Closed Bug 1446412 Opened 6 years ago Closed 6 years ago

MOZ_GL_DEBUG_ABORT_ON_ERROR near [@ mozilla::WebGLContext::GetChannelBits]

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Version:
59 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla61
Tracking Flags:
Tracking Status
firefox-esr52 --- wontfix
firefox59 --- wontfix
firefox60 --- wontfix
firefox61 --- fixed

People

(Reporter: jkratzer, Assigned: jgilbert)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [gfx-noted])

Attachments

(2 files)

trigger.html
811 bytes, text/html
Details
Bug 1446412 - Forbid implicit construction of WebGLFBAttachPoint. -
59 bytes, text/x-review-board-request
kvark
: review+
Details
Attached file trigger.html 
Testcase found while fuzzing mozilla-central rev 9cd8e03d9e47.

rax = 0x0000000000000000   rdx = 0x0000000000000000
rcx = 0x00007f5004aca2dd   rbx = 0x00007f4fd996f000
rsi = 0x00007f5004d99770   rdi = 0x00007f5004d98540
rbp = 0x00007ffd77b7fc50   rsp = 0x00007ffd77b7fc30
r8 = 0x00007f5004d99770    r9 = 0x00007f5005e64740
r10 = 0x0000000000000039   r11 = 0x0000000000000000
r12 = 0x0000000000000502   r13 = 0x00007f4ff7b28ee0
r14 = 0x00007f4fd996f000   r15 = 0x00007ffd77b7fee8
rip = 0x00007f4ff41cd4f5
OS|Linux|0.0.0 Linux 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::gl::GLContext::AfterGLCall_Debug|hg:hg.mozilla.org/mozilla-central:gfx/gl/GLContext.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|3029|0x18
0|1|libxul.so|mozilla::WebGLContext::GetChannelBits|hg:hg.mozilla.org/mozilla-central:gfx/gl/GLContext.h:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|2041|0xf
0|2|libxul.so|mozilla::WebGLContext::GetParameter|hg:hg.mozilla.org/mozilla-central:dom/canvas/WebGLContextState.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|402|0x15
0|3|libxul.so|mozilla::WebGL2Context::GetParameter|hg:hg.mozilla.org/mozilla-central:dom/canvas/WebGL2ContextState.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|196|0xe
0|4|libxul.so|mozilla::WebGLContext::GetParameter|hg:hg.mozilla.org/mozilla-central:dom/canvas/WebGLContext.h:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|1020|0x9
0|5|libxul.so|mozilla::dom::WebGL2RenderingContextBinding::getParameter|s3:gecko-generated-sources:db33b7e35ade10b9e8ad0a63bae5aba14d7e355cc4b131daeaaf6ee456f43458cfeec1028f1e8a8961f0166e439abc3af54d5489ce6bf9590e00d03593bc2f49/dom/bindings/WebGL2RenderingContextBinding.cpp:|11551|0x1f
0|6|libxul.so|mozilla::dom::GenericBindingMethod|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|3031|0x9
0|7|libxul.so|js::CallJSNative|hg:hg.mozilla.org/mozilla-central:js/src/vm/JSContext-inl.h:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|290|0x6
0|8|libxul.so|js::InternalCallOrConstruct|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|467|0xf
0|9|libxul.so|InternalCall|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|516|0xd
0|10|libxul.so|Interpret|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|522|0xf
0|11|libxul.so|js::RunScript|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|417|0xb
0|12|libxul.so|js::ExecuteKernel|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|700|0x5
0|13|libxul.so|js::Execute|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|733|0x5
0|14|libxul.so|ExecuteScript|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|4712|0x12
0|15|libxul.so|ExecuteScript|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|4731|0x5
0|16|libxul.so|nsJSUtils::ExecutionContext::CompileAndExec|hg:hg.mozilla.org/mozilla-central:dom/base/nsJSUtils.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|266|0xc
0|17|libxul.so|mozilla::dom::ScriptLoader::EvaluateScript|hg:hg.mozilla.org/mozilla-central:dom/script/ScriptLoader.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|2321|0x12
0|18|libxul.so|mozilla::dom::ScriptLoader::ProcessRequest|hg:hg.mozilla.org/mozilla-central:dom/script/ScriptLoader.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|1950|0xb
0|19|libxul.so|mozilla::dom::ScriptLoader::ProcessInlineScript|hg:hg.mozilla.org/mozilla-central:dom/script/ScriptLoader.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|1591|0xf
0|20|libxul.so|mozilla::dom::ScriptLoader::ProcessScriptElement|hg:hg.mozilla.org/mozilla-central:dom/script/ScriptLoader.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|1310|0xb
0|21|libxul.so|mozilla::dom::ScriptElement::MaybeProcessScript|hg:hg.mozilla.org/mozilla-central:dom/script/ScriptElement.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|141|0x13
0|22|libxul.so|nsIScriptElement::AttemptToExecute|hg:hg.mozilla.org/mozilla-central:dom/script/nsIScriptElement.h:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|247|0x3
0|23|libxul.so|nsHtml5TreeOpExecutor::RunScript|hg:hg.mozilla.org/mozilla-central:parser/html/nsHtml5TreeOpExecutor.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|736|0x10
0|24|libxul.so|nsHtml5TreeOpExecutor::RunFlushLoop|hg:hg.mozilla.org/mozilla-central:parser/html/nsHtml5TreeOpExecutor.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|540|0x8
0|25|libxul.so|nsHtml5ExecutorFlusher::Run|hg:hg.mozilla.org/mozilla-central:parser/html/nsHtml5StreamParser.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|131|0x10
0|26|libxul.so|mozilla::SchedulerGroup::Runnable::Run|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|413|0x1c
0|27|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|1096|0x15
0|28|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|517|0x11
0|29|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|97|0xa
0|30|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|326|0x17
0|31|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|319|0x8
0|32|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|157|0xd
0|33|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|893|0x11
0|34|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|269|0x5
0|35|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|326|0x17
0|36|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|319|0x8
0|37|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|719|0x8
0|38|firefox|content_process_main|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|50|0x14
0|39|firefox|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|280|0x11
0|40|libc-2.23.so||||0x20830
0|41|firefox|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:9cd8e03d9e472f07041be3cd80cc95a8194f91a5|164|0x5
Flags: in-testsuite?
Confirmed instantly crashes the tab on my local Ubuntu machine. Works fine on macos.
Whiteboard: [gfx-noted]
If you could run these through a DEBUG non-OPT build after finding they crashed, that'd be ideal. This crash stack is missing a frame or two. (which GL command is it?)
Assignee: nobody → jgilbert
For the record, I don't need you to look that up, since I can find it by running a debug build, but it's nice to be able to skip that step, if it can be automated. If it makes things too complicated, it doesn't really matter though. It would merely be a nice-to-have!
Comment on attachment 8962585 [details]
Bug 1446412 - Forbid implicit construction of WebGLFBAttachPoint. -

https://reviewboard.mozilla.org/r/231394/#review237070

Looks fine by me, although I'm missing the context on why we are doing that.
Attachment #8962585 - Flags: review?(kvark) → review+
Pushed by jgilbert@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e3334509e606
Don't query GL for RED_BITS and friends queries. - r=kvark
Flags: needinfo?(jgilbert)
Pushed by jgilbert@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4ffac3c10aa5
Don't query GL for RED_BITS and friends queries. - r=kvark
https://hg.mozilla.org/integration/mozilla-inbound/rev/4a9e0098d23b
Forbid implicit construction of WebGLFBAttachPoint. - r=kvark
https://hg.mozilla.org/mozilla-central/rev/4ffac3c10aa5
https://hg.mozilla.org/mozilla-central/rev/4a9e0098d23b
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox61: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: