Multiple "ASSERTION: nsTDependentString must wrap only null-terminated strings. ... " while profiling with WebRender
Categories
(Core :: Graphics: WebRender, defect)
Tracking
()
People
(Reporter: beth, Assigned: beth)
References
Details
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
While profiling with WebRender enabled on a debug build, multiple of the following assertions occur:
[Parent 5439, Renderer] ###!!! ASSERTION: nsTDependentString must wrap only null-terminated strings. You are probably looking for nsTDependentSubstring.: 'this->mData[substring_type::mLength] == 0', file /home/barret/Workspace/src/hg.mozilla.org/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsTString.h, line 456
STR:
- Build a debug build of Firefox.
- Enable Web Render.
- Start profiling with the Gecko Profiler.
Expected results:
We should not be hitting this assertion.
After some investigation, this occurs because <GeckoProfilerHooks as ProfilerHooks>::add_text_marker in the WebRender bindings accepts a &str and passes its pointer and length to gecko_profiler_add_text_marker, which constructs a nsTDependentString. However, Rust strings are not NUL-terminated.
|
Assignee | |
Comment 1•6 years ago
|
||
gecko_profiler_add_text_marker was being passed a character pointer and a
length to construct a nsDependentCString. However, these values were coming
from a Rust &str, which is not null-terminated, causing an debug assertion to
be hit (and possible memory safety issues if mishandle the string). We now
construct an nsDependentCSubstring instead.
|
||
Comment 2•6 years ago
|
||
[Tracking Requested - why for this release]:
We should uplift this to 67, otherwise we have a potential out-of-bounds read with the profiler enabled.
|
|
Assignee | |
Updated•6 years ago
|
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fd2b7f779973
Fix nsTDependentString with non-null-terminated buffer assertion r=bholley
|
||
Comment 4•6 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 6•6 years ago
|
||
Comment on attachment 9052007 [details]
Bug 1536466 - Fix nsTDependentString with non-null-terminated buffer assertion r?bholley
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: Bug 1532810
- User impact if declined: Users with WebRender enabled that also are using the Gecko Profiler might experience crashes while profiling
- Is this code covered by automated tests?: Unknown
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is not risky because it touches a codepath that is only hit while users are running with Web Render enabled and collecting a profile with the Gecko Profiler. Even then, the change is very small in scope and well understood.
- String changes made/needed:
|
||
Comment 7•6 years ago
|
||
Comment on attachment 9052007 [details]
Bug 1536466 - Fix nsTDependentString with non-null-terminated buffer assertion r?bholley
Minimal patch to prevent crashes in webrender / gecko profiler interactions, approved for the next beta, thanks.
|
|
||
Comment 8•6 years ago
|
||
| bugherder uplift | ||
|
|
Assignee | |
Updated•6 years ago
|
Description
•