Closed
Bug 1041785
Opened 10 years ago
Closed 10 years ago
Nightly 33.0a1 crashes on ANGLE_instanced_arrays WebGL demo
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
VERIFIED
FIXED
mozilla34
Tracking | Status | |
---|---|---|
firefox32 | --- | unaffected |
firefox33 | + | verified |
firefox34 | + | verified |
People
(Reporter: floooh, Assigned: bjacob)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
2.02 KB,
patch
|
u480271
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Firefox/33.0 (Beta/Release) Build ID: 20140720030203 Steps to reproduce: On OSX 10.10 beta4 (other OSes or OS versions not tested) in latest Nightly, go to: http://floooh.github.io/oryol/Instancing.html The browser crashes almost instantly and brings up the Mozilla Crash Reporter. I am not sure whether this bug is related to the OSX 10.10 beta4 which just came out today, or the latest Nightly update. If the bug is in Nightly, it must be very new, at most 2 or 3 days old (tested in version 2014-07-20). Actual results: ... Expected results: ...
Comment 1•10 years ago
|
||
bp-773f9712-b3d7-4c07-bb64-726032140721 Regression window(m-i) Good: https://hg.mozilla.org/integration/mozilla-inbound/rev/cd5e53d2aabd Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 ID:20140718073332 Bad: https://hg.mozilla.org/integration/mozilla-inbound/rev/fad52f3c9132 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 ID:20140718080032 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=cd5e53d2aabd&tochange=fad52f3c9132 Regressed by: fad52f3c9132 Benoit Jacob — Bug 1038928 - WebGL element array cache: dont try to handle null out_upperBound, and add some test coverage for out_upperBound - r=jgilbert
Blocks: 1038928
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ mozilla::WebGLElementArrayCache::Validate<unsigned short>(unsigned int, unsigned int, unsigned int, unsigned int*)]
status-firefox32:
--- → unaffected
status-firefox33:
--- → affected
status-firefox34:
--- → affected
tracking-firefox33:
--- → ?
tracking-firefox34:
--- → ?
Component: Untriaged → Canvas: WebGL
Ever confirmed: true
Keywords: crash,
regression
OS: Mac OS X → All
Product: Firefox → Core
Updated•10 years ago
|
Summary: Nightly 33.0a1 crashes on OSX 10.10 on ANGLE_instanced_arrays WebGL demo → Nightly 33.0a1 crashes on ANGLE_instanced_arrays WebGL demo
Assignee | ||
Comment 2•10 years ago
|
||
Attachment #8459862 -
Flags: review?(jgilbert)
Attachment #8459862 -
Flags: review?(jgilbert) → review+
Assignee | ||
Comment 4•10 years ago
|
||
No problem; I won't be able to land this until tomorrow morning; anyone's welcome to land this ;-) but if you do, do first check that this compiles, as I haven't tested even compilation.
(In reply to Benoit Jacob [:bjacob] from comment #4) > No problem; I won't be able to land this until tomorrow morning; anyone's > welcome to land this ;-) but if you do, do first check that this compiles, > as I haven't tested even compilation. I compiled the patch against latest central. It fixed crash I encountered when running 1.0.3 conformance tests at https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/437d959ab919 Thanks for the testing!
Assignee: nobody → bjacob
Assignee | ||
Comment 7•10 years ago
|
||
Comment on attachment 8459862 [details] [diff] [review] fix a null deref and remove dangerous default pointer value so the compiler would catch that Approval Request Comment [Feature/regressing bug #]: bug 1038928 [User impact if declined]: consistent crashes on some WebGL demos [Describe test coverage new/current, TBPL]: is covered by 1.0.3 online WebGL conformance tests, https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html, see above comment [Risks and why]: no risk, trivial [String/UUID change made/needed]: none
Attachment #8459862 -
Flags: approval-mozilla-aurora?
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/437d959ab919
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Comment 9•10 years ago
|
||
Crash+regression = tracking
Updated•10 years ago
|
Attachment #8459862 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•10 years ago
|
QA Whiteboard: [qa+]
Comment 11•10 years ago
|
||
Reproduced with Nightly 2014-07-20 on Mac OS X after loading http://floooh.github.io/oryol/Instancing.html - Crash report: bp-cc9a6fa7-b64d-4abf-a583-6fd3a2140902 No crashes with latest Nightly (Build ID: 20140901091008) and Aurora builds (Build ID: 20140901004002) on Windows 7 64-bit, Mac OS X 10.9.4 and Ubuntu 14.04 32-bit. Although, when running 1.0.3 conformance tests at https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html, both Nightly and Aurora crashed, but with different signatures: - bp-6f1c15bd-b08a-4bf4-821f-3b56e2140902 - bp-a7804816-17da-4dbd-8b56-bf9812140902 - bp-710b289c-e1b1-4738-8b05-9a5d62140902 Any idea why?
Flags: needinfo?(bjacob)
Assignee | ||
Comment 12•10 years ago
|
||
d3dcompiler_46.dll is Microsoft's Direct3D shader compiler, of which we ship a copy with Firefox. It's worrying that it has a crash that we hit while running conformance tests. It would be worth filing a bug under Core -> WebGL and CC'ing :jgilbert and :djg on it.
Flags: needinfo?(bjacob)
Comment 13•10 years ago
|
||
(In reply to Benoit Jacob [:bjacob] from comment #12) > d3dcompiler_46.dll is Microsoft's Direct3D shader compiler, of which we ship > a copy with Firefox. It's worrying that it has a crash that we hit while > running conformance tests. It would be worth filing a bug under Core -> > WebGL and CC'ing :jgilbert and :djg on it. Sure thing! Logged bug 1062356.
Comment 14•10 years ago
|
||
0 crash reports present in Socorro for 33.0b and 34.0a2 in the last 2 weeks: https://crash-stats.mozilla.com/query/?product=Firefox&version=Firefox%3A34.0a2&version=Firefox%3A33.0b&range_value=2&range_unit=weeks&date=09%2F26%2F2014+07%3A00%3A00&query_search=signature&query_type=contains&query=mozilla%3A%3AWebGLElementArrayCache%3A%3AValidate%3Cunsigned+short%3E%28unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+unsigned+int*%29&reason=&release_channels=&build_id=&process_type=any&hang_type=any Since the issue from comment 11 is tracked separately (bug 1062356), marking this accordingly.
You need to log in
before you can comment on or make changes to this bug.
Description
•