [diff] [review]
Patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 739679
User impact if declined: possible crash in some cases
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): low-risk 
String or UUID changes made by this patch: none
Attachment #625196 - Flags: approval-mozilla-aurora?
blocking-fennec1.0: ? → soft
Attachment #625196 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/a5ef446a214c
status-firefox14: affected → fixed

Updated

5 years ago
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.