Closed Bug 968204 Opened 11 years ago Closed 11 years ago

Faulty: ABORT: "Incompatibe surface type" in CanvasLayerComposite::Initialize under LayerTransactionParent::RecvUpdate, TColorLayerAttributes case

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30

People

(Reporter: bjacob, Assigned: bjacob)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Faulty session
37.15 KB, text/plain
Details
Attached file Faulty session
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067 This seems like we're trying to reinterpret a CanvasLayer as... a ColorLayer? Indeed we have: enum LayerType { TYPE_CANVAS, TYPE_COLOR, TYPE_CONTAINER, TYPE_IMAGE, TYPE_READBACK, TYPE_REF, TYPE_SHADOW, TYPE_THEBES }; So for Faulty to cause a CanvasLayer to be reinterpreted as a ColorLayer, all it would have to do would be to change a 0 into a 1, which it did a few times in time session.
Classification: PLayerTransaction, wrong layer type, hard
Depends on: PReinterpretCast
Fixed by the landing of PLayerTransaction type checks before casting layers, bug 968833.
Assignee: nobody → bjacob
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: