Closed
Bug 669813
Opened 13 years ago
Closed 12 years ago
Assertion failed: (ch == '\0'), function ReadToken
Categories
(Core :: Graphics: CanvasWebGL, defect)
Core
Graphics: CanvasWebGL
Tracking
()
People
(Reporter: posidron, Assigned: jgilbert)
References
()
Details
(Keywords: testcase)
Attachments
(4 files)
This bug was discovered during a manual audit for bug: https://bugzilla.mozilla.org/show_bug.cgi?id=668366
|
Reporter | |
Comment 1•13 years ago
|
||
|
|
Reporter | |
Updated•13 years ago
|
|
|
Reporter | |
Comment 2•13 years ago
|
||
reduced testcase. looks like something went wrong during the assignment of the int variable and not during the uniform indexing.
|
||
Comment 3•13 years ago
|
||
Since I can't see the ANGLE bug I'm going to assume they are considering this a security vulnerability -> sg:critical until we know more.
Whiteboard: [sg:critical?]
|
||
Comment 4•13 years ago
|
||
This appears to be a simple bug in the preprocessor, which doesn't handle hexadecimal numbers correctly. As far as we can tell, it will only cause a compilation error and is not a security issue.
|
|
||
Comment 5•13 years ago
|
||
Does that mean you'll unhide the angleproject bug linked here?
|
|
||
Comment 6•13 years ago
|
||
(In reply to comment #5) > Does that mean you'll unhide the angleproject bug linked here? Done
|
||
Updated•13 years ago
|
Assignee: nobody → bjacob
status-firefox5:
--- → wontfix
status-firefox6:
--- → affected
status-firefox7:
--- → affected
status-firefox8:
--- → affected
tracking-firefox5:
--- → -
tracking-firefox6:
--- → +
tracking-firefox7:
--- → +
tracking-firefox8:
--- → +
|
||
Comment 7•13 years ago
|
||
remove sg:critical?
|
|
||
Updated•13 years ago
|
Group: core-security
Whiteboard: [sg:critical?]
|
Assignee | |
Comment 8•12 years ago
|
||
This seems to just result in a link error on non-debug builds. It does crash on debug builds though.
|
|
Assignee | |
Comment 9•12 years ago
|
||
Basically, ANGLE interprets all integer literals as decimal. GLSL accepts octal and hexadecimal, and it seems like these should be required. Further, it appears that we must not be testing for these in the conformance tests.
|
|
Assignee | |
Comment 10•12 years ago
|
||
Prerequisite patch is the patch for too-large-tokens at bug 742138.
|
||
Comment 11•12 years ago
|
||
Please file a bug on http://angleproject.googlecode.com/ and attach this patch for review and comment. Someone knowledgeable about the parser in ANGLE's shader translator (alokp at chromium.org in particular) should review this patch.
|
|
Assignee | |
Comment 12•12 years ago
|
||
(In reply to Kenneth Russell from comment #11) > Please file a bug on http://angleproject.googlecode.com/ and attach this > patch for review and comment. Someone knowledgeable about the parser in > ANGLE's shader translator (alokp at chromium.org in particular) should > review this patch. Both have respective ANGLE bugs, but I just need to figure out what format the patch should be in. bjacob is more familiar with this process, so I'll sync up with him tomorrow.
|
|
||
Comment 13•12 years ago
|
||
Either an SVN diff or git diff would be fine.
|
|
Assignee | |
Comment 14•12 years ago
|
||
(In reply to daniel-bzmz from comment #13) > Either an SVN diff or git diff would be fine. I posted git diffs, but would hg diffs work, for future reference? Also, I'm not sure how to trigger review, so the diffs are merely attached for now.
|
|
||
Comment 15•12 years ago
|
||
Note that hg knows how to generate git diffs: hg diff -g hg export -g
|
|
||
Comment 16•12 years ago
|
||
Comment on attachment 612064 [details] [diff] [review] Parse octal/hexadecimal literals properly. Waiting for review by real ANGLE devs.
Attachment #612064 -
Flags: review?(bjacob)
|
|
||
Comment 17•12 years ago
|
||
Fixed by update to ANGLE r1042 (bug 734657) which includes the fix for http://code.google.com/p/angleproject/issues/detail?id=178
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•