Closed
Bug 795234
Opened 13 years ago
Closed 13 years ago
crash in _pixman_implementation_fill
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla18
| Tracking | Status | |
|---|---|---|
| firefox17 | --- | unaffected |
| firefox18 | + | fixed |
| firefox-esr10 | --- | unaffected |
People
(Reporter: scoobidiver, Assigned: blassey)
References
Details
(5 keywords, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
|
2.04 KB,
patch
|
snorp
:
review+
|
Details | Diff | Splinter Review |
It's similar to bug 711852 that happened from time to time.
This one spiked from 18.0a1/20120927030539. The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ca4af4af5334&tochange=b038e9e2023f
Signature libxul.so@0xc8eee8 | arm_neon_fill More Reports Search
UUID 518be21b-a997-4ac1-8e68-e14142120928
Date Processed 2012-09-28 07:07:57
Uptime 15
Last Crash 23 seconds before submission
Install Age 15.7 hours since version was first installed.
Install Time 2012-09-27 15:26:20
Product FennecAndroid
Version 18.0a1
Build ID 20120927030539
Release Channel nightly
OS Android
OS Version 0.0.0 Linux 2.6.39.4-00003-gafee6c5 #1 SMP PREEMPT Mon Jun 4 19:59:08 CST 2012 armv7l asus/JP_epad/TF300T:4.0.3/IML74K/JP_epad-9.4.3.30-20120604:user/release-keys
Build Architecture arm
Build Architecture Info
Crash Reason SIGSEGV
Crash Address 0x64311800
App Notes
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra 3 -- OpenGL ES 2.0 14.01002 -- Model: ASUS Pad TF300T, Product: JP_epad, Manufacturer: asus, Hardware: cardhu'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+
asus ASUS Pad TF300T
asus/JP_epad/TF300T:4.0.3/IML74K/JP_epad-9.4.3.30-20120604:user/release-keys
Processor Notes This dump is too long and has triggered the automatic truncation routine
EMCheckCompatibility True
Adapter Vendor ID NVIDIA Corporation
Adapter Device ID NVIDIA Tegra 3
Device asus ASUS Pad TF300T
Android API Version 15 (REL)
Android CPU ABI armeabi-v7a
Frame Module Signature Source
0 libxul.so libxul.so@0xc8eee8
1 libxul.so arm_neon_fill pixman-arm-neon.c:226
2 libxul.so _pixman_implementation_fill pixman-implementation.c:182
3 libxul.so delegate_fill pixman-implementation.c:62
4 libxul.so _pixman_implementation_fill pixman-implementation.c:182
5 libxul.so _moz_pixman_fill pixman.c:772
6 libxul.so _clip_and_composite_boxes cairo-image-surface.c:2938
7 libxul.so _cairo_image_surface_paint cairo-image-surface.c:3290
8 libxul.so _cairo_surface_paint cairo-surface.c:2109
9 libxul.so _cairo_gstate_fill cairo-gstate.c:1285
10 libxul.so _moz_cairo_fill_preserve cairo.c:2459
11 libxul.so gfxContext::Fill gfxContext.cpp:308
12 libxul.so nsRenderingContext::FillRect nsRenderingContext.cpp:332
13 libxul.so nsDisplayCanvasBackground::Paint nsCanvasFrame.cpp:207
14 libxul.so mozilla::FrameLayerBuilder::DrawThebesLayer FrameLayerBuilder.cpp:3020
15 libxul.so mozilla::layers::BasicThebesLayer::PaintThebes BasicThebesLayer.cpp:139
16 libxul.so mozilla::layers::BasicLayerManager::PaintSelfOrChildren BasicLayerManager.cpp:825
17 libxul.so mozilla::layers::BasicLayerManager::PaintLayer BasicLayerManager.cpp:944
18 libxul.so mozilla::layers::BasicLayerManager::PaintSelfOrChildren BasicLayerManager.cpp:840
19 libxul.so mozilla::layers::BasicLayerManager::PaintLayer BasicLayerManager.cpp:944
20 libxul.so mozilla::layers::BasicLayerManager::EndTransactionInternal BasicLayerManager.cpp:588
21 libxul.so mozilla::layers::BasicLayerManager::EndTransaction BasicLayerManager.cpp:509
22 libxul.so nsDisplayList::PaintForFrame nsDisplayList.cpp:1068
23 libxul.so nsDisplayList::PaintRoot nsDisplayList.cpp:956
24 libxul.so nsLayoutUtils::PaintFrame nsLayoutUtils.cpp:1743
25 libxul.so PresShell::RenderDocument nsPresShell.cpp:4361
26 libxul.so mozilla::AndroidBridge::TakeScreenshot AndroidBridge.cpp:2495
27 libxul.so ScreenshotRunnable::Run nsAppShell.cpp:89
...
More reports at:
https://crash-stats.mozilla.com/query/query?product=FennecAndroid&query_search=signature&query_type=contains&query=arm_neon_fill&do_query=1
|
Reporter | |
Updated•13 years ago
|
Crash Signature: [@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill] → [@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill]
[@ libxul.so@0xc90ce8 | arm_neon_fill]
|
|
Reporter | |
Comment 1•13 years ago
|
||
More reports also at: https://crash-stats.mozilla.com/report/list?signature=fast_path_fill
It might be a regression from bug 794200.
Crash Signature: [@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill]
[@ libxul.so@0xc90ce8 | arm_neon_fill] → [@ fast_path_fill ]
[@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill]
[@ libxul.so@0xc90ce8 | arm_neon_fill]
Summary: crash in arm_neon_fill → crash in _pixman_implementation_fill
|
|
Reporter | |
Comment 2•13 years ago
|
||
With combined signatures, it's #3 top crasher over the last 3 days.
|
|
Reporter | |
Updated•13 years ago
|
Crash Signature: [@ fast_path_fill ]
[@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill]
[@ libxul.so@0xc90ce8 | arm_neon_fill] → [@ fast_path_fill ]
[@ libxul.so@0xc8eee8 | arm_neon_fill]
[@ libxul.so@0xc8ece8 | arm_neon_fill]
[@ libxul.so@0xc8edac | arm_neon_fill]
[@ libxul.so@0xc8eec8 | arm_neon_fill]
[@ libxul.so@0xc90ce8 | arm_neon_fill]
[@ libxul.so@0xc9dbf0 | arm_neon_…
|
|
Reporter | |
Updated•13 years ago
|
Blocks: 711852
Crash Signature: arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill] → arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_over_n_8_0565]
[@ libxul.so@0xc8b1f8 | neon_composite_over_n_0565]
[@ libxul.so@0xc8af7c | fast_composite_scaled_bilin…
|
|
Reporter | |
Updated•13 years ago
|
Crash Signature: arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_over_n_8_0565]
[@ libxul.so@0xc8b1f8 | neon_composite_over_n_0565]
[@ libxul.so@0xc8af7c | fast_composite_scaled_bilin… → arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xca2030 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_over_n_8_0565]
[@ libxul.so@0xc8b1f8 | neon_composite_over_n_0565]
[@ libxul.s…
|
||
Updated•13 years ago
|
status-firefox18:
--- → affected
|
||
Comment 5•13 years ago
|
||
Joe - Got anyone to take a look?
|
Assignee | |
Comment 6•13 years ago
|
||
Looks like we're crashing because we're trying to draw the screenshot to a buffer that's already been freed
Assignee: nobody → blassey.bugs
Attachment #667338 -
Flags: review?(snorp)
|
|
Reporter | |
Updated•13 years ago
|
Crash Signature: arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xca2030 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_over_n_8_0565]
[@ libxul.so@0xc8b1f8 | neon_composite_over_n_0565]
[@ libxul.s… → arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xca2030 | arm_neon_fill]
[@ libxul.so@0xca3d70 | arm_neon_fill]
[@ libxul.so@0xca3d44 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_…
|
||
Updated•13 years ago
|
Attachment #667338 -
Flags: review?(snorp) → review+
|
||
Updated•13 years ago
|
|
||
Comment 7•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
|
|
Reporter | |
Updated•13 years ago
|
Crash Signature: arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xca2030 | arm_neon_fill]
[@ libxul.so@0xca3d70 | arm_neon_fill]
[@ libxul.so@0xca3d44 | arm_neon_fill]
[@ libxul.so@0xc9eee4 | neon_composite_… → arm_neon_fill]
[@ libxul.so@0xc9dbc4 | arm_neon_fill]
[@ libxul.so@0xc9fc70 | arm_neon_fill]
[@ libxul.so@0xca2030 | arm_neon_fill]
[@ libxul.so@0xca3d70 | arm_neon_fill ]
[@ libxul.so@0xca3d44 | arm_neon_fill ]
[@ libxul.so@0xca3970 | arm_neon_fill…
Looks like a 18 only crash.
|
||
Updated•13 years ago
|
|
||
Updated•12 years ago
|
tracking-fennec: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•