Closed
Bug 853959
Opened 11 years ago
Closed 11 years ago
crash in mozilla::gfx::DrawTargetD2D::DrawSurface @ DrawingContext::DrawBitmap
Categories
(Core :: Graphics: Canvas2D, defect)
Tracking
()
People
(Reporter: scoobidiver, Assigned: bas.schouten)
References
Details
(Keywords: crash, testcase)
Crash Data
It's #57 browser crasher in 19.0.2, #72 in 20.0b5, #30 in 21.0a2 and #120 in 22.0a1. Signature DrawingContext::DrawBitmap(ID2D1Bitmap*, D2D_RECT_F const*, float, D2D1_BITMAP_INTERPOLATION_MODE, D2D_RECT_F const*) More Reports Search UUID a062e5f1-2473-43a4-b540-c1b342130322 Date Processed 2013-03-22 09:28:55 Uptime 816 Last Crash more than 3 months before submission Install Age 5.2 hours since version was first installed. Install Time 2013-03-22 04:16:31 Product Firefox Version 21.0a2 Build ID 20130321042014 Release Channel aurora OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0116, AdapterSubsysID: 04b01028, AdapterDriverVersion: 8.15.10.2253 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ D2D- D3D10 Layers- D3D9 Layers? D3D9 Layers- D3D9 Layers+ Processor Notes sp-processor08.phx1.mozilla.com_14835:2008 EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0116 Total Virtual Memory 4294836224 Available Virtual Memory 3526017024 System Memory Use Percentage 57 Available Page File 1824194560 Available Physical Memory 1798598656 Frame Module Signature Source 0 d2d1.dll DrawingContext::DrawBitmap 1 d2d1.dll D2DDeviceContextBase<ID2D1HwndRenderTarget,ID2D1HwndRenderTarget,ID2D1DeviceCont 2 gkmedias.dll mozilla::gfx::DrawTargetD2D::DrawSurface gfx/2d/DrawTargetD2D.cpp:328 3 xul.dll mozilla::dom::CanvasRenderingContext2D::DrawImage content/canvas/src/CanvasRenderingContext2D.cpp:2998 4 xul.dll mozilla::dom::CanvasRenderingContext2D::DrawImage content/canvas/src/CanvasRenderingContext2D.cpp:2998 5 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::drawImage obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:1813 6 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::genericMethod obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:3553 7 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:367 8 mozjs.dll js::Interpret js/src/jsinterp.cpp:2344 9 mozjs.dll js::RunScript js/src/jsinterp.cpp:316 10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:381 11 mozjs.dll js::Invoke js/src/jsinterp.cpp:414 12 mozjs.dll js::CrossCompartmentWrapper::call js/src/jswrapper.cpp:662 13 mozjs.dll proxy_Call js/src/jsproxy.cpp:2972 14 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:360 15 mozjs.dll js::Invoke js/src/jsinterp.cpp:414 16 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5737 17 xul.dll mozilla::dom::EventHandlerNonNull::Call obj-firefox/dom/bindings/EventHandlerBinding.cpp:48 18 xul.dll mozilla::dom::EventHandlerNonNull::Call<nsISupports*> obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:59 19 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:58 20 xul.dll TimerAdditionComparator::LessThan xpcom/threads/TimerThread.h:110 21 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:578 22 xul.dll TimerThread::AddTimerInternal xpcom/threads/TimerThread.cpp:422 More reports at: https://crash-stats.mozilla.com/report/list?signature=DrawingContext%3A%3ADrawBitmap%28ID2D1Bitmap*%2C+D2D_RECT_F+const*%2C+float%2C+D2D1_BITMAP_INTERPOLATION_MODE%2C+D2D_RECT_F+const*%29
Comment 1•11 years ago
|
||
khuey pointed me at a reliable testcase for this: http://people.mozilla.org/~khuey/#test=bigimage This basically calls a lot of canvas.drawImage, I think with canvas sources. https://crash-stats.mozilla.com/report/index/bp-8e5b3fef-e48f-46a3-a83d-c430d2130418 If I trust my debugger, at http://hg.mozilla.org/mozilla-central/annotate/1d9c510b3742/gfx/2d/DrawTargetD2D.cpp#l328 we appear to be passing a srcRect of 0,0,0,0. I haven't checked a debug build yet.
Reporter | ||
Comment 2•11 years ago
|
||
It's now #29 browser crasher in 21.0, #16 in 22.0b4, #17 in 23.0a2, and #24 in 24.0a1.
status-firefox21:
--- → affected
status-firefox22:
--- → affected
status-firefox23:
--- → affected
status-firefox24:
--- → affected
tracking-firefox22:
--- → ?
tracking-firefox23:
--- → ?
Reporter | ||
Comment 3•11 years ago
|
||
Here are interesting correlations in 22.0: 100% (248/248) vs. 16% (5995/37906) d2d1.dll 4% (11/248) vs. 2% (705/37906) 6.1.7600.16385 1% (2/248) vs. 1% (300/37906) 6.1.7600.16972 2% (5/248) vs. 1% (525/37906) 6.1.7601.17514 2% (5/248) vs. 1% (558/37906) 6.1.7601.17563 4% (9/248) vs. 0% (174/37906) 6.2.9200.16384 22% (54/248) vs. 2% (610/37906) 6.2.9200.16420 65% (162/248) vs. 8% (2912/37906) 6.2.9200.16492 100% (248/248) vs. 16% (6012/37906) d3d10_1core.dll 4% (11/248) vs. 2% (708/37906) 6.1.7600.16385 1% (2/248) vs. 1% (300/37906) 6.1.7600.16972 4% (10/248) vs. 3% (1086/37906) 6.1.7601.17514 25% (63/248) vs. 2% (785/37906) 6.2.9200.16384 65% (162/248) vs. 8% (2920/37906) 6.2.9200.16492 100% (248/248) vs. 16% (6012/37906) d3d10_1.dll 6% (16/248) vs. 3% (1171/37906) 6.1.7600.16385 1% (2/248) vs. 1% (300/37906) 6.1.7600.16972 2% (5/248) vs. 2% (626/37906) 6.1.7601.17544 25% (63/248) vs. 2% (785/37906) 6.2.9200.16384 65% (162/248) vs. 8% (2920/37906) 6.2.9200.16492 100% (248/248) vs. 16% (6098/37906) dxgi.dll 5% (13/248) vs. 3% (1132/37906) 6.1.7600.16385 4% (10/248) vs. 3% (1093/37906) 6.1.7601.17514 4% (9/248) vs. 1% (194/37906) 6.2.9200.16384 22% (54/248) vs. 2% (649/37906) 6.2.9200.16420 65% (162/248) vs. 8% (2926/37906) 6.2.9200.16492 91% (225/248) vs. 10% (3810/37906) d3d11.dll 4% (9/248) vs. 1% (194/37906) 6.2.9200.16384 22% (54/248) vs. 2% (648/37906) 6.2.9200.16420 65% (162/248) vs. 8% (2931/37906) 6.2.9200.16492 98% (242/248) vs. 21% (8081/37906) mf.dll 4% (10/248) vs. 4% (1420/37906) 12.0.7600.16385 1% (2/248) vs. 3% (1037/37906) 12.0.7600.16597 68% (168/248) vs. 12% (4557/37906) 12.0.7601.17514 25% (62/248) vs. 2% (684/37906) 12.0.9200.16384 97% (241/248) vs. 21% (8074/37906) mfreadwrite.dll 4% (10/248) vs. 4% (1421/37906) 12.0.7600.16385 0% (1/248) vs. 3% (1040/37906) 12.0.7600.16597 66% (164/248) vs. 12% (4497/37906) 12.0.7601.17514 2% (4/248) vs. 0% (107/37906) 12.0.7601.17596 3% (8/248) vs. 0% (134/37906) 12.0.9200.16384 1% (2/248) vs. 0% (48/37906) 12.0.9200.16451 21% (52/248) vs. 1% (483/37906) 12.0.9200.16578 98% (242/248) vs. 22% (8236/37906) mfplat.dll 73% (180/248) vs. 19% (7106/37906) 12.0.7600.16385 3% (8/248) vs. 0% (150/37906) 12.0.9200.16384 22% (54/248) vs. 1% (516/37906) 12.0.9200.16433 81% (200/248) vs. 7% (2533/37906) nvwgf2um.dll
Comment 4•11 years ago
|
||
http://www.apple.com/ios/ios7/ is by far the #1 URL for this now.
Comment 5•11 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) [away until early June] from comment #4) > http://www.apple.com/ios/ios7/ is by far the #1 URL for this now. This is going to fall off shortly, but could easily crop up again in the future. Milan said he was going to find an assignee, I believe.
Comment 6•11 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #1) > khuey pointed me at a reliable testcase for this: > > http://people.mozilla.org/~khuey/#test=bigimage > > This basically calls a lot of canvas.drawImage, I think with canvas sources. > > https://crash-stats.mozilla.com/report/index/bp-8e5b3fef-e48f-46a3-a83d- > c430d2130418 > > If I trust my debugger, at > http://hg.mozilla.org/mozilla-central/annotate/1d9c510b3742/gfx/2d/ > DrawTargetD2D.cpp#l328 we appear to be passing a srcRect of 0,0,0,0. > Bas, is this something that we should guard against, and could it lead to the crashes described above?
Flags: needinfo?(bas)
Assignee | ||
Comment 7•11 years ago
|
||
(In reply to Milan Sreckovic [:milan] from comment #6) > (In reply to Benjamin Smedberg [:bsmedberg] from comment #1) > > khuey pointed me at a reliable testcase for this: > > > > http://people.mozilla.org/~khuey/#test=bigimage > > > > This basically calls a lot of canvas.drawImage, I think with canvas sources. > > > > https://crash-stats.mozilla.com/report/index/bp-8e5b3fef-e48f-46a3-a83d- > > c430d2130418 > > > > If I trust my debugger, at > > http://hg.mozilla.org/mozilla-central/annotate/1d9c510b3742/gfx/2d/ > > DrawTargetD2D.cpp#l328 we appear to be passing a srcRect of 0,0,0,0. > > > Bas, is this something that we should guard against, and could it lead to > the crashes described above? Hrm, that shouldn't really crash. I'll look into this.
Assignee: milan → bas
Flags: needinfo?(bas)
Comment 9•11 years ago
|
||
(In reply to Bas Schouten (:bas.schouten) from comment #7) > Hrm, that shouldn't really crash. I'll look into this. Bas, what happened to that?
Flags: needinfo?(bas)
Comment 10•11 years ago
|
||
It's #16 topcrash in 23.0.1 still, but we can't find it in stats in 24. Tracy, can we check that the reproducible case works in 23 and doesn't in 24? If so, something might have fixed it there.
Flags: needinfo?(twalker)
Comment 11•11 years ago
|
||
What is the reproducible test case here? khuey's bigimage.html; "Big Image Decode test" in the tests folder? I click Start and get a count. It's over 500 and counting on Win7 using Fx23.0.1 with no crash yet.
Flags: needinfo?(twalker)
Comment 12•11 years ago
|
||
topcrash is being replaced by more precise keywords per https://bugzilla.mozilla.org/show_bug.cgi?id=927557#c3
Keywords: topcrash → topcrash-win
Comment 13•11 years ago
|
||
this has drop off all crash lists and doesn't appear on any builds byond 23.0.1
Updated•11 years ago
|
Flags: needinfo?(bas)
You need to log in
before you can comment on or make changes to this bug.
Description
•