Closed
Bug 992907
Opened 10 years ago
Closed 10 years ago
crash in _cairo_surface_snapshot_copy_on_write
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox29 | --- | unaffected |
| firefox30 | --- | verified |
| firefox31 | --- | verified |
People
(Reporter: ioana.chiorean, Unassigned)
References
Details
(Keywords: crash, reproducible, topcrash-android-armv7, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
|
61.74 KB,
text/plain
|
Details |
This bug was filed from the Socorro interface and is report bp-3e3f63de-793f-4b6d-b9c1-089082140407. Steps I've done: 1. Had the 04/06 Installed 2. tap for updates 3. Updated - crashes while installing Tested reader mode on and RTL page(FA)- bit.ly/pdfffont ============================================================= 0 libc.so libc.so@0x1cedc 1 libxul.so _cairo_surface_snapshot_copy_on_write gfx/cairo/cairo/src/cairo-surface-snapshot.c 2 libxul.so cairo_surface_detach_snapshot gfx/cairo/cairo/src/cairo-surface.c 3 libxul.so cairo_surface_detach_snapshots gfx/cairo/cairo/src/cairo-surface.c 4 libxul.so _moz_cairo_surface_finish gfx/cairo/cairo/src/cairo-surface.c 5 libxul.so _moz_cairo_surface_destroy gfx/cairo/cairo/src/cairo-surface.c 6 libxul.so gfxASurface::Release() gfx/thebes/gfxASurface.cpp 7 libxul.so mozilla::RefPtr<gfxImageSurface>::~RefPtr() 8 libxul.so imgFrame::~imgFrame() image/src/imgFrame.cpp 9 libxul.so nsAutoPtr<imgFrame>::~nsAutoPtr() obj-firefox/dist/include/nsAutoPtr.h 10 libxul.so mozilla::image::FrameDataPair::~FrameDataPair() image/src/FrameSequence.h 11 libxul.so nsTArray_Impl<mozilla::image::FrameDataPair, nsTArrayInfallibleAllocator>::DestructRange(unsigned int, unsigned int) obj-firefox/dist/include/nsTArray.h 12 libxul.so nsTArray_Impl<mozilla::image::FrameDataPair, nsTArrayInfallibleAllocator>::RemoveElementsAt(unsigned int, unsigned int) obj-firefox/dist/include/nsTArray.h 13 libxul.so mozilla::image::FrameSequence::~FrameSequence() image/src/FrameSequence.cpp 14 libxul.so mozilla::image::FrameSequence::Release() image/src/FrameSequence.h 15 libxul.so mozilla::image::RasterImage::Discard(bool) image/src/RasterImage.cpp 16 libxul.so mozilla::image::DiscardTracker::DiscardAll() image/src/DiscardTracker.cpp 17 libxul.so imgCacheObserver::Observe(nsISupports*, char const*, char16_t const*) image/src/imgLoader.cpp 18 libxul.so nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverList.cpp 19 libxul.so nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverService.cpp 20 libxul.so nsAppShell::ProcessNextNativeEvent(bool) widget/android/nsAppShell.cpp 21 libxul.so nsBaseAppShell::DoProcessNextNativeEvent(bool, unsigned int) widget/xpwidgets/nsBaseAppShell.cpp 22 libxul.so nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool, unsigned int) widget/xpwidgets/nsBaseAppShell.cpp 23 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 24 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 25 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 26 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 27 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 28 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 29 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 30 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 31 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 32 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 33 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp 34 libmozglue.so Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun mozglue/android/APKOpen.cpp 35 libdvm.so libdvm.so@0x1dc4e 36 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x211733 37 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e 38 libdvm.so libdvm.so@0x4ded1 39 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x211731 40 libmozglue.so report_mapping mozglue/android/APKOpen.cpp 41 libmozglue.so report_mapping mozglue/android/APKOpen.cpp 42 @0x4000e002 43 libdvm.so libdvm.so@0x4fb01 44 libdvm.so libdvm.so@0xa9c86 45 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06 46 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06 47 libdvm.so libdvm.so@0x55337 48 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06 49 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06 50 libdvm.so libdvm.so@0xae19e 51 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a2a 52 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e 53 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a16 54 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853 55 libdvm.so libdvm.so@0x6b429 56 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853 57 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x5ac1e 58 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e 59 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853 60 tzdata tzdata@0x86ffe 61 libdvm.so libdvm.so@0x4fa07 62 libdvm.so libdvm.so@0xa9c86 63 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a16 64 libdvm.so libdvm.so@0x4dd3f 65 libdvm.so libdvm.so@0xae19e 66 libdvm.so libdvm.so@0xa9c86 67 libdvm.so libdvm.so@0x4f8bd 68 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0xeef8c 69 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e 70 libdvm.so libdvm.so@0x1ddbe 71 libdvm.so libdvm.so@0x27062 72 libdvm.so libdvm.so@0x2df06 73 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe 74 dalvik-heap (deleted) dalvik-heap (deleted)@0x999ea6 75 libdvm.so libdvm.so@0x2b5ee 76 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x2113b6 77 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe 78 libdvm.so libdvm.so@0x5ff23 79 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe 80 dalvik-heap (deleted) dalvik-heap (deleted)@0x999ea6 81 libdvm.so libdvm.so@0xae19e 82 libdvm.so libdvm.so@0xae4aa 83 libdvm.so libdvm.so@0xae4a6 84 libdvm.so libdvm.so@0x5ff4d 85 libdvm.so libdvm.so@0x54ccd 86 libdvm.so libdvm.so@0x54c2b 87 libc.so libc.so@0xca5a 88 libc.so libc.so@0xcbd6
|
||
Updated•10 years ago
|
Component: General → Graphics
Product: Firefox for Android → Core
|
|
||
Updated•10 years ago
|
status-firefox31:
--- → affected
|
|
||
Updated•10 years ago
|
status-firefox30:
--- → affected
|
||
Updated•10 years ago
|
status-firefox29:
--- → unaffected
Whiteboard: [native-crash]
I was able to reproduce this issue consistently using the following steps to reproduce: 1. Go to a site that contains articles(cnn.com) and open one article 2. Open Firefox menu, Tools->Save as PDF 3. Open Firefox menu, Tools->Downloads 4. Open downloaded PDF(Step 4 not always necessary) Device: LG Optimus 4X HD(Android 4.1.2), Aurora 30.0a2(2014-04-13) Attaching the logcat
|
||
Comment 2•10 years ago
|
||
This is the topcrash on Android 30.0a2 right now, and a reproducible regression, therefore requesting tracking. Interestingly this signature is very similar to bug 740325, which is supposed to be fixed by bug 991767, so we should see if an eventual uplift there will fix this.
tracking-firefox30:
--- → ?
Keywords: reproducible,
topcrash-android-armv7
|
|
||
Comment 3•10 years ago
|
||
Please test a current nightly to see if this bug is a dupe of bug 991767.
Flags: needinfo?(fennec)
|
|
||
Updated•10 years ago
|
Flags: needinfo?(fennec) → needinfo?(mihai.g.pop)
I've tested on latest Nightly 31.0a1(2014-04-15) and the issue does not reproduce. Also from what I see in the crash stats, crash reproduces on Nightly only until Nightly31.0a1(2014-04-07) build, before the fix on central(https://hg.mozilla.org/mozilla-central/rev/7248b992c6b2) with bug 991767. I've reproduced this crash on Aurora 30.0a2(2014-04-15), but I was not able to reproduce it on Aurora latest tinderbox build(ftp://ftp.mozilla.org/pub/mobile/tinderbox-builds/mozilla-aurora-android/1397584082/), so it is gonna be fixed in today's Aurora build.
Flags: needinfo?(mihai.g.pop)
Verified as fixed on Aurora 30.0a2(2014-04-16). I am not marking as duplicate to bug 991767 because this one has another crash signature, even it seems to be the same issue. Was fixed with bug 991767.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
|
||
Updated•10 years ago
|
tracking-firefox30:
? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•