Closed Bug 785604 Opened 13 years ago Closed 9 years ago

crash in imgFrame::Init @ gfxImageSurface::gfxImageSurface

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
16 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression, steps-wanted)

Crash Data

It's #19 top browser crasher in 16.0a2 with other crashes that share this signature. Signature moz_abort | arena_run_split More Reports Search UUID 2e332a41-2268-4924-b35c-e3a2f2120825 Date Processed 2012-08-25 03:17:07 Uptime 3397 Last Crash 57.3 minutes before submission Install Age 56.6 minutes since version was first installed. Install Time 2012-08-25 02:19:54 Product Firefox Version 16.0a2 Build ID 20120824042011 Release Channel aurora OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info AuthenticAMD family 16 model 6 stepping 3 Crash Reason EXCEPTION_BREAKPOINT Crash Address 0x74bd1c09 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x9712, AdapterSubsysID: 04891025, AdapterDriverVersion: 8.783.2.0 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Processor Notes This dump is too long and has triggered the automatic truncation routine EMCheckCompatibility True Adapter Vendor ID 0x1002 Adapter Device ID 0x9712 Total Virtual Memory 4294836224 Available Virtual Memory 3647029248 System Memory Use Percentage 92 Available Page File 76038144 Available Physical Memory 311865344 Frame Module Signature Source 0 mozglue.dll moz_abort memory/build/extraMallocFuncs.c:114 1 mozglue.dll arena_run_split memory/mozjemalloc/jemalloc.c:3374 2 mozglue.dll arena_malloc_large memory/mozjemalloc/jemalloc.c:4163 3 mozglue.dll je_malloc memory/mozjemalloc/jemalloc.c:6291 4 xul.dll gfxImageSurface::gfxImageSurface gfx/thebes/gfxImageSurface.cpp:111 5 xul.dll imgFrame::Init image/src/imgFrame.cpp:192 6 xul.dll mozilla::image::RasterImage::InternalAddFrame image/src/RasterImage.cpp:1044 7 xul.dll mozilla::image::RasterImage::EnsureFrame image/src/RasterImage.cpp:1147 8 xul.dll mozilla::image::nsJPEGDecoder::WriteInternal image/decoders/nsJPEGDecoder.cpp:361 9 xul.dll mozilla::image::RasterImage::WriteToDecoder image/src/RasterImage.cpp:2382 10 xul.dll mozilla::image::RasterImage::SyncDecode image/src/RasterImage.cpp:2531 11 xul.dll mozilla::image::RasterImage::RequestDecode image/src/RasterImage.cpp:2483 12 xul.dll imgRequestProxy::RequestDecode image/src/imgRequestProxy.cpp:315 13 xul.dll LockEnumerator content/base/src/nsDocument.cpp:8314 14 xul.dll nsBaseHashtable<nsDepCharHashKey,xptiInterfaceEntry*,xptiInterfaceEntry*>::s_Enu obj-firefox/dist/include/nsBaseHashtable.h:400 15 xul.dll PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:715 16 xul.dll nsDocument::SetImageLockingState content/base/src/nsDocument.cpp:8342 17 xul.dll PresShell::SetIsActive layout/base/nsPresShell.cpp:8960 18 xul.dll nsDocShell::SetIsActive docshell/base/nsDocShell.cpp:5014 19 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70 20 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2418 21 xul.dll XPCWrappedNative::SetAttribute js/xpconnect/src/xpcprivate.h:2819 22 xul.dll XPC_WN_GetterSetter js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1514 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split
Presumably this is an OOM or Out-of-address-space? Points to http://hg.mozilla.org/releases/mozilla-aurora/annotate/128124e804df/memory/mozjemalloc/jemalloc.c#l1955 which only aborts if VirtualAlloc or mmap fail.
Keywords: needURLs
Is this generally only seen on D2D enabled builds? Or are there also non-D2D builds in there?
(In reply to Bas Schouten (:bas) from comment #3) > Is this generally only seen on D2D enabled builds? Or are there also non-D2D > builds in there? There are so many different crashes behind this crash signature that it's hard to find one with the stack trace in comment 0. The fix of bug 778404 would help a lot.
I tried reaching out to a couple of users who reported this crash, and which seemed to list specific steps that got them into this problem, but I haven't heard back. Reading the comments you can see that a lot of people were just using Facebook or Gmail and the browser suddenly crashes with no apparent associated action.
Crash Signature: [@ moz_abort | arena_run_split] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface]
Crash Signature: [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)]
With the skiplist, we know now the right ranking: #97 in 19.0.2, #64 in 20.0b6, and #136 in 21.0a2 (In reply to Bas Schouten (:bas.schouten) from comment #3) > Is this generally only seen on D2D enabled builds? Or are there also non-D2D > builds in there? It's not related to Direct2D because 68% of crashes happen on Windows XP. It has more to do with images in secure connections and I think ImageLib is the right component. See: moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)|EXCEPTION_BREAKPOINT (142 crashes) 100% (142/142) vs. 49% (86615/177218) shdocvw.dll 100% (142/142) vs. 52% (92823/177218) nssckbi.dll 100% (142/142) vs. 53% (94773/177218) freebl3.dll 100% (142/142) vs. 53% (94808/177218) nssdbm3.dll 100% (142/142) vs. 54% (94859/177218) softokn3.dll 100% (142/142) vs. 55% (97462/177218) winrnr.dll More reports at: https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split+|+arena_malloc_large+|+je_malloc+|+gfxImageSurface%3A%3AgfxImageSurface%28nsIntSize+const%26%2C+gfxASurface%3A%3AgfxImageFormat%2C+bool%29 https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split+|+arena_malloc_large+|+je_malloc+|+arena_bin_nonfull_run_get+|+gfxImageSurface%3A%3AgfxImageSurface%28nsIntSize+const%26%2C+gfxASurface%3A%3AgfxImageFormat%2C+bool%29
Crash Signature: [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | ar…
Component: Graphics → ImageLib
OS: Windows 7 → Windows XP
Summary: crash in gfxImageSurface::gfxImageSurface → crash in imgFrame::Init @ gfxImageSurface::gfxImageSurface
Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20130723 Firefox/25.0 Tested on 21.0.1 (buildID: 20130409194949) and latest Nightly (buildID: 20130723030205) with all the URLs from comment 2 with a special attention to facebook and gmail as stated in comment 5. I was not able to reproduce the issue using a clean profile and a dirty one as well. Is there anything I can help with further one here?
Crash Signature: , bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | arena_bin_nonfull_run_get | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool) ] → , bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | arena_bin_nonfull_run_get | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool) ] [@ moz_abort | arena_run_split | arena_malloc_large | je_mallo…
I am closing this bug as there are no recent reports with a currently supported version of Firefox.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.