Closed
Bug 992907
Opened 11 years ago
Closed 11 years ago
crash in _cairo_surface_snapshot_copy_on_write
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox29 | --- | unaffected |
| firefox30 | --- | verified |
| firefox31 | --- | verified |
People
(Reporter: ioana.chiorean, Unassigned)
References
Details
(Keywords: crash, reproducible, topcrash-android-armv7, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file)
|
(deleted),
text/plain
|
Details |
This bug was filed from the Socorro interface and is
report bp-3e3f63de-793f-4b6d-b9c1-089082140407.
Steps I've done:
1. Had the 04/06 Installed
2. tap for updates
3. Updated - crashes while installing
Tested reader mode on and RTL page(FA)- bit.ly/pdfffont
=============================================================
0 libc.so libc.so@0x1cedc
1 libxul.so _cairo_surface_snapshot_copy_on_write gfx/cairo/cairo/src/cairo-surface-snapshot.c
2 libxul.so cairo_surface_detach_snapshot gfx/cairo/cairo/src/cairo-surface.c
3 libxul.so cairo_surface_detach_snapshots gfx/cairo/cairo/src/cairo-surface.c
4 libxul.so _moz_cairo_surface_finish gfx/cairo/cairo/src/cairo-surface.c
5 libxul.so _moz_cairo_surface_destroy gfx/cairo/cairo/src/cairo-surface.c
6 libxul.so gfxASurface::Release() gfx/thebes/gfxASurface.cpp
7 libxul.so mozilla::RefPtr<gfxImageSurface>::~RefPtr()
8 libxul.so imgFrame::~imgFrame() image/src/imgFrame.cpp
9 libxul.so nsAutoPtr<imgFrame>::~nsAutoPtr() obj-firefox/dist/include/nsAutoPtr.h
10 libxul.so mozilla::image::FrameDataPair::~FrameDataPair() image/src/FrameSequence.h
11 libxul.so nsTArray_Impl<mozilla::image::FrameDataPair, nsTArrayInfallibleAllocator>::DestructRange(unsigned int, unsigned int) obj-firefox/dist/include/nsTArray.h
12 libxul.so nsTArray_Impl<mozilla::image::FrameDataPair, nsTArrayInfallibleAllocator>::RemoveElementsAt(unsigned int, unsigned int) obj-firefox/dist/include/nsTArray.h
13 libxul.so mozilla::image::FrameSequence::~FrameSequence() image/src/FrameSequence.cpp
14 libxul.so mozilla::image::FrameSequence::Release() image/src/FrameSequence.h
15 libxul.so mozilla::image::RasterImage::Discard(bool) image/src/RasterImage.cpp
16 libxul.so mozilla::image::DiscardTracker::DiscardAll() image/src/DiscardTracker.cpp
17 libxul.so imgCacheObserver::Observe(nsISupports*, char const*, char16_t const*) image/src/imgLoader.cpp
18 libxul.so nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverList.cpp
19 libxul.so nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverService.cpp
20 libxul.so nsAppShell::ProcessNextNativeEvent(bool) widget/android/nsAppShell.cpp
21 libxul.so nsBaseAppShell::DoProcessNextNativeEvent(bool, unsigned int) widget/xpwidgets/nsBaseAppShell.cpp
22 libxul.so nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool, unsigned int) widget/xpwidgets/nsBaseAppShell.cpp
23 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
24 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp
25 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
26 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc
27 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
28 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp
29 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp
30 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp
31 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp
32 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp
33 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp
34 libmozglue.so Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun mozglue/android/APKOpen.cpp
35 libdvm.so libdvm.so@0x1dc4e
36 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x211733
37 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e
38 libdvm.so libdvm.so@0x4ded1
39 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x211731
40 libmozglue.so report_mapping mozglue/android/APKOpen.cpp
41 libmozglue.so report_mapping mozglue/android/APKOpen.cpp
42 @0x4000e002
43 libdvm.so libdvm.so@0x4fb01
44 libdvm.so libdvm.so@0xa9c86
45 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06
46 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06
47 libdvm.so libdvm.so@0x55337
48 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06
49 dalvik-heap (deleted) dalvik-heap (deleted)@0x9ebc06
50 libdvm.so libdvm.so@0xae19e
51 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a2a
52 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e
53 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a16
54 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853
55 libdvm.so libdvm.so@0x6b429
56 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853
57 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x5ac1e
58 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e
59 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x237853
60 tzdata tzdata@0x86ffe
61 libdvm.so libdvm.so@0x4fa07
62 libdvm.so libdvm.so@0xa9c86
63 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x303a16
64 libdvm.so libdvm.so@0x4dd3f
65 libdvm.so libdvm.so@0xae19e
66 libdvm.so libdvm.so@0xa9c86
67 libdvm.so libdvm.so@0x4f8bd
68 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0xeef8c
69 dalvik-heap (deleted) dalvik-heap (deleted)@0x8ce94e
70 libdvm.so libdvm.so@0x1ddbe
71 libdvm.so libdvm.so@0x27062
72 libdvm.so libdvm.so@0x2df06
73 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe
74 dalvik-heap (deleted) dalvik-heap (deleted)@0x999ea6
75 libdvm.so libdvm.so@0x2b5ee
76 data@app@org.mozilla.fennec-2.apk@classes.dex data@app@org.mozilla.fennec-2.apk@classes.dex@0x2113b6
77 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe
78 libdvm.so libdvm.so@0x5ff23
79 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x30fffe
80 dalvik-heap (deleted) dalvik-heap (deleted)@0x999ea6
81 libdvm.so libdvm.so@0xae19e
82 libdvm.so libdvm.so@0xae4aa
83 libdvm.so libdvm.so@0xae4a6
84 libdvm.so libdvm.so@0x5ff4d
85 libdvm.so libdvm.so@0x54ccd
86 libdvm.so libdvm.so@0x54c2b
87 libc.so libc.so@0xca5a
88 libc.so libc.so@0xcbd6
|
||
Updated•11 years ago
|
Component: General → Graphics
Product: Firefox for Android → Core
|
|
||
Updated•11 years ago
|
status-firefox31:
--- → affected
|
|
||
Updated•11 years ago
|
status-firefox30:
--- → affected
|
||
Updated•11 years ago
|
status-firefox29:
--- → unaffected
Whiteboard: [native-crash]
I was able to reproduce this issue consistently using the following steps to reproduce:
1. Go to a site that contains articles(cnn.com) and open one article
2. Open Firefox menu, Tools->Save as PDF
3. Open Firefox menu, Tools->Downloads
4. Open downloaded PDF(Step 4 not always necessary)
Device: LG Optimus 4X HD(Android 4.1.2), Aurora 30.0a2(2014-04-13)
Attaching the logcat
|
||
Comment 2•11 years ago
|
||
This is the topcrash on Android 30.0a2 right now, and a reproducible regression, therefore requesting tracking.
Interestingly this signature is very similar to bug 740325, which is supposed to be fixed by bug 991767, so we should see if an eventual uplift there will fix this.
tracking-firefox30:
--- → ?
Keywords: reproducible,
topcrash-android-armv7
|
|
||
Comment 3•11 years ago
|
||
Please test a current nightly to see if this bug is a dupe of bug 991767.
Flags: needinfo?(fennec)
|
|
||
Updated•11 years ago
|
Flags: needinfo?(fennec) → needinfo?(mihai.g.pop)
I've tested on latest Nightly 31.0a1(2014-04-15) and the issue does not reproduce.
Also from what I see in the crash stats, crash reproduces on Nightly only until Nightly31.0a1(2014-04-07) build, before the fix on central(https://hg.mozilla.org/mozilla-central/rev/7248b992c6b2) with bug 991767.
I've reproduced this crash on Aurora 30.0a2(2014-04-15), but I was not able to reproduce it on Aurora latest tinderbox build(ftp://ftp.mozilla.org/pub/mobile/tinderbox-builds/mozilla-aurora-android/1397584082/), so it is gonna be fixed in today's Aurora build.
Flags: needinfo?(mihai.g.pop)
Verified as fixed on Aurora 30.0a2(2014-04-16).
I am not marking as duplicate to bug 991767 because this one has another crash signature, even it seems to be the same issue. Was fixed with bug 991767.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
|
||
Updated•11 years ago
|
tracking-firefox30:
? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•