Closed Bug 861100 Opened 12 years ago Closed 11 years ago

crash in imgFrame::SizeOfExcludingThisWithComputedFallbackIfHeap @ _cairo_user_data_array_fini

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
22 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox21 --- unaffected
firefox22 --- affected
firefox23 --- affected
firefox24 --- affected

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

It's #7 top browser crasher in 22.0a2 and #13 in 23.0a1 on Mac OS X. It first showed up in 22.0a1/20130329. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=962f5293f87f&tochange=8693d1d4c86d I suspect bug 850566. Signature jemalloc_crash | libsystem_c.dylib@0x2d8f8 More Reports Search UUID ee0c8394-f16e-4f06-87ae-2c6e82130411 Date Processed 2013-04-11 20:01:16 Uptime 16916 Last Crash 5.6 hours before submission Install Age 5.4 hours since version was first installed. Install Time 2013-04-11 14:37:44 Product Firefox Version 22.0a2 Build ID 20130411004016 Release Channel aurora OS Mac OS X OS Version 10.8.3 12D78 Build Architecture amd64 Build Architecture Info family 6 model 42 stepping 7 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x0 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x 126GL Context? GL Context+ GL Layers? GL Layers+ Processor Notes sp-processor05.phx1.mozilla.com_24334:2008; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x 126 Frame Module Signature Source 0 libmozglue.dylib jemalloc_crash jemalloc.c:1582 1 libsystem_c.dylib libsystem_c.dylib@0x2d8f8 2 XUL _cairo_user_data_array_fini cairo-array.c:415 3 XUL _moz_cairo_surface_destroy gfx/cairo/cairo/src/cairo-surface.c:654 4 XUL gfxASurface::Release gfx/thebes/gfxASurface.cpp:88 5 XUL gfxQuartzImageSurface::KnownMemoryUsed obj-firefox/x86_64/dist/include/nsAutoPtr.h:880 6 libmozalloc.dylib libmozalloc.dylib@0xac0 7 XUL imgFrame::SizeOfExcludingThisWithComputedFallbackIfHeap const image/src/imgFrame.cpp:872 8 libmozalloc.dylib libmozalloc.dylib@0xac0 9 XUL mozilla::image::RasterImage::HeapSizeOfDecodedWithComputedFallback const image/src/RasterImage.cpp:1243 10 libmozalloc.dylib libmozalloc.dylib@0xac0 11 XUL mozilla::image::ImageResource::SizeOfData image/src/Image.cpp:41 12 XUL imgRequest::UpdateCacheEntrySize image/src/imgRequest.cpp:341 13 XUL imgRequestProxy::OnStopDecode image/src/imgRequestProxy.cpp:748 14 XUL _ZZN7mozilla5imageL14get_header_strEPcS1_mE3hex 15 XUL imgStatusTracker::SyncNotifyState image/src/imgStatusTracker.cpp:512 16 XUL MOZ_PNG_read_dest _string.h:58 17 XUL nsACString_internal::Assign obj-firefox/x86_64/dist/include/nsCharTraits.h:395 18 XUL nsACString_internal::Assign xpcom/string/src/nsTSubstring.cpp:386 19 XUL imgStatusTracker::SyncNotifyDifference image/src/imgStatusTracker.cpp:569 20 XUL _ZZN7mozilla5imageL14get_header_strEPcS1_mE3hex 21 XUL mozilla::image::RasterImage::FinishedSomeDecoding image/src/RasterImage.cpp:3536 22 XUL mozilla::image::RasterImage::DecodeDoneWorker::Run image/src/RasterImage.cpp:3923 23 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=jemalloc_crash+|+libsystem_c.dylib%400x2d8f8 https://crash-stats.mozilla.com/report/list?signature=jemalloc_crash+|+libsystem_c.dylib%400xa0789
More reports also at: https://crash-stats.mozilla.com/report/list?signature=gfxQuartzImageSurface%3A%3AKnownMemoryUsed%28%29 (In reply to Scoobidiver from comment #0) > It first showed up in 22.0a1/20130329. The regression range is: > http://hg.mozilla.org/mozilla-central/ > pushloghtml?fromchange=962f5293f87f&tochange=8693d1d4c86d It happened one build earlier so the new regression range might be: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=178a4a770bb1&tochange=962f5293f87f
Crash Signature: [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] → [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] [@ gfxQuartzImageSurface::KnownMemoryUsed() ]
Component: Graphics → ImageLib
More reports at: https://crash-stats.mozilla.com/report/list?signature=jemalloc_crash+|+arena_dalloc+|+_cairo_user_data_array_fini
Crash Signature: [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] [@ gfxQuartzImageSurface::KnownMemoryUsed() ] → [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] [@ jemalloc_crash | arena_dalloc | _cairo_user_data_array_fini ] [@ gfxQuartzImageSurface::KnownMemoryUsed() ]
status-firefox24: --- → affected
It seems to have been fixed by the patch of bug 855221.
Crash Signature: [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] [@ jemalloc_crash | arena_dalloc | _cairo_user_data_array_fini ] [@ gfxQuartzImageSurface::KnownMemoryUsed() ] → [@ jemalloc_crash | libsystem_c.dylib@0x2d8f8 ] [@ jemalloc_crash | libsystem_c.dylib@0xa0789 ] [@ jemalloc_crash | arena_dalloc | _cairo_user_data_array_fini ] [@ jemalloc_crash | _cairo_user_data_array_fini ] [@ gfxQuartzImageSurface::KnownMemoryUse…
Status: NEW → RESOLVED
Closed: 11 years ago
Depends on: 855221
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.