Closed Bug 973971 Opened 6 years ago Closed 6 years ago

Crashes in mozilla::gfx::DrawGradient() | mozilla::gfx::DrawTargetCG::FillRect() throwing a C++ exception

Categories

(Core :: Graphics, defect, critical)

All
macOS
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla30
Tracking Status
firefox29 --- unaffected
firefox30 + verified

People

(Reporter: smichaud, Assigned: mstange)

References

Details

(Whiteboard: [STR in comment #1][fixed by bug 973308 ])

Crash Data

This is spun off from bug 928168 and bug 973308.  It concerns the "new crashes" discussed at bug 928168 comment #58 and following.

These crashes were triggered by the following patch:

http://hg.mozilla.org/mozilla-central/rev/7d6e5cd7fe20

 Bug 966996 - The computed gradient stops need not cover the origin, so don't start at zero. r=jrmuizel
author	Markus Stange <mstange@themasta.com>
	Thu Feb 13 12:11:16 2014 +0100 (at Thu Feb 13 12:11:16 2014 +0100)

Together they're now easily the #1 topcrasher on the 30 branch (currently the trunk).

The crash stacks for OS X 10.9.X and 10.8.X and largely corrupt and unreadable.  But the crash stacks for OS X 10.7.5 and 10.6.8 are clear enough:

https://crash-stats.mozilla.com/report/list?signature=libsystem_kernel.dylib%400x16ce2&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&platform=mac&version=Firefox%3A30.0a1&hang_type=any&date=2014-02-18+17%3A00%3A00&range_value=1#reports

https://crash-stats.mozilla.com/report/list?signature=__kill&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&platform=mac&version=Firefox%3A30.0a1&hang_type=any&date=2014-02-18+17%3A00%3A00&range_value=1#reports

I don't know why we crash throwing a C++ exception.  That may be a separate issue.
Crash Signature: [@ libsystem_kernel.dylib@0x15866 ] [@ libsystem_kernel.dylib@0x12212 ] [@ libsystem_kernel.dylib@0x16ce2 ] [@ __kill ]
STR, taken from bug 928168 comment #70 and bug 928168 comment #71:

1) Visit https://mail.mozilla.com and log in.
2) Click on the Calendar tab.
3) Then click back and forth on the Day, Week and Month tabs.
Whiteboard: [STR in comment #1]
See Also: → 928168, 973308
Duplicate of this bug: 973844
Duplicate of this bug: 973798
We're certainly going hit a lot of this internally, and it might be impacting other sites, so worth tracking for now.
Duplicate of this bug: 973902
Markus's v1 patch at bug 973308 (attachment 8377087 [details] [diff] [review]) is actually targeted at this bug.  I'll try it and report back.
Blocks: 973308
I tried your v1 patch, Markus, and with it I no longer crash using the STR from comment #1.
I'm having this crash too with the same signature on Twitter, LinkedIn and a few other sites.
(In reply to Benjamin Kerensa [:bkerensa] from comment #8)
> I'm having this crash too with the same signature on Twitter, LinkedIn and a
> few other sites.

Many people that use Macs do, and according to comment #7, the patch in bug 973308 helps. It should land ASAP.
Duplicate of this bug: 974182
The crash should be fixed by bug 973308. Please reopen if it's not.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Whiteboard: [STR in comment #1] → [STR in comment #1][fixed by bug 973308 ]
Target Milestone: --- → mozilla30
See Also: → 975158
I was able to crash an old Nightly (2014-02-15) using STR from comment 1 on Mac OS X 10.7.5 bp-f721c722-9799-411c-baa0-95c162140506. Verified that the issue does not reproduce anymore using Firefox 30 beta 2 on Mac OS X 10.7, 10.6, 10.8 and 10.9. I used the zimbra demo page http://www.zimbra.com/products/hosted_demo.php
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.