Last Comment Bug 758533 - crash in nsDisplayBackground::TryOptimizeToImageLayer
: crash in nsDisplayBackground::TryOptimizeToImageLayer
Status: RESOLVED FIXED
[startupcrash]
: crash, regression
Product: Core
Classification: Components
Component: Layout (show other bugs)
: 15 Branch
: x86 Windows 7
: -- critical (vote)
: mozilla16
Assigned To: David Zbarsky (:dzbarsky)
:
: Jet Villegas (:jet)
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-25 01:27 PDT by Scoobidiver (away)
Modified: 2012-06-12 03:08 PDT (History)
6 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch (979 bytes, patch)
2012-06-10 13:22 PDT, David Zbarsky (:dzbarsky)
gal: review+
Details | Diff | Splinter Review

Description Scoobidiver (away) 2012-05-25 01:27:07 PDT
It first appeared in 15.0a1/20120523164348. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=36e938e51481&tochange=d499dc65cdab

Signature 	nsDisplayBackground::TryOptimizeToImageLayer(nsDisplayListBuilder*) More Reports Search
UUID	7193cc64-7571-43bc-81ce-a4d0c2120524
Date Processed	2012-05-24 19:21:56
Uptime	6
Last Crash	17 seconds before submission
Install Age	3.4 minutes since version was first installed.
Install Time	2012-05-24 19:18:30
Product	Firefox
Version	15.0a1
Build ID	20120523164348
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 42 stepping 7
Crash Reason	EXCEPTION_ACCESS_VIOLATION_EXEC
Crash Address	0x4
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0126, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.862.4.4000
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers+ 
EMCheckCompatibility	True	
Total Virtual Memory	4294836224
Available Virtual Memory	3751473152
System Memory Use Percentage	29
Available Page File	13269147648
Available Physical Memory	6011637760

Frame 	Module 	Signature 	Source
0 		@0x4 	
1 	xul.dll 	nsDisplayBackground::TryOptimizeToImageLayer 	layout/base/nsDisplayList.cpp:1137
2 	xul.dll 	mozilla::`anonymous namespace'::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1620
3 	xul.dll 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2141
4 	xul.dll 	nsWindow::GetLayerManager 	widget/windows/nsWindow.cpp:3204
5 	nspr4.dll 	PR_GetThreadPrivate 	nsprpub/pr/src/threads/prtpd.c:200
6 	xul.dll 	nsDisplayList::ComputeVisibilityForRoot 	layout/base/nsDisplayList.cpp:434
7 	xul.dll 	nsDisplayBackground::HitTest 	layout/base/nsDisplayList.cpp:1241

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsDisplayBackground%3A%3ATryOptimizeToImageLayer%28nsDisplayListBuilder*%29
https://crash-stats.mozilla.com/report/list?signature=nsImageRenderer%3A%3AGetContainer%28%29
Comment 1 Mats Palmgren (:mats) 2012-05-25 14:49:54 PDT
The GetContainer call was added in bug 756813 and merged to m-c the 22nd.
http://hg.mozilla.org/mozilla-central/annotate/d499dc65cdab/layout/base/nsDisplayList.cpp#l1137

Does GetContainer() need a "if (mType != eStyleImageType_Image) return false;"
like IsRasterImage() above it?
http://hg.mozilla.org/mozilla-central/annotate/d499dc65cdab/layout/base/nsCSSRendering.cpp#l4081
Comment 2 Mats Palmgren (:mats) 2012-06-08 10:08:21 PDT
Andreas, it looks like you added GetContainer() in bug 750172.
Do you know the answer to the question in comment 1?
Comment 3 Mats Palmgren (:mats) 2012-06-09 15:27:42 PDT
dzbarsky, maybe you can take a look?
Comment 4 David Zbarsky (:dzbarsky) 2012-06-09 16:20:13 PDT
Ok, I'll try reproducing on Windows
Comment 5 Andreas Gal :gal 2012-06-09 16:22:58 PDT
Yeah, we should check with IsRasterImage or as Mats suggests directly in GetContainer.
Comment 6 David Zbarsky (:dzbarsky) 2012-06-09 16:26:08 PDT
Yep, that seems like it would fix it but I want to check before and after to make sure this will fix the crash.
Comment 7 David Zbarsky (:dzbarsky) 2012-06-10 13:22:50 PDT
Created attachment 631767 [details] [diff] [review]
Patch

I couldn't reproduce the bug, but this should hopefully fix it.
Comment 8 Andreas Gal :gal 2012-06-10 17:28:18 PDT
Comment on attachment 631767 [details] [diff] [review]
Patch

Review of attachment 631767 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks dz.
Comment 9 David Zbarsky (:dzbarsky) 2012-06-10 17:47:49 PDT
https://hg.mozilla.org/integration/mozilla-inbound/rev/b7fd38dad196
Comment 10 Graeme McCutcheon [:graememcc] 2012-06-12 03:08:06 PDT
https://hg.mozilla.org/mozilla-central/rev/b7fd38dad196

Note You need to log in before you can comment on or make changes to this bug.