Closed Bug 860149 Opened 11 years ago Closed 11 years ago

crash in mozilla::image::Decoder::Write

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
22 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla23
Tracking Flags:
Tracking Status
firefox21 --- unaffected
firefox22 --- affected
firefox23 --- verified

People

(Reporter: tomhanksjr, Assigned: joe)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

mark synchronous in AddSourceData
1.15 KB, patch
seth
: review+
akeybl
: approval-mozilla-beta-
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20130315 Firefox/22.0
Build ID: 20130315045334

Steps to reproduce:

Browsed the internet.


Actual results:

Nightly crashed. Then when restarting it would continue to crash from the same error.


Expected results:

Nightly should not have crashed. This had not happened until after build from 03-15-2013. I continue to downgrade back to this build after testing out the new builds because they all have done it since.
Version: 22 Branch → 23 Branch
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ msvcr100.dll@0x101e3 ]
Component: Untriaged → General
Ever confirmed: true
Product: Firefox → Core
Weird. Debug symbols are missing in the stack trace.
Does it happen in Safe Mode (see https://support.mozilla.org/kb/troubleshoot-firefox-issues-using-safe-mode)?
Do you have steps to reproduce?

I found an imageLib crash with the same signature a few builds earlier (see bp-06415f9e-22df-4862-953d-064b42130402) but I am not sure it's related.
Status: NEW → UNCONFIRMED
Depends on: 711953
Ever confirmed: false
Flags: needinfo?(tomhanksjr)
Keywords: crash, stackwanted
Hardware: x86_64 → x86
Whenever the bug first appeared it seemed like Nightly would crash almost instantly. Recent Nightly builds though seem to be able to last like 10 minutes or more before the crash eventually happens. Also once the crash starts happening Nightly will instantly crash when trying to load tabs from last time, but if I just start browsing in a new tab Nightly will work again for another 10~ minutes. It doesn't seem to be related to a certain website though because I browse the same 5 or so tabs for 10 minutes with no problems than Nightly starts crashing. I also tried closing most of those tabs after the crashes start happening to see if it was a tab and Nightly would still crash when trying to use tabs from last time.
Flags: needinfo?(tomhanksjr)
Do you have other crash IDs?
Can you determine the regression range using https://github.com/mozilla/mozregression?
Flags: needinfo?(tomhanksjr)
All your crash reports don't have debug symbols.

What about the safe mode?
What about the regression range?
Flags: needinfo?(tomhanksjr)
I just downloaded the latest Nightly to test in Safe Mode, it crashed. This is the crash report: https://crash-stats.mozilla.com/report/index/bp-0c4077a7-ab32-4d46-9c7a-d34dd2130411
Flags: needinfo?(tomhanksjr)
Oddly since it crashed it restarted not in safe mode and loaded the previous tabs fine  (for now) when it crashes not in safe mode it will just continuously crash when trying to load tabs from previous session.
(In reply to tomhanksjr from comment #7)
> https://crash-stats.mozilla.com/report/index/bp-0c4077a7-ab32-4d46-9c7a-
> d34dd2130411
That crash is unrelated to your previous crashes so I assume they were about an extension or HW acceleration. Can you find it (see https://support.mozilla.org/kb/troubleshoot-extensions-themes-to-fix-problems)?
Flags: needinfo?(tomhanksjr)
Okay when I disable the developmental build of Adblock Plus Firefox crashes with this error instead of the usual one: https://crash-stats.mozilla.com/report/index/542c25c7-d0d8-47f1-a702-38d972130411

So I am going to try using the regular build of Adblock Plus and see if I get the crash due to the msvcr100.dll crash.
Flags: needinfo?(tomhanksjr)
Nevermind I just got the usual crash with adblock plus disabled. Also the crash seems to be happening on www.last.fm when i am browsing artist pages and albums (I THINK)
I am going to close my last.fm tab and browse a bunch of other pages now and see if it crashes.
I can't get it to crash yet, all the crashes also have happened while browsing www.last.fm even the different ones without the msvcr100.dll@0x101e3 crash signature.
Do you have crashes with today's nightly to see whether the stack trace contains at least debug symbols?
Flags: needinfo?(tomhanksjr)
https://crash-stats.mozilla.com/report/index/bp-66d1bc21-abad-4a2d-b349-2ce772130412
https://crash-stats.mozilla.com/report/index/bp-aeb5d33a-a3d2-4a95-9b9e-a4ef32130412
From today's Nightly. Also it seems to be doing it on animated .gif's. Some gif's it shows fine, some don't loop (or maybe even playing all the way through) some show a grey box instead of the gif and sometimes it just crashes Nightly.
Flags: needinfo?(tomhanksjr)
It first showed up in 22.0a1/20130321090706. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1d6fe70c79c5&tochange=a73a2b5c423b
It's likely a regression from bug 716140.

The first frames of the stack trace are:
Frame 	Module 	Signature 	Source
0 	msvcr100.dll 	msvcr100.dll@0x101e3 	
1 	xul.dll 	mozilla::image::Decoder::Write 	image/src/Decoder.cpp:115
2 	xul.dll 	mozilla::image::RasterImage::WriteToDecoder 	image/src/RasterImage.cpp:2674
3 	xul.dll 	mozilla::image::RasterImage::AddSourceData 	image/src/RasterImage.cpp:1672
4 	xul.dll 	mozilla::image::RasterImage::WriteToRasterImage 	image/src/RasterImage.cpp:3358
5 	xul.dll 	nsInputStreamTee::WriteSegmentFun 	xpcom/io/nsInputStreamTee.cpp:198
6 	xul.dll 	nsPipeInputStream::ReadSegments 	xpcom/io/nsPipe3.cpp:775
7 	xul.dll 	nsInputStreamTee::ReadSegments 	xpcom/io/nsInputStreamTee.cpp:251
8 	xul.dll 	mozilla::image::RasterImage::OnImageDataAvailable 	image/src/RasterImage.cpp:1830
9 	xul.dll 	imgRequest::OnDataAvailable 	image/src/imgRequest.cpp:805
10 	xul.dll 	ProxyListener::OnDataAvailable 	image/src/imgLoader.cpp:2134
11 	xul.dll 	mozilla::dom::MediaDocumentStreamListener::OnDataAvailable 	content/html/document/src/MediaDocument.cpp:85
12 	xul.dll 	nsDocumentOpenInfo::OnDataAvailable 	uriloader/base/nsURILoader.cpp:280

More reports at:
https://crash-stats.mozilla.com/report/list?signature=msvcr100.dll%400x101e3
Blocks: 716140
Status: UNCONFIRMED → NEW
status-firefox21: --- → unaffected
status-firefox22: --- → affected
status-firefox23: --- → affected
Component: General → ImageLib
Ever confirmed: true
Keywords: stackwantedregression
Summary: Nightly eventually crashes and then will not start up without crashing. → crash in mozilla::image::Decoder::Write
Version: 23 Branch → 22 Branch
Excellent, so does this mean it has a good chance of being fixed?
status-firefox21: unaffected → ---
status-firefox22: affected → ---
status-firefox23: affected → ---
Component: ImageLib → General
Version: 22 Branch → 23 Branch
reporter, please shift-reload this bug before updating it :)
Assignee: nobody → joe
status-firefox21: --- → unaffected
status-firefox22: --- → affected
status-firefox23: --- → affected
Component: General → ImageLib
Keywords: needURLs
Version: 23 Branch → 22 Branch
(In reply to Joe Drew (:JOEDREW! \o/) (Unburying, use needinfo) from comment #18)
> reporter, please shift-reload this bug before updating it :)

Sorry if you are talking to me, I didn't update anything but I did add a vote for the importance of the bug if that screwed things up, sorry!
tomhanksjr, can you go to about:support, click "copy text to clipboard", then paste it in here?
Flags: needinfo?(tomhanksjr)
BTW, I looked - URLs are not terribly helpful here, unfortunately.
Keywords: needURLs
Also, can you disable *all* of your extensions and see if this continues?
(In reply to Joe Drew (:JOEDREW! \o/) (Unburying, use needinfo) from comment #20)
> tomhanksjr, can you go to about:support, click "copy text to clipboard",
> then paste it in here?



  Application Basics

        Name
        Firefox

        Version
        22.0a1

        User Agent
        Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20130315 Firefox/22.0

        Build Configuration

          about:buildconfig

  Extensions

        Name

        Version

        Enabled

        ID

        Adblock Plus
        2.2.3
        true
        {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

        Greasemonkey
        1.8
        true
        {e4a8a97b-f2ed-450b-b12d-ee082ba24781}

        Open Image In New Tab
        1.1
        true
        imagetab@next.gen.nz

        Prevent Tab Overflow
        6.1
        true
        noverflow@sdrocking.com

        Status-4-Evar
        2013.02.16.23
        true
        status4evar@caligonstudios.com

  Important Modified Preferences

      Name

      Value

        accessibility.typeaheadfind.flashBar
        0

        browser.cache.disk.capacity
        358400

        browser.cache.disk.smart_size.first_run
        false

        browser.cache.disk.smart_size.use_old_max
        false

        browser.cache.disk.smart_size_cached_value
        358400

        browser.places.smartBookmarksVersion
        4

        browser.search.useDBForOrder
        true

        browser.sessionstore.restore_on_demand
        false

        browser.startup.homepage_override.buildID
        20130315045334

        browser.startup.homepage_override.mstone
        22.0a1

        browser.tabs.animate
        false

        browser.tabs.tabClipWidth
        100

        browser.urlbar.default.behavior
        1

        browser.urlbar.trimURLs
        false

        dom.mozApps.used
        true

        extensions.lastAppVersion
        22.0a1

        font.internaluseonly.changed
        true

        gfx.direct3d.last_used_feature_level_idx
        0

        gfx.direct3d.prefer_10_1
        true

        image.high_quality_downscaling.enabled
        false

        image.mem.decodeondraw
        false

        image.mem.discardable
        false

        network.cookie.prefsMigrated
        true

        network.protocol-handler.warn-external.dnupdate
        false

        places.database.lastMaintenance
        1366005838

        places.history.expiration.transient_current_max_pages
        104858

        plugin.disable_full_page_plugin_for_types
        application/pdf

        plugin.importedState
        true

        privacy.clearOnShutdown.cache
        false

        privacy.clearOnShutdown.cookies
        false

        privacy.clearOnShutdown.formdata
        false

        privacy.clearOnShutdown.history
        false

        privacy.clearOnShutdown.sessions
        false

        privacy.sanitize.migrateFx3Prefs
        true

        security.default_personal_cert
        Select Automatically

        security.disable_button.openCertManager
        false

        security.disable_button.openDeviceManager
        false

    user.js Preferences

    Your profile folder contains a

      user.js file, which includes preferences that were not created by Nightly.

  Graphics

        Adapter Description
        AMD Radeon HD 6450

        Adapter Drivers
        aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64

        Adapter RAM
        512

        ClearType Parameters
        DISPLAY1 [ Gamma: 1800 Pixel Structure: BGR ClearType Level: 50 Enhanced Contrast: 100 ] DISPLAY7 [ Gamma: 1800 Pixel Structure: BGR ClearType Level: 100 Enhanced Contrast: 50 ]

        Device ID
        0x6779

        Direct2D Enabled
        true

        DirectWrite Enabled
        true (6.2.9200.16492)

        Driver Date
        12-19-2012

        Driver Version
        9.12.0.0

        GPU #2 Active
        false

        GPU Accelerated Windows
        1/1 Direct3D 10

        Vendor ID
        0x1002

        WebGL Renderer
        Google Inc. -- ANGLE (AMD Radeon HD 6450)

        AzureCanvasBackend
        direct2d

        AzureContentBackend
        direct2d

        AzureFallbackCanvasBackend
        cairo

  JavaScript

        Incremental GC
        true

  Accessibility

        Activated
        false

        Prevent Accessibility
        0

  Library Versions

        Expected minimum version

        Version in use

        NSPR
        4.9.6 Beta
        4.9.6 Beta

        NSS
        3.14.3.0 Basic ECC
        3.14.3.0 Basic ECC

        NSSSMIME
        3.14.3.0 Basic ECC
        3.14.3.0 Basic ECC

        NSSSSL
        3.14.3.0 Basic ECC
        3.14.3.0 Basic ECC

        NSSUTIL
        3.14.3.0
        3.14.3.0
Flags: needinfo?(tomhanksjr)
(In reply to tomhanksjr from comment #23)
>         image.high_quality_downscaling.enabled
>         false
> 
>         image.mem.decodeondraw
>         false
> 
>         image.mem.discardable
>         false

Very interesting. These are not the default values; are there reasons you have them toggled?
the first one. Images look completely horrible when Firefox "downscales" them.

the second one. I forget why I changed it.

the third one. I don't want to switch back to a tab 72 hours from now and have all the images flashing white because they have to load again.
Still crashed: https://crash-stats.mozilla.com/report/index/bp-2c013900-70cc-4fa2-9864-8acf32130416
Flags: needinfo?(tomhanksjr)
This just happened to be triggered reliably with that set of prefs. (Thank goodness for that.) This fixes the crash I was able to reproduce, and should fix all such crashes.
Attachment #738725 - Flags: review?(seth)
"started 14:36, still running... ETA unknown" Will try when the opt lets me download it.
(In reply to Joe Drew (:JOEDREW! \o/) from comment #31)
> https://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/jdrew@mozilla.com-
> 008ed6153017/try-win32/ :)

Thanks, I am using it now and browsing Last.FM and it hasn't crashed yet.
Comment on attachment 738725 [details] [diff] [review]
mark synchronous in AddSourceData

Review of attachment 738725 [details] [diff] [review]:
-----------------------------------------------------------------

Heh, looking at Decoder::Write, this makes a lot of sense.
Attachment #738725 - Flags: review?(seth) → review+
(In reply to Joe Drew (:JOEDREW! \o/) from comment #34)
> http://hg.mozilla.org/integration/mozilla-inbound/rev/1d31d983075a

Thanks so much Joe Drew for fixing this bug, so does this mean I should update to the latest Nightly tomorrow for it be in?
Pages with like 10-15 animated gifs for this build the gif's are not being animated, some are but most are not. Is this related?
https://hg.mozilla.org/mozilla-central/rev/1d31d983075a
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
(In reply to tomhanksjr from comment #35)
> (In reply to Joe Drew (:JOEDREW! \o/) from comment #34)
> > http://hg.mozilla.org/integration/mozilla-inbound/rev/1d31d983075a
> 
> Thanks so much Joe Drew for fixing this bug, so does this mean I should
> update to the latest Nightly tomorrow for it be in?

Yep!

(In reply to tomhanksjr from comment #36)
> Pages with like 10-15 animated gifs for this build the gif's are not being
> animated, some are but most are not. Is this related?

Should have no relation.
Nope. One is bug 864511; the other is unidentifiable, sadly. :(
(In reply to Ryan VanderMeulen [:RyanVM][Out May 23-27] from comment #37)
> https://hg.mozilla.org/mozilla-central/rev/1d31d983075a
22 Branch is still affected, is it too late to land this in beta before 22 is released?
http://crash-stats.mozilla.com/report/index/3d706e39-0d90-425f-b484-cd9952130525 was definitely fixed by the user switching from 22 beta to 23 Aurora.
Flags: needinfo?(ryanvm)
That's a question for Joe and the release drivers, not me.
Flags: needinfo?(ryanvm) → needinfo?(joe)
Craps, thanks for the ping.
Flags: needinfo?(joe)
Comment on attachment 738725 [details] [diff] [review]
mark synchronous in AddSourceData

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 716140 (which I can now type entirely from memory)
User impact if declined: crashes
Testing completed (on m-c, etc.): on m-c and m-a for a while
Risk to taking this patch (and alternatives if risky): not terribly risky
String or IDL/UUID changes made by this patch: none
Attachment #738725 - Flags: approval-mozilla-beta?
Comment on attachment 738725 [details] [diff] [review]
mark synchronous in AddSourceData

Very low volume crasher, so any new risk seems unnecessary. Will be fixed for the first time in FF23.
Attachment #738725 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
tomhanksjr, can you check if this is fixed for you with the following build?
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/23.0b1-candidates/build1/
Flags: needinfo?(tomhanksjr)
Keywords: verifyme
Since updating to Fx22 I've been getting a crash with this signature whenever trying to view an animated GIF.

These are my signatures (I also got another crash that couldn't report after viewing a GIF directly to confirm my animated-GIFs-as-cause hypothesis)
If you need more info let me know, otherwise I'll probably be down(up?)grading to Fx21 soon, because this is making it unusable for me.

bp-7a7a2fc3-41e4-491e-aeb6-16d5d2130702
bp-8fc2edf3-e1ba-4378-90fc-71a832130702
bp-f13ba931-d0c9-42df-8835-60c172130702
bp-d8bacb8d-6ce4-49fc-aa36-b05cf2130702
bp-695bc5b6-0f63-402c-82b0-4e1122130702
bp-bcbca0d8-f241-4af4-af97-258a42130702
bp-0bc6cc50-a05e-47d3-8d5e-049732130702
bp-f52f77db-69f8-421f-9a0c-3e0702130702
That would make sense; the flags up top show that this affects FF 22, but the fix from 23 wasn't backported due to the risk associated with it.
Ah, turns out I had image.mem.decodeondraw and image.mem.discardable both set to false as mentioned in comment #24 (don't remember when, or why) and resetting them fixed it, phew.
I'm marking this bug verified fixed due to lack of evidence to the contrary. Please reopen if this is not fixed in Firefox 23 or later.
Status: RESOLVED → VERIFIED
status-firefox23: fixedverified
Flags: needinfo?(tomhanksjr)
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: