Closed
Bug 1302186
Opened 8 years ago
Closed 7 years ago
AddressSanitizer: memcpy-param-overlap: memory ranges overlap in [@ S32_Opaque_BlitRow32]
Categories
(Core :: Graphics, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | affected |
People
(Reporter: truber, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-undefined, testcase, Whiteboard: [gfx-noted])
Attachments
(2 files)
The attached testcase crashes on mozilla-central revision 20160912-1851b78b5a96
Backtrace:
==7983==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7fba1e6e38c4,0x7fba1e6e7398) and [0x7fba1e6e3800, 0x7fba1e6e72d4) overlap
#0 0x49ad76 in __asan_memcpy /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393:3
#1 0x7fba59be291e in S32_Opaque_BlitRow32(unsigned int*, unsigned int const*, int, unsigned int) /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkBlitRow_D32.cpp:20:5
#2 0x7fba5a0c2cf8 in Sprite_D32_S32::blitRect(int, int, int, int) /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkSpriteBlitter_ARGB32.cpp:45:13
#3 0x7fba5a07b097 in blitrect /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkScan.cpp:14:5
#4 0x7fba5a07b097 in SkScan::FillIRect(SkIRect const&, SkRegion const*, SkBlitter*) /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkScan.cpp:29
#5 0x7fba5a07b5ac in SkScan::FillIRect(SkIRect const&, SkRasterClip const&, SkBlitter*) /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkScan.cpp:72:9
#6 0x7fba59e83785 in SkDraw::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) const /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkDraw.cpp:1310:17
#7 0x7fba59bc94b8 in SkCanvas::onDrawBitmap(SkBitmap const&, float, float, SkPaint const*) /home/worker/workspace/build/src/gfx/skia/skia/src/core/SkCanvas.cpp:2367:13
#8 0x7fba5226d379 in mozilla::gfx::DrawTargetSkia::CopySurface(mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&) /home/worker/workspace/build/src/gfx/2d/DrawTargetSkia.cpp:1657:3
#9 0x7fba52270ba3 in mozilla::gfx::DrawTarget::CopyRect(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&) /home/worker/workspace/build/src/gfx/2d/2D.h:889:5
#10 0x7fba5254d3b2 in mozilla::layers::RotatedContentBuffer::BeginPaint(mozilla::layers::PaintedLayer*, unsigned int) /home/worker/workspace/build/src/gfx/layers/RotatedBuffer.cpp:600:11
|
Reporter | |
Comment 1•8 years ago
|
||
|
||
Updated•8 years ago
|
Flags: in-testsuite?
|
||
Updated•8 years ago
|
Whiteboard: [gfx-noted]
|
||
Comment 2•8 years ago
|
||
This should already be fixed by bug 1301920. RotatedBuffer calls CopyRect, which draws from a snapshot of the draw target back onto itself. Bug 1301920 fixed the copy-on-write handling of snapshots, so that the snapshot should now be an actual copy by the time it gets to Skia in this case.
Can you confirm it is fixed?
Flags: needinfo?(jschwartzentruber)
|
|
Reporter | |
Comment 3•8 years ago
|
||
Confirmed, this is fixed in the m-c nightlies around that commit.
Flags: needinfo?(jschwartzentruber)
|
|
Reporter | |
Updated•8 years ago
|
Severity: normal → critical
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•