Closed Bug 973971 Opened 8 years ago Closed 8 years ago

Crashes in mozilla::gfx::DrawGradient() | mozilla::gfx::DrawTargetCG::FillRect() throwing a C++ exception


(Core :: Graphics, defect)

Not set



Tracking Status
firefox29 --- unaffected
firefox30 + verified


(Reporter: smichaud, Assigned: mstange)



(Whiteboard: [STR in comment #1][fixed by bug 973308 ])

Crash Data

This is spun off from bug 928168 and bug 973308.  It concerns the "new crashes" discussed at bug 928168 comment #58 and following.

These crashes were triggered by the following patch:

 Bug 966996 - The computed gradient stops need not cover the origin, so don't start at zero. r=jrmuizel
author	Markus Stange <>
	Thu Feb 13 12:11:16 2014 +0100 (at Thu Feb 13 12:11:16 2014 +0100)

Together they're now easily the #1 topcrasher on the 30 branch (currently the trunk).

The crash stacks for OS X 10.9.X and 10.8.X and largely corrupt and unreadable.  But the crash stacks for OS X 10.7.5 and 10.6.8 are clear enough:

I don't know why we crash throwing a C++ exception.  That may be a separate issue.
Crash Signature: [@ libsystem_kernel.dylib@0x15866 ] [@ libsystem_kernel.dylib@0x12212 ] [@ libsystem_kernel.dylib@0x16ce2 ] [@ __kill ]
STR, taken from bug 928168 comment #70 and bug 928168 comment #71:

1) Visit and log in.
2) Click on the Calendar tab.
3) Then click back and forth on the Day, Week and Month tabs.
Whiteboard: [STR in comment #1]
See Also: → 928168, 973308
Duplicate of this bug: 973844
Duplicate of this bug: 973798
We're certainly going hit a lot of this internally, and it might be impacting other sites, so worth tracking for now.
Duplicate of this bug: 973902
Markus's v1 patch at bug 973308 (attachment 8377087 [details] [diff] [review]) is actually targeted at this bug.  I'll try it and report back.
Blocks: 973308
I tried your v1 patch, Markus, and with it I no longer crash using the STR from comment #1.
I'm having this crash too with the same signature on Twitter, LinkedIn and a few other sites.
(In reply to Benjamin Kerensa [:bkerensa] from comment #8)
> I'm having this crash too with the same signature on Twitter, LinkedIn and a
> few other sites.

Many people that use Macs do, and according to comment #7, the patch in bug 973308 helps. It should land ASAP.
Duplicate of this bug: 974182
The crash should be fixed by bug 973308. Please reopen if it's not.
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [STR in comment #1] → [STR in comment #1][fixed by bug 973308 ]
Target Milestone: --- → mozilla30
See Also: → 975158
I was able to crash an old Nightly (2014-02-15) using STR from comment 1 on Mac OS X 10.7.5 bp-f721c722-9799-411c-baa0-95c162140506. Verified that the issue does not reproduce anymore using Firefox 30 beta 2 on Mac OS X 10.7, 10.6, 10.8 and 10.9. I used the zimbra demo page
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.