Closed
Bug 1152972
Opened 10 years ago
Closed 10 years ago
crash in rx::IndexRangeCache::ComputeRange(unsigned int, void const*, int)
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox37 | --- | wontfix |
firefox38 | --- | unaffected |
People
(Reporter: away, Assigned: milan)
Details
(Keywords: crash, Whiteboard: gfx-noted)
Crash Data
Attachments
(1 file)
1.44 KB,
patch
|
jgilbert
:
review+
lmandel
:
approval-mozilla-release-
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-0f483195-ad7b-4096-a594-47b212150404.
=============================================================
#16 crash on 37.0.1 release. Always on Win7Sp1.
Frame Module Signature Source
0 libglesv2.dll rx::IndexRangeCache::ComputeRange(unsigned int, void const*, int) gfx/angle/src/libglesv2/renderer/IndexRangeCache.cpp
1 libglesv2.dll gl::ValidateDrawElements(gl::Context*, unsigned int, int, unsigned int, void const*, int, rx::Range<unsigned int>*) gfx/angle/src/libglesv2/validationES.cpp
2 libglesv2.dll glDrawElements gfx/angle/src/libglesv2/libGLESv2.cpp
I don't see this on pre-release channels >37, but it's possible this only shows up on release (since we didn't see it when 37 was pre-release).
Milan do you know of anything that may have fixed this? Otherwise let's assume it will persist when 38 rolls out.
Assignee | ||
Updated•10 years ago
|
Flags: needinfo?(milan) → needinfo?(jmuizelaar)
Assignee | ||
Comment 2•10 years ago
|
||
I think we did some uplifts to 38 with ANGLE, but Jeff knows better.
Assignee | ||
Comment 4•10 years ago
|
||
If we're not seeing this past 37.0.1, it was likely the ANGLE update, and I don't think we'd propose the uplift to 37 at this point.
Whiteboard: gfx-noted
Comment 5•10 years ago
|
||
According to a search, this is the largest crash with 37.0.1 in the last week on Google Maps: https://crash-stats.mozilla.com/search/?product=Firefox&version=37.0.1&process_type=browser&process_type=content&url=~google&url=~%2Fmaps%2F&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature (you need to have permissions to see the URLs of crashes to make this search work correctly - if you do not, the url filters will not be displayed on that page nor searched for).
Are any of the following related or are they a different bug?
https://crash-stats.mozilla.com/report/list?signature=rx%3A%3ACopyNativeVertexData%3Cunsigned+short%2C+int%2C+0%3E%28unsigned+char+const%2A%2C+unsigned+int%2C+unsigned+int%2C+unsigned+char%2A%29
https://crash-stats.mozilla.com/report/list?signature=rx%3A%3ACopyNativeVertexData%3Cfloat%2C+int%2C+0%3E%28unsigned+char+const%2A%2C+unsigned+int%2C+unsigned+int%2C+unsigned+char%2A%29
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #5)
> Are any of the following related or are they a different bug?
> https://crash-stats.mozilla.com/report/
> list?signature=rx%3A%3ACopyNativeVertexData%3Cunsigned+short%2C+int%2C+0%3E%2
> 8unsigned+char+const%2A%2C+unsigned+int%2C+unsigned+int%2C+unsigned+char%2A%2
> 9
> https://crash-stats.mozilla.com/report/
> list?signature=rx%3A%3ACopyNativeVertexData%3Cfloat%2C+int%2C+0%3E%28unsigned
> +char+const%2A%2C+unsigned+int%2C+unsigned+int%2C+unsigned+char%2A%29
It is suspicious to me that those too show up only on Win7SP1. I can't tell whether they're the same issue as this bug though (but those two definitely look related to each other).
By the way, I filed bug 1156300 about the broken links for these libGLESv2 files.
Assignee | ||
Comment 7•10 years ago
|
||
OK, yeah, this is a simple missing null pointer check in the previous version of ANGLE, fixed with the one we're using in 38. It's a one liner, but specific to 37. I'll attach it to this bug anyway, and we can have a conversation about whether it warrants going into 37.0.* or not.
Assignee | ||
Comment 8•10 years ago
|
||
The version of ANGLE that has gl::Error getData(const uint8_t **outData) function should be OK, and the version of ANGLE that has void* Buffer11::getData() has a problem. But if I clone mozilla-release, I get the "good one". Am I looking in the wrong place?
Probably the 38.0.5 stuff from Sylvestre's mail. Try rewinding m-r a bit?
Assignee | ||
Comment 10•10 years ago
|
||
Approval Request Comment
[Feature/regressing bug #]:
[User impact if declined]: Largest 37.0.1 Google Maps crash.
[Describe test coverage new/current, TreeHerder]:
[Risks and why]: None, this function allows early returns and we're just checking null pointers.
[String/UUID change made/needed]:
If we decide to do another 37.* release, this patch should stop the crash.
Attachment #8596780 -
Flags: review?(jgilbert)
Attachment #8596780 -
Flags: approval-mozilla-release?
Comment 11•10 years ago
|
||
Comment on attachment 8596780 [details] [diff] [review]
Don't derefence null pointer. r=jgilberg
Review of attachment 8596780 [details] [diff] [review]:
-----------------------------------------------------------------
Isn't 38 release now?
Attachment #8596780 -
Flags: review?(jgilbert) → review+
Comment 12•10 years ago
|
||
(In reply to Milan Sreckovic [:milan] from comment #8)
> But if I clone mozilla-release, I get the "good one". Am I looking in the wrong place?
As dmajor says, that's probably because we already uplifted 38 to the mozilla-release repository. If you look at the FIREFOX_37_0_2_RELEASE tag, you'll find the version that we have on releases right now.
I think we want to avoid doing further 37.0.x releases, but if we do, we'll probably do that off the relbranch that this tag is on.
Comment 13•10 years ago
|
||
Comment on attachment 8596780 [details] [diff] [review]
Don't derefence null pointer. r=jgilberg
Let's do it!
Attachment #8596780 -
Flags: approval-mozilla-release? → approval-mozilla-release+
Comment 14•10 years ago
|
||
Should be it 38 beta 8
Reporter | ||
Comment 15•10 years ago
|
||
Comment on attachment 8596780 [details] [diff] [review]
Don't derefence null pointer. r=jgilberg
Wait - 38 doesn't need this fix. I believe Milan was requesting m-r approval in case we do another 37.0.x
Attachment #8596780 -
Flags: approval-mozilla-release+ → approval-mozilla-release?
Comment 16•10 years ago
|
||
ok, sorry, my bad. AFAIK, we are not planning to do a new 37 .
Assignee | ||
Comment 17•10 years ago
|
||
Right, we don't have a driver right now; this was just going to be in line to get picked up in case we do have a new 37.
Comment 18•10 years ago
|
||
I take it that 38+ are not affected. I have marked 37 as wontfix and am resolving this bug. Please reopen if a fix is still required.
Assignee: nobody → milan
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Updated•10 years ago
|
Attachment #8596780 -
Flags: approval-mozilla-release? → approval-mozilla-release-
You need to log in
before you can comment on or make changes to this bug.
Description
•