Closed
Bug 789933
Opened 12 years ago
Closed 12 years ago
crash in mozilla::gfx::DrawTargetCairo::Stroke
Categories
(Core :: Graphics: Canvas2D, defect)
Tracking
()
VERIFIED
FIXED
mozilla20
People
(Reporter: marcia, Assigned: bas.schouten)
References
()
Details
(5 keywords)
Crash Data
Attachments
(2 files)
1.01 KB,
patch
|
nrc
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
1.14 KB,
patch
|
bas.schouten
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-a51c4a2d-7f81-498d-add7-e50322120910 . ============================================================= Seen while looking at crash stats. Crashes started showing up using the 2012090103 build. One comment mentions "Error occured while printing one page of a pdf." Possible regression range based on crash stats: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fcc533f691e9&tochange=a21fd4d085ad More reports: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Agfx%3A%3ADrawTargetCairo%3A%3AStroke%28mozilla%3A%3Agfx%3A%3APath%20const*%2C%20mozilla%3A%3Agfx%3A%3APattern%20const%26%2C%20mozilla%3A%3Agfx%3A%3AStrokeOptions%20const%26%2C%20mozilla%3A%3Agfx%3A%3ADrawOptions%20const%26%29 Frame Module Signature Source 0 gkmedias.dll mozilla::gfx::DrawTargetCairo::Stroke gfx/2d/DrawTargetCairo.cpp:604 1 xul.dll nsCanvasRenderingContext2DAzure::UsedOperation content/canvas/src/nsCanvasRenderingContext2DAzure.h:763 2 xul.dll nsCanvasBidiProcessorAzure::DrawText content/canvas/src/nsCanvasRenderingContext2DAzure.cpp:3119
Comment 1•12 years ago
|
||
The stack trace in comment 0 is a 64-bit one. Here are the first frames of a 32-bit stack trace: Frame Module Signature Source 0 gkmedias.dll mozilla::gfx::DrawTargetCairo::Stroke gfx/2d/DrawTargetCairo.cpp:604 1 xul.dll nsCanvasBidiProcessorAzure::DrawText content/canvas/src/nsCanvasRenderingContext2DAzure.cpp:3119 2 xul.dll nsBidiPresUtils::ProcessText layout/base/nsBidiPresUtils.cpp:1860 3 xul.dll nsCanvasRenderingContext2DAzure::DrawOrMeasureText content/canvas/src/nsCanvasRenderingContext2DAzure.cpp:3363 4 xul.dll nsCanvasRenderingContext2DAzure::StrokeText content/canvas/src/nsCanvasRenderingContext2DAzure.cpp:2928 5 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::strokeText obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:1052 6 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::genericMethod obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:2573 7 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:344 8 mozjs.dll js::Invoke js/src/jsinterp.cpp:388 (In reply to Marcia Knous [:marcia] from comment #0) > Possible regression range based on crash stats: > http://hg.mozilla.org/mozilla-central/ > pushloghtml?fromchange=fcc533f691e9&tochange=a21fd4d085ad I disagree. Indeed, it first appeared in 17.0a1/20120808. The regression range might be: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1bbc0b65dffb&tochange=e55638d4037a It might be a regression from bug 777292.
Component: Graphics → Canvas: 2D
Version: 18 Branch → 17 Branch
Comment 2•12 years ago
|
||
The only bug 777292 changesets I see in that range only touch security/manager/. Also, neither of them should be a functional change. Why do you think they'd cause a crash in gfx?
Comment 3•12 years ago
|
||
(In reply to :Aryeh Gregor from comment #2) > The only bug 777292 changesets I see in that range only touch > security/manager/. Also, neither of them should be a functional change. > Why do you think they'd cause a crash in gfx? Because of http://hg.mozilla.org/mozilla-central/annotate/1cb30394aa56/content/canvas/src/nsCanvasRenderingContext2DAzure.cpp#l2928 that says the code has been changed by this bug.
Comment 4•12 years ago
|
||
The changeset summary is actually wrong -- that changeset is for bug 626472. There are no changesets from bug 626472 in the range. The only change I made to that file was s/nsnull/nullptr/ (literally just using sed), and at the time nsnull was a #define for nullptr, so it was a no-op as far as the compiler saw. You'll have to look elsewhere for the culprit, I'm afraid. (I hope people don't start routinely CCing me on bugs because bug 626472 was the last thing to touch a line.)
Comment 5•12 years ago
|
||
It's #136 top browser crasher in 17.0a2 and #8 in 18.0a1 (without hangs to compare the same way the two channels). STR: 1. Load the ref. URL 2. Print the document => bp-38bbf224-679e-46ac-8c39-4bbba2120929
Updated•12 years ago
|
Comment 6•12 years ago
|
||
Since this is already reproducible, sending over to Joe to investigate. Feel free to re-assign if you don't have the time to help out.
Updated•12 years ago
|
Assignee: joe → ajones
Comment 7•12 years ago
|
||
Looks like scaledFont->GetPathForGlyphs() is returning nullptr. It is possibly caused by scaledFont being the wrong font type for the DrawTarget, that is not a Cairo font. This is the code segment from nsCanvasBidiProcessorAzure::DrawText() RefPtr<Path> path = scaledFont->GetPathForGlyphs(buffer, mCtx->mTarget); const ContextState& state = *mState; AdjustedTarget(mCtx, &bounds)-> Stroke(path, CanvasGeneralPattern(). ForStyle(mCtx, nsCanvasRenderingContext2DAzure::STYLE_STROKE, mCtx->mTarget), StrokeOptions(state.lineWidth, state.lineJoin, state.lineCap, state.miterLimit, state.dash.Length(), state.dash.Elements(), state.dashOffset), DrawOptions(state.globalAlpha, mCtx->UsedOperation()));
Assignee: ajones → ncameron
Comment 8•12 years ago
|
||
This is pretty low volume on beta or aurora, not happening at all on 16 and older, but it is appearing with constant volume on trunk, be it 18 or 19.
Keywords: topcrash
Comment 9•12 years ago
|
||
It's a top crash in the trunk because of 64-bit builds that are more impacted, but indeed it's now a low volume on Beta and Aurora.
Updated•12 years ago
|
Comment 10•12 years ago
|
||
I just tried to reproduce this and couldn't - do I need to set any prefs? I tried opening the URL and printing one page. Do I need to do anything else?
Updated•12 years ago
|
Keywords: csec-nullptr
Comment 11•12 years ago
|
||
Marcia of Scoobidiver: is this bug still appearing in our crash stats? Can anyone reproduce this?
Flags: needinfo?
Comment 12•12 years ago
|
||
(In reply to Nick Cameron [:nrc] from comment #11) > Marcia of Scoobidiver: is this bug still appearing in our crash stats? Yes. See the link in comment 0. > Can anyone reproduce this? Yes with the STR in comment 5: bp-4445f7d5-e644-45b9-821e-fbc7f2121129.
Flags: needinfo?
Comment 13•12 years ago
|
||
It's #6 top browser crasher in 19.0a2.
tracking-firefox19:
--- → ?
Keywords: topcrash
Comment 14•12 years ago
|
||
And it's the #5 topcrash over builds of the last 3 days on 20.a1 trunk. Nick, any chance of progress here?
tracking-firefox20:
--- → ?
Comment 15•12 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #14) > And it's the #5 topcrash over builds of the last 3 days on 20.a1 trunk. > Nick, any chance of progress here? Hi, yep just rolled a build for this yesterday and will try to do a bit of investigation today. My issue has been that I haven't been able to reproduce before, but I'll see what I can do today.
Assignee | ||
Comment 16•12 years ago
|
||
This should fix the bug.
Comment 17•12 years ago
|
||
Comment on attachment 688477 [details] [diff] [review] Support non-D2D targets for getting a Path off ScaledFontDWrite Review of attachment 688477 [details] [diff] [review]: ----------------------------------------------------------------- Fixes the bug (which I finally managed to reproduce)
Attachment #688477 -
Flags: review?(ncameron) → review+
Assignee | ||
Comment 18•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/e9bfe1b6ab08
Comment 20•12 years ago
|
||
Attachment #688648 -
Flags: review?(bas)
Assignee | ||
Comment 22•12 years ago
|
||
Comment on attachment 688648 [details] [diff] [review] test Review of attachment 688648 [details] [diff] [review]: ----------------------------------------------------------------- We'll soon support 16384 on some platforms. Might want to size up the width or height to 20000, it's fine to half the other dimension to conserve memory.
Attachment #688648 -
Flags: review?(bas) → review+
Updated•12 years ago
|
status-firefox19:
--- → affected
status-firefox20:
--- → affected
Comment 23•12 years ago
|
||
crashtest: https://hg.mozilla.org/integration/mozilla-inbound/rev/6400692c072e
Whiteboard: [leave open]
Comment 24•12 years ago
|
||
Comment on attachment 688648 [details] [diff] [review] test [Approval Request Comment] Bug caused by (feature/regressing bug #): User impact if declined: crash on printing large documents Testing completed (on m-c, etc.): m-c Risk to taking this patch (and alternatives if risky): low String or UUID changes made by this patch: none
Attachment #688648 -
Flags: approval-mozilla-aurora?
Comment 25•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6400692c072e
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Updated•12 years ago
|
Attachment #688648 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 26•12 years ago
|
||
Umm, landing the test for Aurora only seems sensible if we also land the bugfix :).
Comment 27•12 years ago
|
||
Comment on attachment 688477 [details] [diff] [review] Support non-D2D targets for getting a Path off ScaledFontDWrite see above ^^^
Attachment #688477 -
Flags: approval-mozilla-aurora?
Comment 28•12 years ago
|
||
(In reply to Bas Schouten (:bas.schouten) from comment #26) > Umm, landing the test for Aurora only seems sensible if we also land the > bugfix :). Yeah, may have a? the wrong patch there, d'oh.
Updated•12 years ago
|
Attachment #688477 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 29•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/93590c0181c4 https://hg.mozilla.org/releases/mozilla-aurora/rev/78dfb6b50af0
Comment 30•12 years ago
|
||
It looks like we had no crashes with this signature with Aurora builds from the 10th, but we need to keep watching this.
Comment 32•12 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0 Build ID: 20130109111322 Verified as fixed on Firefox 19.0b1
Status: RESOLVED → VERIFIED
Updated•11 years ago
|
Comment 33•11 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0 Also verified as fixed on Firefox 20 beta 1.
You need to log in
before you can comment on or make changes to this bug.
Description
•