If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

crash in mozilla::gfx::CreatePartialBitmapForSurface

VERIFIED FIXED in Firefox 36

Status

()

Core
Graphics
--
critical
VERIFIED FIXED
4 years ago
2 years ago

People

(Reporter: Scoobidiver (away), Assigned: bas)

Tracking

({crash, regression, topcrash})

24 Branch
mozilla36
x86
Windows 7
crash, regression, topcrash
Points:
---

Firefox Tracking Flags

(firefox23 unaffected, firefox24 wontfix, firefox25 wontfix, firefox33 wontfix, firefox34+ wontfix, firefox35+ wontfix, firefox36 verified)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
It first showed up in 24.0a1/20130622 but is discontinuous across builds.
Based on the stack trace, it's likely a regression from bug 878032.

Signature 	mozilla::gfx::CreatePartialBitmapForSurface More Reports Search
UUID 	ec084e51-4392-4c64-865d-620352130709
Date Processed	2013-07-09 21:51:52.644881
Uptime	765
Last Crash	367025 seconds before submission
Install Age 	17175 since version was first installed.
Install Time 	2013-07-09 17:04:42
Product 	Firefox
Version 	25.0a1
Build ID 	20130709030204
Release Channel 	nightly
OS 	Windows NT
OS Version 	6.1.7601 Service Pack 1
Build Architecture 	x86
Build Architecture Info 	AuthenticAMD family 15 model 107 stepping 2 | None
Crash Reason 	EXCEPTION_INT_DIVIDE_BY_ZERO
Crash Address 	0x6fc162ea
App Notes 	
AdapterVendorID: 0x10de, AdapterDeviceID: 0x0641, AdapterSubsysID: 40091682, AdapterDriverVersion: 9.18.13.2018
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+ 

Frame 	Module 	Signature 	Source
0 	gkmedias.dll 	mozilla::gfx::CreatePartialBitmapForSurface 	gfx/2d/HelpersD2D.h
1 	gkmedias.dll 	mozilla::gfx::DrawTargetD2D::CreateBrushForPattern(mozilla::gfx::Pattern const &,float) 	gfx/2d/DrawTargetD2D.cpp
2 	gkmedias.dll 	mozilla::gfx::DrawTargetD2D::FillRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::Pattern const &,mozilla::gfx::DrawOptions const &) 	gfx/2d/DrawTargetD2D.cpp
3 	xul.dll 	gfxContext::FillAzure(float) 	gfx/thebes/gfxContext.cpp
4 	xul.dll 	gfxSurfaceDrawable::Draw(gfxContext *,gfxRect const &,bool,gfxPattern::GraphicsFilter const &,gfxMatrix const &) 	gfx/thebes/gfxDrawable.cpp
5 	xul.dll 	gfxUtils::DrawPixelSnapped(gfxContext *,gfxDrawable *,gfxMatrix const &,gfxRect const &,gfxRect const &,gfxRect const &,gfxRect const &,gfxASurface::gfxImageFormat,gfxPattern::GraphicsFilter,unsigned int) 	gfx/thebes/gfxUtils.cpp
6 	xul.dll 	imgFrame::Draw(gfxContext *,gfxPattern::GraphicsFilter,gfxMatrix const &,gfxRect const &,nsIntMargin const &,nsIntRect const &,unsigned int) 	image/src/imgFrame.cpp
7 	xul.dll 	mozilla::image::RasterImage::DrawWithPreDownscaleIfNeeded(imgFrame *,gfxContext *,gfxPattern::GraphicsFilter,gfxMatrix const &,gfxRect const &,nsIntRect const &,unsigned int) 	image/src/RasterImage.cpp
8 	xul.dll 	mozilla::image::RasterImage::Draw(gfxContext *,gfxPattern::GraphicsFilter,gfxMatrix const &,gfxRect const &,nsIntRect const &,nsIntSize const &,mozilla::SVGImageContext const *,unsigned int,unsigned int) 	image/src/RasterImage.cpp
9 	xul.dll 	DrawImageInternal 	layout/base/nsLayoutUtils.cpp
10 	xul.dll 	nsLayoutUtils::DrawSingleImage(nsRenderingContext *,imgIContainer *,gfxPattern::GraphicsFilter,nsRect const &,nsRect const &,mozilla::SVGImageContext const *,unsigned int,nsRect const *) 	layout/base/nsLayoutUtils.cpp
11 	xul.dll 	nsImageFrame::PaintImage(nsRenderingContext &,nsPoint,nsRect const &,imgIContainer *,unsigned int) 	layout/generic/nsImageFrame.cpp
12 	xul.dll 	nsDisplayImage::Paint(nsDisplayListBuilder *,nsRenderingContext *) 	layout/generic/nsImageFrame.cpp
13 	xul.dll 	mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,nsIntRegion const &,void *) 	layout/base/FrameLayerBuilder.cpp
14 	xul.dll 	gfxContext::Clip() 	gfx/thebes/gfxContext.cpp
15 		@0x2eeb48 	
16 		@0x2ee568 	
17 	xul.dll 	nsIntRegion::Sub(nsIntRegion const &,nsIntRegion const &) 	gfx/src/nsRegion.h
18 	xul.dll 	mozilla::layers::ThebesLayerD3D10::Validate(mozilla::layers::ReadbackProcessor *) 	gfx/layers/d3d10/ThebesLayerD3D10.cpp
19 	xul.dll 	mozilla::layers::ContainerLayerD3D10::Validate() 	gfx/layers/d3d10/ContainerLayerD3D10.cpp
20 	xul.dll 	mozilla::layers::ContainerLayerD3D10::Validate() 	gfx/layers/d3d10/ContainerLayerD3D10.cpp
21 	xul.dll 	mozilla::layers::LayerManagerD3D10::Render(mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/d3d10/LayerManagerD3D10.cpp
22 	xul.dll 	mozilla::layers::LayerManagerD3D10::EndTransaction(void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,nsIntRegion const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/d3d10/LayerManagerD3D10.cpp
23 	xul.dll 	nsDisplayList::PaintForFrame(nsDisplayListBuilder *,nsRenderingContext *,nsIFrame *,unsigned int) 	layout/base/nsDisplayList.cpp
24 	xul.dll 	nsLayoutUtils::PaintFrame(nsRenderingContext *,nsIFrame *,nsRegion const &,unsigned int,unsigned int) 	layout/base/nsLayoutUtils.cpp
25 	xul.dll 	PresShell::Paint(nsView *,nsRegion const &,unsigned int) 	layout/base/nsPresShell.cpp
26 	xul.dll 	nsViewManager::ProcessPendingUpdatesForView(nsView *,bool) 	view/src/nsViewManager.cpp
27 	xul.dll 	nsRefreshDriver::Tick(__int64,mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
28 	xul.dll 	mozilla::RefreshDriverTimer::Tick() 	layout/base/nsRefreshDriver.cpp
29 	xul.dll 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
30 	nss3.dll 	PR_IntervalNow 	nsprpub/pr/src/misc/prinrval.c
31 	xul.dll 	nsThread::ProcessNextEvent(bool,bool *) 	xpcom/threads/nsThread.cpp
32 	xul.dll 	NS_ProcessNextEvent(nsIThread *,bool) 	obj-firefox/xpcom/build/nsThreadUtils.cpp
33 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) 	ipc/glue/MessagePump.cpp
34 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc
35 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
36 	xul.dll 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
37 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp
38 	xul.dll 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
39 	xul.dll 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
40 	xul.dll 	XREMain::XRE_main(int,char * * const,nsXREAppData const *) 	toolkit/xre/nsAppRunner.cpp
41 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp

More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=mozilla%3A%3Agfx%3A%3ACreatePartialBitmapForSurface
Assignee: nobody → bas
[Tracking Requested - why for this release]:

This signature is now the #5 topcrash for Firefox 34.0b10 with 607/18944 crashes in the last day. 
It started showing up in a higher than usual volume in 34.0b7. 

More reports: https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2014-11-18&signature=mozilla%3A%3Agfx%3A%3ACreatePartialBitmapForSurface&version=Firefox%3A34.0b9

Crashing thread:

0 	xul.dll 	mozilla::gfx::CreatePartialBitmapForSurface 	gfx/2d/HelpersD2D.h
1 	xul.dll 	mozilla::gfx::DrawTargetD2D::CreateBrushForPattern(mozilla::gfx::Pattern const&, float) 	gfx/2d/DrawTargetD2D.cpp
2 	xul.dll 	mozilla::gfx::DrawTargetD2D::FillRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) 	gfx/2d/DrawTargetD2D.cpp
3 	xul.dll 	gfxSurfaceDrawable::Draw(gfxContext*, gfxRect const&, bool, GraphicsFilter const&, double, gfxMatrix const&) 	gfx/thebes/gfxDrawable.cpp
4 	xul.dll 	gfxUtils::DrawPixelSnapped(gfxContext*, gfxDrawable*, gfxSize const&, mozilla::image::ImageRegion const&, mozilla::gfx::SurfaceFormat, GraphicsFilter, unsigned int, double) 	gfx/thebes/gfxUtils.cpp
5 	xul.dll 	mozilla::image::imgFrame::Draw(gfxContext*, mozilla::image::ImageRegion const&, nsIntMargin const&, GraphicsFilter, unsigned int) 	image/src/imgFrame.cpp
6 	xul.dll 	mozilla::image::RasterImage::DrawWithPreDownscaleIfNeeded(mozilla::image::imgFrame*, gfxContext*, nsIntSize const&, mozilla::image::ImageRegion const&, GraphicsFilter, unsigned int) 	image/src/RasterImage.cpp
7 	xul.dll 	mozilla::image::RasterImage::Draw(gfxContext*, nsIntSize const&, mozilla::image::ImageRegion const&, unsigned int, GraphicsFilter, mozilla::Maybe<mozilla::SVGImageContext> const&, unsigned int) 	image/src/RasterImage.cpp
8 	xul.dll 	DrawImageInternal 	layout/base/nsLayoutUtils.cpp
9 	xul.dll 	nsLayoutUtils::DrawBackgroundImage(nsRenderingContext*, nsPresContext*, imgIContainer*, nsIntSize const&, GraphicsFilter, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, unsigned int) 	layout/base/nsLayoutUtils.cpp
10 	xul.dll 	nsImageRenderer::Draw(nsPresContext*, nsRenderingContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&) 	layout/base/nsCSSRendering.cpp
11 	xul.dll 	nsCSSRendering::PaintBackgroundWithSC(nsPresContext*, nsRenderingContext&, nsIFrame*, nsRect const&, nsRect const&, nsStyleContext*, nsStyleBorder const&, unsigned int, nsRect*, int) 	layout/base/nsCSSRendering.cpp
12 	d2d1.dll 	DrawingContext::PushAxisAlignedClip(D2D_RECT_F const*, D2D1_ANTIALIAS_MODE) 	
13 	xul.dll 	nsCSSRendering::PaintBackground(nsPresContext*, nsRenderingContext&, nsIFrame*, nsRect const&, nsRect const&, unsigned int, nsRect*, int) 	layout/base/nsCSSRendering.cpp
14 	xul.dll 	nsDisplayBackgroundImage::Paint(nsDisplayListBuilder*, nsRenderingContext*) 	layout/base/nsDisplayList.cpp
15 	xul.dll 	mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, nsIntRect const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, nsIntPoint const&, float, float, int) 	layout/base/FrameLayerBuilder.cpp
status-firefox34: --- → affected
status-firefox35: --- → affected
status-firefox36: --- → affected
tracking-firefox34: --- → ?
Keywords: topcrash
Seth, Bas, can you guys sort out the "is this unoptimized imagelib causing issues or some other thing" causing these crashes?  Clearly the problem isn't going away if we've been running into it since 24 :)
Flags: needinfo?(seth)
Flags: needinfo?(bas)
The overall crash rate on 34 is good so I'm reluctant to push for further changes unless we actually need them. 

Do we have any data to show under what circumstances this crash occurs? 
Can this crash on start-up?
Is this an intermittent or consistent crash?
Flags: needinfo?(lhenry)
Lawrence, understandable.  While this may have showed up in 24, I dno't think it was even in the top 50 crashes until 34 went into Beta 7. The background crash rate was around 30 crashes and went up in 34b7 to a few hundred. For beta 9 there are over 1000 crashes. That makes me think that people are going to crash a lot in Facebook when this goes to release.

The volume isn't huge; it's in our top 10 for late betas, around 1 out of 30 crashes, mostly on Windows 7. I haven't seen the crash myself. There is a recent comment that the crash happened while clicking the middle button and scrolling up through Facebook feeds.  The associated URLs are overwhelmingly Facebook. (https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2014-11-18&signature=mozilla%3A%3Agfx%3A%3ACreatePartialBitmapForSurface&version=Firefox%3A34.0b9#tab-sigurls)
Flags: needinfo?(lhenry)
(Assignee)

Comment 5

3 years ago
Created attachment 8526271 [details] [diff] [review]
Deal with empty newSize in CreatePartialBitmapForSurface
Flags: needinfo?(bas)
Attachment #8526271 - Flags: review?(bgirard)
Comment on attachment 8526271 [details] [diff] [review]
Deal with empty newSize in CreatePartialBitmapForSurface

Review of attachment 8526271 [details] [diff] [review]:
-----------------------------------------------------------------

d2d doesn't support empty surface. I had a discussion with Bas and was convinced that this is a reasonable fallback that should be hit only for large images.
Attachment #8526271 - Flags: review?(bgirard) → review+
Looking back over crash-stats, this has not appeared for 34.0b10 at all. 
In comment 1, I meant to say (and did correctly link to) 34.0b9.

Since this hasn't landed in beta and yet the signature disappeared commpletely between b9 and b10, maybe it's still happening but the crashes have shifted to fall under some other signature.  Or, maybe some other fix addressed this.
Backed out from beta in https://hg.mozilla.org/releases/mozilla-beta/rev/bc996c1a50f1 for breaking at least Windows builds:

https://treeherder.mozilla.org/ui/logviewer.html#?job_id=156165&repo=mozilla-beta


As an aside, this is Bas's patch, but the patch doesn't have author information in the metadata, so when BenWa pushed it, it showed up as BenWa's commit. Not a huge deal, but would be nice to have corrected on the next attempt. :)
Flags: needinfo?(bgirard)
Flags: needinfo?(bas)
(In reply to Wes Kocher (:KWierso) from comment #8)
> As an aside, this is Bas's patch, but the patch doesn't have author
> information in the metadata, so when BenWa pushed it, it showed up as
> BenWa's commit. Not a huge deal, but would be nice to have corrected on the
> next attempt. :)

My bad, I though updating the description would leave the author field intact. Bas can take it from here. ni-
Flags: needinfo?(bgirard)
https://hg.mozilla.org/mozilla-central/rev/59f27b833c36
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
status-firefox24: affected → wontfix
status-firefox25: affected → wontfix
status-firefox33: --- → wontfix
status-firefox36: affected → fixed
I reviewed this with Bas. Given comment 7 and that this bounced, we're going to take this fix in 35.
status-firefox34: affected → wontfix
tracking-firefox34: ? → +
tracking-firefox35: --- → +
(Assignee)

Updated

3 years ago
Flags: needinfo?(bas)
Can we can get an uplift nomination?
Flags: needinfo?(bas)
Well, we've wontfixed it several times and it's resolved in 36, time has run out for 35 and we'll have to wontfix one more time.
status-firefox35: affected → wontfix
Flags: needinfo?(seth)
Flags: needinfo?(bas)
(Assignee)

Comment 14

3 years ago
(In reply to Lukas Blakk [:lsblakk] use ?needinfo from comment #13)
> Well, we've wontfixed it several times and it's resolved in 36, time has run
> out for 35 and we'll have to wontfix one more time.

I'm sorry, somehow I was under the impression this was already uplifted. When are we spinning the beta, I could still get this in possibly?
Socorro shows only one crash on Firefox 36 over the past 4 weeks, in Beta 4. I think it's safe to close it.
Status: RESOLVED → VERIFIED
status-firefox36: fixed → verified

Updated

2 years ago
Duplicate of this bug: 1006502
You need to log in before you can comment on or make changes to this bug.