Closed
Bug 699015
Opened 13 years ago
Closed 8 years ago
ANGLE crash in ConstantUnion::getBConst with this=null, called from TIntermediate::promoteConstantUnion, from yyparse
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: decoder, Unassigned)
Details
(Keywords: crash, testcase, Whiteboard: webgl-angle)
Crash Data
Attachments
(1 file)
|
1.98 KB,
text/html
|
Details |
The attached WebGL testcase crashes Firefox Nightly (tested with mesa llvmpipe software rendering). The test might require MOZ_GL_DEBUG=1. The crash is in the ANGLE parser just like in bug 698963: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3bbcd96 in ConstantUnion::getBConst (this=0x0) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/ConstantUnion.h:22 22 bool getBConst() { return bConst; } (gdb) bt #0 0x00007ffff3bbcd96 in ConstantUnion::getBConst (this=0x0) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/ConstantUnion.h:22 #1 0x00007ffff3bc1f52 in TIntermediate::promoteConstantUnion (this=0x7fffffff9a30, promoteTo=EbtFloat, node=0x7fffd3c089a8) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/Intermediate.cpp:1394 #2 0x00007ffff3bbebb9 in TIntermediate::addConversion (this=0x7fffffff9a30, op=EOpConstructFloat, type=..., node=0x7fffd3c089a8) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/Intermediate.cpp:478 #3 0x00007ffff3bbe76b in TIntermediate::addUnaryMath (this=0x7fffffff9a30, op=EOpConstructFloat, childNode=0x7fffd3c089a8, line=5, symbolTable=...) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/Intermediate.cpp:326 #4 0x00007ffff3bcb802 in TParseContext::constructBuiltIn (this=0x7fffffff9960, type=0x7fffffff87f0, op=EOpConstructVec4, node=0x7fffd3c089a8, line=5, subset=true) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/ParseHelper.cpp:1242 #5 0x00007ffff3bcb3f6 in TParseContext::addConstructor (this=0x7fffffff9960, node=0x7fffd3c08da8, type=0x7fffffff87f0, op=EOpConstructVec4, fnCall=0x7fffd3c07bd8, line=5) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/ParseHelper.cpp:1159 #6 0x00007ffff3be1f17 in yyparse (context=0x7fffffff9960) at /home/decoder/LangFuzz/mozilla-central-browser/gfx/angle/src/compiler/glslang_tab.cpp:2468 I'm not sure if this is the same issue as in bug 698963, please check that :) If that is not the case, I'll report this to ANGLE as well.
|
||
Comment 1•13 years ago
|
||
Looks like a duplicate of: https://bugzilla.mozilla.org/show_bug.cgi?id=620222
|
||
Comment 2•13 years ago
|
||
Not sure if it's a duplicate. But I missed Bug 620222, forwarding it now (can still be reproduced)
|
|
||
Comment 3•13 years ago
|
||
Forwarded as http://code.google.com/p/angleproject/issues/detail?id=240
Summary: ANGLE crash in ConstantUnion::getBConst, after null dereference in yyparse → ANGLE crash in ConstantUnion::getBConst with this=null, called from TIntermediate::promoteConstantUnion, from yyparse
|
||
Comment 4•11 years ago
|
||
This should has been fixed in one of the ANGLE updates. I'll try out the testcase.
Flags: needinfo?(jgilbert)
|
|
||
Updated•10 years ago
|
Flags: needinfo?(jgilbert)
Whiteboard: webgl-angle
|
|
||
Updated•10 years ago
|
Flags: needinfo?(jgilbert)
|
|
||
Comment 5•8 years ago
|
||
This must have been fixed by an ANGLE update.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jgilbert)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•