Closed
Bug 1286984
Opened 8 years ago
Closed 3 years ago
NULL_POINTER_WRITE_AVRF_c0000005_xul.dll!mozilla::WebGLTexture::CopyTexImage2D
Categories
(Core :: Graphics: CanvasWebGL, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox50 | --- | affected |
People
(Reporter: rforbes, Assigned: jgilbert)
Details
(Keywords: crash, csectype-nullptr, testcase, Whiteboard: [gfx-noted][sg:dos])
Attachments
(1 file)
2.99 KB,
text/html
|
Details |
this is probably not a security issue but marking it as such until that is determined for sure. 450): Access violation - code c0000005 (!!! second chance !!!) eax=66ed7458 ebx=edcfdb40 ecx=7029705d edx=702e612c esi=702445b0 edi=0000072b eip=65a9777f esp=00b5e264 ebp=811cefdc iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 xul!mozilla::WebGLTexture::CopyTexImage2D+0x3d1: 65a9777f 893d00000000 mov dword ptr ds:[0],edi ds:002b:00000000=???????? 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** WARNING: Unable to verify checksum for firefox.exe WARNING: Stack pointer is outside the normal stack bounds. Stack unwinding can be inaccurate. *** WARNING: Unable to verify checksum for C:\src\mozilla-source\mozilla-central\obj-i686-pc-mingw32\dist\bin\nss3.dll WARNING: Stack pointer is outside the normal stack bounds. Stack unwinding can be inaccurate. <repeat> DUMP_CLASS: 2 DUMP_QUALIFIER: 0 FAULTING_IP: xul!mozilla::WebGLTexture::CopyTexImage2D+3d1 [c:\src\mozilla-source\mozilla-central\dom\canvas\webgltextureupload.cpp @ 1835] 65a9777f 893d00000000 mov dword ptr ds:[0],edi EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 65a9777f (xul!mozilla::WebGLTexture::CopyTexImage2D+0x000003d1) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000000 Attempt to write to address 00000000 FAULTING_THREAD: 00001450 DEFAULT_BUCKET_ID: NULL_POINTER_WRITE_AVRF PROCESS_NAME: firefox.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 00000001 EXCEPTION_PARAMETER2: 00000000 WRITE_ADDRESS: 00000000 FOLLOWUP_IP: xul!mozilla::WebGLTexture::CopyTexImage2D+3d1 [c:\src\mozilla-source\mozilla-central\dom\canvas\webgltextureupload.cpp @ 1835] 65a9777f 893d00000000 mov dword ptr ds:[0],edi BUGCHECK_STR: NULL_POINTER_WRITE_AVRF WATSON_BKT_PROCSTAMP: 577a2e5d WATSON_BKT_PROCVER: 50.0.0.6029 PROCESS_VER_PRODUCT: Nightly WATSON_BKT_MODULE: xul.dll WATSON_BKT_MODSTAMP: 577a3045 WATSON_BKT_MODOFFSET: c8777f WATSON_BKT_MODVER: 50.0.0.6029 MODULE_VER_PRODUCT: Nightly BUILD_VERSION_STRING: 10.0.10586.494 (th2_release_sec.160630-1736) MODLIST_WITH_TSCHKSUM_HASH: 71a760f46474017d8cd303c232fe540ae3aa932b MODLIST_SHA1_HASH: ae7a484bf0b3e7447649204846dadb1a83acbba6 NTGLOBALFLAG: 2000000 APPLICATION_VERIFIER_FLAGS: 0 PRODUCT_TYPE: 1 SUITE_MASK: 272 APPLICATION_VERIFIER_LOADED: 1 APP: firefox.exe ANALYSIS_SESSION_HOST: DESKTOP-D3T92P6 ANALYSIS_SESSION_TIME: 07-13-2016 10:32:06.0330 ANALYSIS_VERSION: 10.0.10586.567 x86fre THREAD_ATTRIBUTES: OS_LOCALE: ENU PROBLEM_CLASSES: AVRF Tid [0x1450] Frame [0x00]: xul!mozilla::WebGLTexture::CopyTexImage2D Failure Bucketing NULL_POINTER_WRITE Tid [0x1450] Frame [0x00]: xul!mozilla::WebGLTexture::CopyTexImage2D LAST_CONTROL_TRANSFER: from 65a6c4ab to 65a9777f STACK_TEXT: 00b5e2fc 65a6c4ab 0000851a 00000010 00001909 xul!mozilla::WebGLTexture::CopyTexImage2D+0x3d1 00b5e340 658e4629 0000851a 00000010 00001909 xul!mozilla::WebGLContext::CopyTexImage2D+0x60 00b5e38c 65a26c64 14816a20 00b5e3cc 2093acc8 xul!mozilla::dom::WebGLRenderingContextBinding::copyTexImage2D+0x133 00b5e3d8 667f597e 14816a20 00000008 000002fe xul!mozilla::dom::GenericBindingMethod+0x15d 00b5e42c 667f5783 e7312d30 00b5e6f8 00000000 xul!js::InternalCallOrConstruct+0x1ee 00b5e448 667fb433 14816a20 00b5e6f8 9af0b0d0 xul!InternalCall+0x63 00b5ee04 66803ab0 14816a20 00b5eeac 00b5eebc xul!Interpret+0x57b3 00b5ee9c 667f22d5 14816a20 00b5eeac 67225000 xul!js::RunScript+0x250 00b5eee8 667f2194 14816a20 00b5ef4c 9af07160 xul!js::ExecuteKernel+0xa5 00b5ef20 6675dd15 14816a20 00b5ef4c 9af07160 xul!js::Execute+0xc4 00b5efdc 6675d957 14816a20 00b5f014 00b5f008 xul!Evaluate+0x145 00b5f014 6675dde9 14816a20 00b5f08c 00b5f1b0 xul!Evaluate+0xa7 00b5f02c 6565b2f4 14816a20 00b5f08c 00b5f1b0 xul!JS::Evaluate+0x19 00b5f0cc 6565b407 14816a20 00b5f184 00b5f198 xul!nsJSUtils::EvaluateString+0x28a 00b5f150 65685139 14816a20 00b5f184 00b5f198 xul!nsJSUtils::EvaluateString+0x81 00b5f320 65688d1a f29daf38 f29daf38 95028f50 xul!nsScriptLoader::EvaluateScript+0x2c2 00b5f354 656894ce f29daf01 95028f50 00000000 xul!nsScriptLoader::ProcessRequest+0x167 00b5f67c 656755c8 e7746fdc e7746fdc dc078e90 xul!nsScriptLoader::ProcessScriptElement+0x6d6 00b5f6a4 653f15b2 dc078e90 ab700fe0 653f4744 xul!nsScriptElement::MaybeProcessScript+0xff 00b5f6b0 653f4744 d7a2af98 e7746fdc dc078fb8 xul!nsIScriptElement::AttemptToExecute+0xd 00b5f6c0 653f4611 e7746f88 00b5f777 0f4c0f88 xul!nsHtml5TreeOpExecutor::RunScript+0x4d 00b5f6ec 653f42ab 64f3247b 0f431ff0 0f463fd8 xul!nsHtml5TreeOpExecutor::RunFlushLoop+0x202 00b5f6f0 64f3247b 0f431ff0 0f463fd8 0f459f40 xul!nsHtml5ExecutorFlusher::Run+0x16 00b5f758 64f48a82 0f4c0f88 00000000 00b5f777 xul!nsThread::ProcessNextEvent+0x231 00b5f76c 65177b35 014c0f88 00000000 00b5fb25 xul!NS_ProcessNextEvent+0x26 00b5f798 65165150 0f459f40 ebfb3451 0e94af98 xul!mozilla::ipc::MessagePump::Run+0x16b 00b5f7d0 65164f2c 0f4c0f88 00000001 00b5f800 xul!MessageLoop::RunHandler+0x53 00b5f7f0 65e94ed9 1b791fc0 00000000 65ed930a xul!MessageLoop::Run+0x19 00b5f7fc 65ed930a 0e94af98 1b791fc0 7014ce77 xul!nsBaseAppShell::Run+0x2a 00b5f80c 662e6690 0e94af98 00b5fa2c 10fbdfd0 xul!nsAppShell::Run+0x1f 00b5f81c 6631dcb8 1b791fc0 09050fa8 00b5fa40 xul!nsAppStartup::Run+0x20 00b5f824 09050fa8 00b5fa40 00b5fa2c 00000000 xul!XREMain::XRE_mainRun+0x918 WARNING: Frame IP not in any known module. Following frames may be wrong. 00b5f828 00b5fa40 00b5fa2c 00000000 00000000 0x9050fa8 00b5f82c 00b5fa2c 00000000 00000000 66b7843c 0xb5fa40 00b5fab0 779ab4c8 00000000 08d54ff0 08d52f08 0xb5fa2c 00b5fb04 70245eab 00c20000 00000000 08d52f08 ntdll!RtlFreeHeap+0x268 00b5fb18 01006d5b 08d52f08 08d50000 ebfb38ad ucrtbase!free+0x1b 00b5fb2c 00ff1902 00000004 06310fe8 00b5fb78 firefox!sandbox::PolicyBase::`scalar deleting destructor'+0x15 00b5fcc0 00ff1445 00000004 06310fe8 05e9cf58 firefox!do_main+0x2d7 00b5fd1c 00ff1c3f 00000004 06310fe8 05e9cf58 firefox!NS_internal_main+0xb9 00b5fd54 0100c59f 00000004 fffa1ea8 062b8f58 firefox!wmain+0x130 00b5fda0 74ea38f4 0086a000 74ea38d0 6f4905bf firefox!__scrt_common_main_seh+0xff 00b5fdb4 779d5de3 0086a000 c93b59e9 00000000 KERNEL32!BaseThreadInitThunk+0x24 00b5fdfc 779d5dae ffffffff 779fb7ce 00000000 ntdll!__RtlUserThreadStart+0x2f 00b5fe0c 00000000 0100c61c 0086a000 00000000 ntdll!_RtlUserThreadStart+0x1b THREAD_SHA1_HASH_MOD_FUNC: f4fbaa904a756f63488459b1b17606790b9f0446 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 534d07f726fac22bb00d1efe530ab38e795a56b6 THREAD_SHA1_HASH_MOD: b244789a4edc2662ed0771173d500e0a539b05e2 FAULT_INSTR_CODE: 3d89 FAULTING_SOURCE_LINE: c:\src\mozilla-source\mozilla-central\dom\canvas\webgltextureupload.cpp FAULTING_SOURCE_FILE: c:\src\mozilla-source\mozilla-central\dom\canvas\webgltextureupload.cpp FAULTING_SOURCE_LINE_NUMBER: 1835 FAULTING_SOURCE_CODE: 1831: funcName); 1832: return; 1833: } 1834: if (error) { > 1835: MOZ_RELEASE_ASSERT(false, "GFX: We should have caught all other errors."); 1836: mContext->GenerateWarning("%s: Unexpected error during texture copy. Context" 1837: " lost.", 1838: funcName); 1839: mContext->ForceLoseContext(); 1840: return; SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: xul!mozilla::WebGLTexture::CopyTexImage2D+3d1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: xul IMAGE_NAME: xul.dll DEBUG_FLR_IMAGE_TIMESTAMP: 577a3045 STACK_COMMAND: ~0s ; kb BUCKET_ID: NULL_POINTER_WRITE_AVRF_xul!mozilla::WebGLTexture::CopyTexImage2D+3d1 PRIMARY_PROBLEM_CLASS: NULL_POINTER_WRITE_AVRF_xul!mozilla::WebGLTexture::CopyTexImage2D+3d1 BUCKET_ID_OFFSET: 3d1 BUCKET_ID_MODULE_STR: xul BUCKET_ID_MODTIMEDATESTAMP: 577a3045 BUCKET_ID_MODCHECKSUM: 0 BUCKET_ID_MODVER_STR: 50.0.0.6029 BUCKET_ID_PREFIX_STR: NULL_POINTER_WRITE_AVRF_ FAILURE_PROBLEM_CLASS: NULL_POINTER_WRITE_AVRF FAILURE_EXCEPTION_CODE: c0000005 FAILURE_IMAGE_NAME: xul.dll FAILURE_FUNCTION_NAME: mozilla::WebGLTexture::CopyTexImage2D BUCKET_ID_FUNCTION_STR: mozilla::WebGLTexture::CopyTexImage2D FAILURE_SYMBOL_NAME: xul.dll!mozilla::WebGLTexture::CopyTexImage2D FAILURE_BUCKET_ID: NULL_POINTER_WRITE_AVRF_c0000005_xul.dll!mozilla::WebGLTexture::CopyTexImage2D WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/firefox.exe/50.0.0.6029/577a2e5d/xul.dll/50.0.0.6029/577a3045/c0000005/00c8777f.htm?Retriage=1 TARGET_TIME: 2016-07-13T17:39:32.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt SingleUserTS USER_LCID: 0 OSBUILD_TIMESTAMP: 2015-10-29 19:46:21 BUILDDATESTAMP_STR: 160630-1736 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.494 ANALYSIS_SESSION_ELAPSED_TIME: 6ce01 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:null_pointer_write_avrf_c0000005_xul.dll!mozilla::webgltexture::copyteximage2d FAILURE_ID_HASH: {1faf8b2c-ff92-a739-3740-dbb25f39c98d} Followup: MachineOwner
Updated•8 years ago
|
Flags: needinfo?(jgilbert)
Assignee | ||
Comment 1•8 years ago
|
||
Ah, this again. I'll double-check.
Assignee: nobody → jgilbert
Flags: needinfo?(jgilbert)
Comment 2•8 years ago
|
||
I could reproduce this on OSX and window with latest m-c.
Updated•8 years ago
|
Whiteboard: [gfx-noted]
Updated•8 years ago
|
Group: gfx-core-security
Keywords: csectype-nullptr,
testcase
Whiteboard: [gfx-noted] → [gfx-noted][sg:dos]
Updated•7 years ago
|
Priority: -- → P3
Comment 3•3 years ago
|
||
Following the reporter's steps I am able to confirm that the issues doesn't happen anymore on Windows 10x64 and MacOS 10.15 on any of the current versions of Firefox Nightly 87.0a1 (2021-02-22), beta 86.0 and release 85.0.2. No crashes occur under the given test case.
Closing this issue as Resolved > Worksforme.
Feel free to re-open or file a new bug if this issue reoccurs again.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•