Closed Bug 991767 Opened 6 years ago Closed 5 years ago

crash in mozilla::layers::FillRectWithMask(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::Filter, mozilla::gfx::DrawOptions const&, mozilla::layers::Layer*)

Categories

(Core :: Graphics: Layers, defect, critical)

31 Branch
x86
Windows NT
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla31
Tracking Status
firefox29 + wontfix
firefox30 + verified
firefox31 + verified

People

(Reporter: lizzard, Assigned: mattwoodrow)

References

Details

(4 keywords)

Crash Data

Attachments

(2 files)

This bug was filed from the Socorro interface and is 
report bp-6e438778-1e4f-4569-9ab0-7b7732140402.
=============================================================

This is a topcrasher for Firefox 31.0a1 first appearing in the 2014040203 build, with 154 out of 5697 crashes; 152 on Windows and 2 on Mac. 

Several helpful comments in the crash reports mention printing PDFs off Google Drive.
Matt and Nicolas, might this be related to one of your commits? Sorry to bug you if not.  Thanks!
Flags: needinfo?(nical.bugzilla)
Flags: needinfo?(matt.woodrow)
Thanks for reporting this Liz. Here is some more information.

Stack:
0 	xul.dll 	mozilla::layers::FillRectWithMask(mozilla::gfx::DrawTarget *,mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::SourceSurface *,mozilla::gfx::Filter,mozilla::gfx::DrawOptions const &,mozilla::layers::Layer *) 	gfx/layers/basic/BasicLayersImpl.cpp
1 	gkmedias.dll 	cairo_surface_get_extents 	gfx/cairo/cairo/src/cairo-surface.c
2 	xul.dll 	mozilla::layers::Layer::GetLocalOpacity() 	gfx/layers/Layers.cpp
3 	xul.dll 	mozilla::layers::Layer::GetEffectiveOpacity() 	gfx/layers/Layers.cpp
4 	xul.dll 	mozilla::layers::BasicCanvasLayer::Paint(mozilla::gfx::DrawTarget *,mozilla::layers::Layer *) 	gfx/layers/basic/BasicCanvasLayer.cpp
5 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) 	gfx/layers/basic/BasicLayerManager.cpp
6 	xul.dll 	gfxContext::GetClipExtents() 	gfx/thebes/gfxContext.cpp
7 	xul.dll 	mozilla::layers::PaintLayerContext::Apply2DTransform() 	gfx/layers/basic/BasicLayerManager.cpp
8 	xul.dll 	mozilla::layers::Layer::GetEffectiveVisibleRegion() 	gfx/layers/Layers.cpp
9 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,mozilla::layers::DrawRegionClip,nsIntRegion const &,void *),void *,mozilla::layers::ReadbackProcessor *) 	gfx/layers/basic/BasicLayerManager.cpp
10 	xul.dll 	xul.dll@0xfce4b4 	
11 	xul.dll 	nsTArray_Impl<nsMenuEntry *,nsTArrayInfallibleAllocator>::AppendElements<nsMenuEntry *>(nsMenuEntry * const *,unsigned int) 	obj-firefox/dist/include/nsTArray.h
12 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) 	gfx/layers/basic/BasicLayerManager.cpp
13 	xul.dll 	mozilla::layers::PaintLayerContext::Apply2DTransform() 	gfx/layers/basic/BasicLayerManager.cpp
14 	xul.dll 	mozilla::layers::Layer::GetEffectiveVisibleRegion() 	gfx/layers/Layers.cpp
15 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,mozilla::layers::DrawRegionClip,nsIntRegion const &,void *),void *,mozilla::layers::ReadbackProcessor *) 	gfx/layers/basic/BasicLayerManager.cpp
16 	xul.dll 	xul.dll@0xfce4b4 	
17 	xul.dll 	nsTArray_Impl<nsMenuEntry *,nsTArrayInfallibleAllocator>::AppendElements<nsMenuEntry *>(nsMenuEntry * const *,unsigned int) 	obj-firefox/dist/include/nsTArray.h
18 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) 	gfx/layers/basic/BasicLayerManager.cpp
19 	xul.dll 	mozilla::layers::PaintLayerContext::Apply2DTransform() 	gfx/layers/basic/BasicLayerManager.cpp
20 	xul.dll 	mozilla::layers::Layer::GetEffectiveVisibleRegion() 	gfx/layers/Layers.cpp
21 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,mozilla::layers::DrawRegionClip,nsIntRegion const &,void *),void *,mozilla::layers::ReadbackProcessor *) 	gfx/layers/basic/BasicLayerManager.cpp
22 	xul.dll 	xul.dll@0xfce4b4 	
23 	xul.dll 	nsTArray_Impl<nsMenuEntry *,nsTArrayInfallibleAllocator>::AppendElements<nsMenuEntry *>(nsMenuEntry * const *,unsigned int) 	obj-firefox/dist/include/nsTArray.h
24 	xul.dll 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) 	gfx/layers/basic/BasicLayerManager.cpp
25 	xul.dll 	mozilla::layers::PaintLayerContext::Apply2DTransform() 	gfx/layers/basic/BasicLayerManager.cpp
26 	xul.dll 	mozilla::layers::Layer::GetEffectiveVisibleRegion() 	gfx/layers/Layers.cpp
27 	xul.dll 	mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,mozilla::layers::DrawRegionClip,nsIntRegion const &,void *),void *,mozilla::layers::ReadbackProcessor *) 	gfx/layers/basic/BasicLayerManager.cpp
28 	gkmedias.dll 	cairo_gstate_clip_extents 	gfx/cairo/cairo/src/cairo-gstate.c
29 	xul.dll 	xul.dll@0xfce4b4 	
30 	gkmedias.dll 	moz_cairo_clip_extents 	gfx/cairo/cairo/src/cairo.c
31 	xul.dll 	mozilla::gfx::BaseRect<double,gfxRect,gfxPoint,gfxSize,gfxMargin>::RoundOut() 	obj-firefox/dist/include/mozilla/gfx/BaseRect.h
32 	xul.dll 	xul.dll@0xfce4b4 	
33 	xul.dll 	mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,mozilla::layers::DrawRegionClip,nsIntRegion const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/basic/BasicLayerManager.cpp

More Reports:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Alayers%3A%3AFillRectWithMask%28mozilla%3A%3Agfx%3A%3ADrawTarget*%2C%20mozilla%3A%3Agfx%3A%3ARectTyped%3Cmozilla%3A%3Agfx%3A%3AUnknownUnits%3E%20const%26%2C%20mozilla%3A%3Agfx%3A%3ASourceSurface*%2C%20mozilla%3A%3Agfx%3A%3AFilter%2C%20mozilla%3A%3Agfx%3A%3ADrawOptions%20const%26%2C%20mozilla%3A%3Alayers%3A%3ALayer*%29

Top URLs:
28 	about:blank
8 	https://versand.ebay.de/druck/DHLPaketschein.pdf
5 	http://www2.pr.gov/agencias/asume/Documents/Formularios/OBJECIONNOTIFICACIONSOBREMODIFICACIONPENSIONALIMENTARIA.pdf
5 	http://www.ostia-antica.org/touristguide.pdf
4 	http://www.volksfreund-deals.de/gutscheindruck_gutschein.php?id=58447&gc=OOUGR-ITLLI-XNJWK-140403
4 	http://dor.mo.gov/forms/149.pdf
4 	https://personnel.alabama.gov/OES/Documents/PDF/PDF912502221110.pdf
4 	http://www.cbrlaser.com/SoumissionPDF.php?data=VTU4T01RM1U=&cmd
4 	http://www.wz-befestigungssysteme.de/uploads/media/gesipa_ersatzteilpreisliste_2012.pdf
4 	https://postage.ebay.com/ws/eBayISAPI.dll?PAppConfirmPostage&showPDF=true&scrshipmentid=14987965903&bulkGrpId=7068167623

Top Platforms:
98      Windows 7
30      Windows 8.1
22      Windows 8
 1      Windows XP

Pushlog:
https://hg.mozilla.org/mozilla-central/pushlogthtml?fromchange=4941a2ac0786&tochange=ac6cbaa47f34

Probable Cause:
Michael Wu - Bug 985017
Blocks: 985017
Flags: needinfo?(mwu)
Keywords: regression
combase.dll@0x3d08a also showed up for the first time on this day so it may be related.
https://crash-stats.mozilla.com/report/list?signature=combase.dll%400x3d08a
Hmm, I don't think bug 985017 could cause this stack trace.. Also, I don't see bug 985017 in the pushlog. (the pushlog url has a typo - s/pushlogthtml/pushloghtml/)
Flags: needinfo?(mwu)
No longer blocks: 985017
(In reply to Michael Wu [:mwu] from comment #5)
> the pushlog url has a typo - s/pushlogthtml/pushloghtml/

Thanks Michael.

Corrected pushlog:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4941a2ac0786&tochange=ac6cbaa47f34

This pushlog is way too big -- Paul, can you please see if you can narrow down the range using tinderbox builds?
QA Contact: paul.silaghi
Duplicate of this bug: 991973
I can reproduce this by printing the following PDF from inside the pdf.js viewer: http://h71016.www7.hp.com/dstore/html/pdfs/AMS_HP_EliteBook_850_G1_Notebook_PC_Data_Sheet.pdf
This is almost certainly my patches, I'll fix it.
Assignee: nobody → matt.woodrow
Flags: needinfo?(matt.woodrow)
Flags: needinfo?(nical.bugzilla)
This is because we're assuming that the gfxContext is always backed by a DrawTarget, and that appears not to be the case for printing (which I guess we don't have tests for).

This code needs to be changed to fix this:

http://mxr.mozilla.org/mozilla-central/source/gfx/src/nsDeviceContext.cpp#381
Last good revision: 1417d180a1d8 (2014-04-01)
First bad revision: 4941a2ac0786 (2014-04-02)
Pushlog:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1417d180a1d8&tochange=4941a2ac0786

Last good revision: d67bceffcb62
First bad revision: f94c69dfca91
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=d67bceffcb62&tochange=f94c69dfca91
(In reply to Matt Woodrow (:mattwoodrow) from comment #10)
> This is because we're assuming that the gfxContext is always backed by a
> DrawTarget, and that appears not to be the case for printing (which I guess
> we don't have tests for).

Nominating for in-testsuite as per the above statement. I have a person on my team to work on these areas where we don't have tests. Is this something you need help with?
Flags: in-testsuite?
Depends on: 988309
Attachment #8402423 - Flags: review?(roc)
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #12)
> (In reply to Matt Woodrow (:mattwoodrow) from comment #10)
> > This is because we're assuming that the gfxContext is always backed by a
> > DrawTarget, and that appears not to be the case for printing (which I guess
> > we don't have tests for).
> 
> Nominating for in-testsuite as per the above statement. I have a person on
> my team to work on these areas where we don't have tests. Is this something
> you need help with?

I don't think this will be easy to test. I think you'd need to actually print a document (maybe to a software printer device/file), which we don't have testing infra for.
https://hg.mozilla.org/mozilla-central/rev/7248b992c6b2
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Flagging for verification via crashstats. I'll have a look in a few days.
Keywords: verifyme
QA Contact: paul.silaghi → anthony.s.hughes
Reproduced in 31.0a1 (2014-04-07) with the link in comment 8. Looks fixed in 31.0a1 (2014-04-08), Win 7 x64.
Comment on attachment 8402423 [details] [diff] [review]
Use a DT for printing

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Unkown, but it fixes bug 740325.
User impact if declined: Crashes
Testing completed (on m-c, etc.): Been on m-c for a week, confirmed to fix 740325 (as well as the regression it was created for). 
Risk to taking this patch (and alternatives if risky): Very low risk.
String or IDL/UUID changes made by this patch: None
Attachment #8402423 - Flags: approval-mozilla-beta?
Attachment #8402423 - Flags: approval-mozilla-aurora?
Attachment #8402423 - Flags: approval-mozilla-beta?
Attachment #8402423 - Flags: approval-mozilla-beta+
Attachment #8402423 - Flags: approval-mozilla-aurora?
Attachment #8402423 - Flags: approval-mozilla-aurora+
Requesting tracking for 30 for probably fixing topcrash bug 740325 in Firefox 30, maybe also Android bug 992907.
Matt, can you fix the patch for uplift, please?
Flags: needinfo?(matt.woodrow)
Blocks: 992907
Volume is much lower since this landed. However, there is a single crash with a Nightly build ID of 20140408030205 which follows the landing of this fix. Matt, can you please check if this is related?

Source:
https://crash-stats.mozilla.com/report/index/e429360f-dc63-4536-bb5a-e79712140410
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #22)
> Matt, can you fix the patch for uplift, please?

This needs the dependent bug 88309 uplifted as well. I'll request uplift approval there too.

(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #23)
> Volume is much lower since this landed. However, there is a single crash
> with a Nightly build ID of 20140408030205 which follows the landing of this
> fix. Matt, can you please check if this is related?
> 
> Source:
> https://crash-stats.mozilla.com/report/index/e429360f-dc63-4536-bb5a-
> e79712140410

It's a similar bug, I'll file a new bug for it.
Flags: needinfo?(matt.woodrow)
See Also: → 996378
Filed bug 996378 for the remaining crash.
(In reply to Matt Woodrow (:mattwoodrow) from comment #24)
> (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #22)
> > Matt, can you fix the patch for uplift, please?
> 
> This needs the dependent bug 88309 uplifted as well. I'll request uplift
> approval there too.

You mean bug 988309 instead. :)
And thanks for that!
The Firefox 31 story for this signature remains the same as comment 23 today. Considering this and comment 25, I'm going to call this verified fixed for Firefox 31.
Status: RESOLVED → VERIFIED
There are no reports of this particular crash ever being on 29 or 30.  However, since uplift of this fix to 30, the crash in bug 740325 no longer occurs. Based on that data,  marking verified for 30 in both bugs.
Depends on: 1003707
Matt, I see you requested this uplift to 29 in comment #18 but do you remember why we got to the idea of uplifting this to beta? Here and in bug 740325 I only see evidence of crashes in 30 and 31 but not in 29, so it sounds to me as if we uplifted to beta without any good reasons.
Unfortunately, we caused bug 1003707 with that uplift, so I'm trying to find out both why we did it and if there would be any problem expected with backing out on release for a potential respin.
Flags: needinfo?(matt.woodrow)
I don't remember a specific reason. I think it was just an unfortunate miscommunication about which versions were affected.
Flags: needinfo?(matt.woodrow)
To clarify, I don't see any downside to backing this out on release for a respin if the issue is deemed critical enough (or we have other reasons for a respin).
Matth, in case we do a 29.0.1, could you prepare a backout of the patch for mozilla-release? Thanks
Flags: needinfo?(matt.woodrow)
Flags: needinfo?(matt.woodrow)
Backed out from Fx29 for causing bug 1003707.
Depends on: 1006576
Blocks: 989885
Duplicate of this bug: 989885
Depends on: 1120490
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #35)
> Backed out from Fx29 for causing bug 1003707.

For reference, that backout-commit was https://hg.mozilla.org/releases/mozilla-release/rev/07e9f010bf08
You need to log in before you can comment on or make changes to this bug.