Closed Bug 1041785 Opened 7 years ago Closed 7 years ago
.0a1 crashes on ANGLE _instanced _arrays Web GL demo
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Firefox/33.0 (Beta/Release) Build ID: 20140720030203 Steps to reproduce: On OSX 10.10 beta4 (other OSes or OS versions not tested) in latest Nightly, go to: http://floooh.github.io/oryol/Instancing.html The browser crashes almost instantly and brings up the Mozilla Crash Reporter. I am not sure whether this bug is related to the OSX 10.10 beta4 which just came out today, or the latest Nightly update. If the bug is in Nightly, it must be very new, at most 2 or 3 days old (tested in version 2014-07-20). Actual results: ... Expected results: ...
bp-773f9712-b3d7-4c07-bb64-726032140721 Regression window(m-i) Good: https://hg.mozilla.org/integration/mozilla-inbound/rev/cd5e53d2aabd Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 ID:20140718073332 Bad: https://hg.mozilla.org/integration/mozilla-inbound/rev/fad52f3c9132 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 ID:20140718080032 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=cd5e53d2aabd&tochange=fad52f3c9132 Regressed by: fad52f3c9132 Benoit Jacob — Bug 1038928 - WebGL element array cache: dont try to handle null out_upperBound, and add some test coverage for out_upperBound - r=jgilbert
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ mozilla::WebGLElementArrayCache::Validate<unsigned short>(unsigned int, unsigned int, unsigned int, unsigned int*)]
Component: Untriaged → Canvas: WebGL
Ever confirmed: true
OS: Mac OS X → All
Product: Firefox → Core
Summary: Nightly 33.0a1 crashes on OSX 10.10 on ANGLE_instanced_arrays WebGL demo → Nightly 33.0a1 crashes on ANGLE_instanced_arrays WebGL demo
Thanks for jumping on this, Benoit.
No problem; I won't be able to land this until tomorrow morning; anyone's welcome to land this ;-) but if you do, do first check that this compiles, as I haven't tested even compilation.
(In reply to Benoit Jacob [:bjacob] from comment #4) > No problem; I won't be able to land this until tomorrow morning; anyone's > welcome to land this ;-) but if you do, do first check that this compiles, > as I haven't tested even compilation. I compiled the patch against latest central. It fixed crash I encountered when running 1.0.3 conformance tests at https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html
https://hg.mozilla.org/integration/mozilla-inbound/rev/437d959ab919 Thanks for the testing!
Assignee: nobody → bjacob
Comment on attachment 8459862 [details] [diff] [review] fix a null deref and remove dangerous default pointer value so the compiler would catch that Approval Request Comment [Feature/regressing bug #]: bug 1038928 [User impact if declined]: consistent crashes on some WebGL demos [Describe test coverage new/current, TBPL]: is covered by 1.0.3 online WebGL conformance tests, https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html, see above comment [Risks and why]: no risk, trivial [String/UUID change made/needed]: none
Attachment #8459862 - Flags: approval-mozilla-aurora?
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Crash+regression = tracking
Attachment #8459862 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
QA Whiteboard: [qa+]
Reproduced with Nightly 2014-07-20 on Mac OS X after loading http://floooh.github.io/oryol/Instancing.html - Crash report: bp-cc9a6fa7-b64d-4abf-a583-6fd3a2140902 No crashes with latest Nightly (Build ID: 20140901091008) and Aurora builds (Build ID: 20140901004002) on Windows 7 64-bit, Mac OS X 10.9.4 and Ubuntu 14.04 32-bit. Although, when running 1.0.3 conformance tests at https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html, both Nightly and Aurora crashed, but with different signatures: - bp-6f1c15bd-b08a-4bf4-821f-3b56e2140902 - bp-a7804816-17da-4dbd-8b56-bf9812140902 - bp-710b289c-e1b1-4738-8b05-9a5d62140902 Any idea why?
d3dcompiler_46.dll is Microsoft's Direct3D shader compiler, of which we ship a copy with Firefox. It's worrying that it has a crash that we hit while running conformance tests. It would be worth filing a bug under Core -> WebGL and CC'ing :jgilbert and :djg on it.
(In reply to Benoit Jacob [:bjacob] from comment #12) > d3dcompiler_46.dll is Microsoft's Direct3D shader compiler, of which we ship > a copy with Firefox. It's worrying that it has a crash that we hit while > running conformance tests. It would be worth filing a bug under Core -> > WebGL and CC'ing :jgilbert and :djg on it. Sure thing! Logged bug 1062356.
0 crash reports present in Socorro for 33.0b and 34.0a2 in the last 2 weeks: https://crash-stats.mozilla.com/query/?product=Firefox&version=Firefox%3A34.0a2&version=Firefox%3A33.0b&range_value=2&range_unit=weeks&date=09%2F26%2F2014+07%3A00%3A00&query_search=signature&query_type=contains&query=mozilla%3A%3AWebGLElementArrayCache%3A%3AValidate%3Cunsigned+short%3E%28unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+unsigned+int*%29&reason=&release_channels=&build_id=&process_type=any&hang_type=any Since the issue from comment 11 is tracked separately (bug 1062356), marking this accordingly.
You need to log in before you can comment on or make changes to this bug.