Closed
Bug 765198
Opened 13 years ago
Closed 12 years ago
WebGL crash [@mozilla::WebGLContext::ReadPixels]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
mozilla16
Tracking | Status | |
---|---|---|
firefox15 | --- | affected |
People
(Reporter: posidron, Assigned: bjacob)
References
Details
(4 keywords, Whiteboard: [asan] webgl-test-needed)
Crash Data
Attachments
(4 files)
No description provided.
Reporter | ||
Comment 1•13 years ago
|
||
Comment 2•13 years ago
|
||
On Windows: bp-4163d421-8c71-4a16-b481-777092120615
Crash Signature: [@ mozilla::WebGLContext::ReadPixels(int, int, int, int, unsigned int, unsigned int, mozilla::dom::TypedArray_base<unsigned char, void, &JS_GetArrayBufferViewData(JSObject*, JSContext*), &JS_GetArrayBufferViewByteLength(JSObject*, JSContext*)>* mozilla::.…
OS: Mac OS X → All
Hardware: x86_64 → All
It's a regression, you can add 'regression' keyword.
Regression range:
m-c
good=2012-06-02
bad=2012-06-03
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5199196b65ec&tochange=d0ebcaa7efb5
m-i
good=2012-06-01
bad=2012-06-02
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=50c9995aa7d0&tochange=9abc60f44fd5
Suspected bug:
Boris Zbarsky — Bug 748266. Switch the WebGL canvas context to new DOM bindings. r=peterv
Assignee | ||
Comment 4•13 years ago
|
||
Many thanks for the report. The crash is trivial: the testcase calls readpixels with null |pixels| argument and we crash at:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3e2e703 in mozilla::WebGLContext::ReadPixels (this=0x3a3f2b0, x=7, y=7, width=7, height=63, format=6406, type=32820, pixels=0x0,
rv=...) at /hack/mozilla-central/content/canvas/src/WebGLContextGL.cpp:3856
3856 void* data = pixels->mData;
(gdb) p pixels
$1 = (mozilla::dom::ArrayBufferView *) 0x0
Assignee | ||
Comment 5•13 years ago
|
||
Per spec, 5.14.12: If pixels is null, an INVALID_VALUE error is generated.
Attachment #633529 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 6•13 years ago
|
||
Confirming the testcase doesn't crash anymore with this patch.
Updated•13 years ago
|
Comment 7•13 years ago
|
||
> Per spec, 5.14.12: If pixels is null, an INVALID_VALUE error is generated.
This should probably have a test in the test suite, if there isn't one already; our old binding code threw NS_ERROR_FAILURE in that case....
Comment 8•13 years ago
|
||
Comment on attachment 633529 [details] [diff] [review]
check for null pixels in readPixels
r=me
Attachment #633529 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 9•13 years ago
|
||
Assignee: nobody → bjacob
Whiteboard: [asan] → [asan] webgl-test-needed
Target Milestone: --- → mozilla15
Updated•13 years ago
|
Target Milestone: mozilla15 → mozilla16
Comment 10•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
status-firefox15:
--- → affected
Reporter | ||
Comment 11•13 years ago
|
||
The testcase now produces an assertion failure:
JavaScript warning: file:///765198/testcase.html, line 40: WebGL: readPixels: null destination buffer
Assertion failure: !AccessCheck::callerIsChrome(), at /Users/cdiehl/Code/Mozilla/mc-asan/js/xpconnect/wrappers/XrayWrapper.cpp:770
Reporter | ||
Updated•13 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 12•13 years ago
|
||
I can only reproduce this crash on Win7 and on Mac; I cannot reproduce on Linux and WinXP. So I will need a bit more time than normal to debug this.
Assignee | ||
Comment 13•13 years ago
|
||
Actually, I can't reproduce anymore on my Mac since I updated Nightly from June 11's build to today's.
Can you still reproduce in current Nightly?
Reporter | ||
Comment 14•13 years ago
|
||
I can reproduce it with an ASAN enabled build (trunk).
Assignee | ||
Comment 15•12 years ago
|
||
Can't easily debug on Windows at the moment due to bug 767006.
Depends on: 767006
Assignee | ||
Comment 16•12 years ago
|
||
I can't reproduce the crash anymore in a Windows debug build from today's mozilla-central. Last week, I could reproduce. Can you still reproduce a crash or is ASAN necessary to observe any issue?
Reporter | ||
Comment 17•12 years ago
|
||
Yes, an ASAN build seems to be necessary.
Assignee | ||
Comment 18•12 years ago
|
||
Can you teach me how to make an ASAN build? And then, how to reproduce with it?
Reporter | ||
Comment 19•12 years ago
|
||
The steps for building are described here:
https://developer.mozilla.org/en/Building_Firefox_with_Address_Sanitizer
Once you have done that, you can just open the testcase with Firefox and you will see the result in the shell.
Reporter | ||
Comment 20•12 years ago
|
||
Fixed. The bug is indeed fixed with a build of today even with ASAN enabled.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•