Open
Bug 1535801
Opened 6 years ago
Updated 2 years ago
memcpy-param-overlap in [@ rx::Buffer11::setSubData]
Categories
(Core :: Graphics: CanvasWebGL, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox67 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase, Whiteboard: gfx-noted)
Crash Data
Attachments
(1 file)
(deleted),
text/html
|
Details |
==4496==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x12162f658000,0x12172f657fff) and [0x1216368e1800, 0x1217368e17ff) overlap
#0 0x7ff97eb33d7f in __asan_memcpy src\build\build-clang\build-clang\src\llvm\projects\compiler-rt\lib\asan\asan_interceptors_memintrinsics.cc:23
#1 0x7ff96716ed23 in rx::Buffer11::setSubData src\gfx\angle\checkout\src\libANGLE\renderer\d3d\d3d11\Buffer11.cpp:410
#2 0x7ff96716e206 in rx::Buffer11::setData src\gfx\angle\checkout\src\libANGLE\renderer\d3d\d3d11\Buffer11.cpp:345
#3 0x7ff966d8b4b0 in gl::Buffer::bufferData src\gfx\angle\checkout\src\libANGLE\Buffer.cpp:87
#4 0x7ff966e07a06 in gl::Context::bufferData src\gfx\angle\checkout\src\libANGLE\Context.cpp:4900
#5 0x7ff966ce9dfd in gl::BufferData src\gfx\angle\checkout\src\libGLESv2\entry_points_gles_2_0_autogen.cpp:240
#6 0x7ff96adb86f1 in mozilla::gl::GLContext::fBufferData src\gfx\gl\GLContext.h:866
#7 0x7ff96fc52f94 in mozilla::WebGLBuffer::BufferData src\dom\canvas\WebGLBuffer.cpp:124
#8 0x7ff96fc7e128 in mozilla::WebGLContext::BufferData src\dom\canvas\WebGLContextBuffers.cpp:309
#9 0x7ff96e5c660f in mozilla::dom::WebGLRenderingContext_Binding::bufferData src\obj-firefox\dom\bindings\WebGLRenderingContextBinding.cpp:12290
#10 0x7ff96fabfd1e in mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy,mozilla::dom::binding_detail::ThrowExceptions> src\dom\bindings\BindingUtils.cpp:3144
#11 0x7ff976ba46e5 in js::InternalCallOrConstruct src\js\src\vm\Interpreter.cpp:534
#12 0x7ff976ba74d5 in InternalCall src\js\src\vm\Interpreter.cpp:589
#13 0x7ff976b8392b in Interpret src\js\src\vm\Interpreter.cpp:3075
#14 0x7ff976b67fd4 in js::RunScript src\js\src\vm\Interpreter.cpp:422
#15 0x7ff976ba4fc5 in js::InternalCallOrConstruct src\js\src\vm\Interpreter.cpp:562
#16 0x7ff976ba74d5 in InternalCall src\js\src\vm\Interpreter.cpp:589
#17 0x7ff976ba7706 in js::Call src\js\src\vm\Interpreter.cpp:605
#18 0x7ff9778027d8 in JS::Call src\js\src\jsapi.cpp:2623
#19 0x7ff96ec82ee0 in mozilla::dom::EventHandlerNonNull::Call src\obj-firefox\dom\bindings\EventHandlerBinding.cpp:266
#20 0x7ff97034d92a in mozilla::dom::EventHandlerNonNull::Call<nsISupports *> src\obj-firefox\dist\include\mozilla\dom\EventHandlerBinding.h:363
#21 0x7ff97034aa42 in mozilla::JSEventHandler::HandleEvent src\dom\events\JSEventHandler.cpp:205
#22 0x7ff970309172 in mozilla::EventListenerManager::HandleEventSubType src\dom\events\EventListenerManager.cpp:1043
#23 0x7ff97030b002 in mozilla::EventListenerManager::HandleEventInternal src\dom\events\EventListenerManager.cpp:1238
#24 0x7ff9702ed421 in mozilla::EventTargetChainItem::HandleEvent src\dom\events\EventDispatcher.cpp:351
#25 0x7ff9702eb66f in mozilla::EventTargetChainItem::HandleEventTargetChain src\dom\events\EventDispatcher.cpp:553
#26 0x7ff9702f0eb4 in mozilla::EventDispatcher::Dispatch src\dom\events\EventDispatcher.cpp:1048
#27 0x7ff9702fa796 in mozilla::EventDispatcher::DispatchDOMEvent src\dom\events\EventDispatcher.cpp
#28 0x7ff96c2a353e in nsINode::DispatchEvent src\dom\base\nsINode.cpp:1024
#29 0x7ff97031a2a6 in mozilla::dom::EventTarget::DispatchEvent src\dom\events\EventTarget.cpp:178
#30 0x7ff97026f962 in mozilla::AsyncEventDispatcher::Run src\dom\events\AsyncEventDispatcher.cpp:69
#31 0x7ff968302d65 in mozilla::SchedulerGroup::Runnable::Run src\xpcom\threads\SchedulerGroup.cpp:295
#32 0x7ff968335c60 in nsThread::ProcessNextEvent src\xpcom\threads\nsThread.cpp:1179
#33 0x7ff96833daf8 in NS_ProcessNextEvent src\xpcom\threads\nsThreadUtils.cpp:482
#34 0x7ff9694090ff in mozilla::ipc::MessagePump::Run src\ipc\glue\MessagePump.cpp:88
#35 0x7ff9693562ce in MessageLoop::RunHandler src\ipc\chromium\src\base\message_loop.cc:308
#36 0x7ff969356065 in MessageLoop::Run src\ipc\chromium\src\base\message_loop.cc:290
#37 0x7ff97262490a in nsBaseAppShell::Run src\widget\nsBaseAppShell.cpp:137
#38 0x7ff9727b4b28 in nsAppShell::Run src\widget\windows\nsAppShell.cpp:411
#39 0x7ff9768b4f6d in XRE_RunAppShell src\toolkit\xre\nsEmbedFunctions.cpp:933
#40 0x7ff9693562ce in MessageLoop::RunHandler src\ipc\chromium\src\base\message_loop.cc:308
#41 0x7ff969356065 in MessageLoop::Run src\ipc\chromium\src\base\message_loop.cc:290
#42 0x7ff9768b425e in XRE_InitChildProcess src\toolkit\xre\nsEmbedFunctions.cpp:771
#43 0x7ff667bf21a8 in Ordinal0+0x21a8 (firefox.exe+0x1400021a8)
#44 0x7ff667bf14f2 in Ordinal0+0x14f2 (firefox.exe+0x1400014f2
Flags: in-testsuite?
Reporter | ||
Updated•6 years ago
|
Crash Signature: [@ vcruntime140.dll | rx::Buffer11::setSubData]
Reporter | ||
Updated•6 years ago
|
Crash Signature: [@ vcruntime140.dll | rx::Buffer11::setSubData] → [@ vcruntime140.dll | rx::Buffer11::setSubData][@ memcpy | rx::Buffer11::setSubData ]
Comment 1•6 years ago
|
||
Overlap could cause correctness issues, but should be safe.
Also those ranges look really really big?
Severity: normal → minor
Priority: -- → P3
Whiteboard: gfx-noted
Updated•2 years ago
|
Severity: minor → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•