Closed Bug 1062355 Opened 5 years ago Closed 5 years ago

Crash in d3dcompiler, nested-functions-should-not-crash.html test of WebGL Conformance Test

Categories

(Core :: Canvas: WebGL, defect, critical)

defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla37
Tracking Status
firefox35 --- verified
firefox36 --- verified
firefox37 --- verified

People

(Reporter: alice0775, Assigned: kamidphish)

References

()

Details

(Keywords: crash, crashreportid)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-7507e59b-2f31-433d-b146-49ba52140903.
=============================================================

Steps To Reproduce:
1. Open https://www.khronos.org/registry/webgl/sdk/tests/webgl-conformance-tests.html
2. Find "conformance/glsl/bugs/nested-functions-should-not-crash.html"
3. Click [run] of conformance/glsl/bugs/nested-functions-should-not-crash.html

Actual Results:
Browser crashes.
I also tried against FF34.0b8 and used d3dcompiler_47.dll (renamed to d3dcompiler_46.dll, placed in the Firefox folder). https://crash-stats.mozilla.com/report/index/bp-648ce59d-09fb-4fa8-8d8b-324a02141111
Summary: crash in d3dcompiler_46.dll@0x111822 , nested-functions-should-not-crash.html test of WebGL Conformance Test → Crash in d3dcompiler, nested-functions-should-not-crash.html test of WebGL Conformance Test
Enable ANGLE compiler option to enable limiting call stack depth
checks in the transpiler.

Chromium Issue 238837 - https://code.google.com/p/chromium/issues/detail?id=238837:
"This test causes a stack overflow in various GPU drivers."
Attachment #8533003 - Flags: review?(jgilbert)
Assignee: nobody → dglastonbury
Status: NEW → ASSIGNED
Attachment #8533003 - Flags: review?(jgilbert) → review+
https://hg.mozilla.org/mozilla-central/rev/0fe752f786b3
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Comment on attachment 8533003 [details] [diff] [review]
Enable SH_LIMIT_CALL_STACK_DEPTH

Approval Request Comment
[Feature/regressing bug #]: Bug 1062355
[User impact if declined]: Ill-formed WebGLSL can crash Firefox by causing the stack to be exhausted.
[Describe test coverage new/current, TBPL]: Tested against WebGL Conformance suite as well as https://www.khronos.org/registry/webgl/sdk/tests/conformance/glsl/bugs/nested-functions-should-not-crash.html
[Risks and why]: Low. Replace crash with WebGL error when compiling ill-formed source.
[String/UUID change made/needed]:
Attachment #8533003 - Flags: approval-mozilla-beta?
Attachment #8533003 - Flags: approval-mozilla-aurora?
Attachment #8533003 - Flags: approval-mozilla-beta?
Attachment #8533003 - Flags: approval-mozilla-beta+
Attachment #8533003 - Flags: approval-mozilla-aurora?
Attachment #8533003 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.