Closed
Bug 397293
Opened 17 years ago
Closed 17 years ago
Crash [@ CGBitmapContextCreateImage] with <xul:listbox>, opacity
Categories
(Core :: XUL, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9beta1
People
(Reporter: jruderman, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [dbaron-1.9:Rs])
Crash Data
Attachments
(3 files)
(deleted),
application/xhtml+xml
|
Details | |
(deleted),
text/plain
|
Details | |
(deleted),
patch
|
vlad
:
review+
vlad
:
superreview+
vlad
:
approvalM9+
vlad
:
approval1.9+
|
Details | Diff | Splinter Review |
Steps to reproduce:
1. Load the testcase.
2. Wait 2 seconds.
Result: crash [@ CGBitmapContextCreateImage] dereferencing 0x00000009.
Tested with Mac trunk debug. I think this is a regression from within the last few days.
Reporter | ||
Comment 1•17 years ago
|
||
It might have to be the first page loaded in the session in order to trigger the crash.
Assignee | ||
Comment 2•17 years ago
|
||
The error is that cairo_quartz_surface_to_quartz() returns a surface
that isn't a quartz surface. The callers of this function expects
it never fail to create a quartz surface. The testcase triggers calls
with width/height == 0, which makes _cairo_malloc_ab() fail, which makes
cairo_quartz_surface_create() fail, which causes
cairo_quartz_surface_clone_similar() to fail, which makes
cairo_surface_clone_similar() call cairo_surface_fallback_clone_similar()
instead which succeeds and returns a CAIRO_SURFACE_TYPE_IMAGE which
cairo_quartz_surface_to_quartz() then casts to a cairo_quartz_surface_t.
I suppose we could prune calls with width/height == 0 at a higher level
but we need to handle this type of error anyway (malloc fails due to OOM).
Assignee | ||
Comment 3•17 years ago
|
||
* make cairo_quartz_surface_to_quartz() return NULL if it's not
a valid quartz surface and add null-checks to call sites.
* fix a couple of leaks under OOM
* fix a warning about missing initializers for cairo_quartz_surface_backend
Attachment #282152 -
Flags: superreview?(vladimir)
Attachment #282152 -
Flags: review?(vladimir)
Assignee | ||
Updated•17 years ago
|
Flags: blocking1.9?
Comment 4•17 years ago
|
||
This is probably related, seeing Mats comment 2: for several days, I see randomly entries in console.log:
> Sep 30 16:14:33 pikun /Applications/Camino.app/Contents/MacOS/Camino: CGBitmapContextCreateImage: invalid context
With both Camino Trunk builds and Minefield builds (opt).
I haven't found a way to trigger it manually. It doesn't seem to cause anything Bad, as far as I can tell.
Assignee | ||
Updated•17 years ago
|
Assignee: nobody → mats.palmgren
Flags: blocking1.9? → blocking1.9+
Updated•17 years ago
|
Whiteboard: [dbaron-1.9:Rs]
Comment 5•17 years ago
|
||
Guessing bug 400865 is a duplicate of this one, stack trace looks very close.
Crash stats page associated with that bug:
http://crash-stats.mozilla.com/report/list?range_unit=weeks&query_search=signature&query_type=contains&platform=mac&signature=CoreGraphics%400xa1d71&range_value=1
Attachment #282152 -
Flags: superreview?(vladimir)
Attachment #282152 -
Flags: superreview+
Attachment #282152 -
Flags: review?(vladimir)
Attachment #282152 -
Flags: review+
Attachment #282152 -
Flags: approvalM9?
Attachment #282152 -
Flags: approvalM9?
Attachment #282152 -
Flags: approvalM9+
Attachment #282152 -
Flags: approval1.9+
Assignee | ||
Comment 6•17 years ago
|
||
I tried to make a mochitest of the attached testcase but failed.
The crash still occurs (2007102504) although it seems harder to reproduce now,
I had to open Preferences, Reload, Zoom etc to make it crash.
Assignee | ||
Comment 7•17 years ago
|
||
mozilla/gfx/cairo/cairo/src/cairo-quartz-surface.c 1.30
-> FIXED
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M9
Comment 8•17 years ago
|
||
Verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007102604 Minefield/3.0a9pre -> no crash on testcase
-> Verified
Status: RESOLVED → VERIFIED
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: xptoolkit.xul → xptoolkit.widgets
Updated•14 years ago
|
Crash Signature: [@ CGBitmapContextCreateImage]
Assignee | ||
Comment 10•12 years ago
|
||
Flags: in-testsuite? → in-testsuite+
Comment 11•12 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•