Closed Bug 1342694 Opened 9 years ago Closed 4 years ago

[OffscreenCanvas] Crash in mozilla::WebGLContext::FromDomElem when uploading canvas as WebGL texture

Categories

(Core :: Graphics: CanvasWebGL, defect, P5)

Product:
Core
Component:
Graphics: CanvasWebGL
Version:
54 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: ashley, Assigned: mtseng)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

Bug 1342694 - Get correct principal when using OffscreenCanvas.
59 bytes, text/x-review-board-request
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170225030208 Steps to reproduce: 1. Visit https://www.scirra.com/labs/bugs/offscreencanvas-texture/ 2. Click 'Crash' Actual results: The page creates an OffscreenCanvas with a WebGL context. When you click the button it creates a temporary DOM canvas and tries to upload it to a WebGL texture via texImage2D(). The texImage2D call crashes the whole browser tab. Expected results: The call to texImage2D should succeed.
Severity: normal → critical
Component: Untriaged → Canvas: WebGL
Keywords: crash, testcase
Product: Firefox → Core
I tested the latest Nightly (32/64b, Win 7), I'm not able to crash with the testcase.
Still crashes for me with Nightly 54.0a1 (2017-02-27) (64-bit) on Windows 10. Although I had to flip the flag gfx.offscreencanvas.enabled to true this time for it to crash but I didn't have to previously - maybe the default was changed on that recently?
Indeed, it crashes with gfx.offscreencanvas.enabled=true. https://crash-stats.mozilla.com/report/index/59a946f3-d1b1-4af8-8939-ce3632170227 Even 51 crashes or old versions. NI? Morris who worked on implementation of OffscreenCanvas.
Status: UNCONFIRMED → NEW
Crash Signature: [@ mozilla::WebGLContext::FromDomElem ]
Ever confirmed: true
Flags: needinfo?(mtseng)
Summary: [OffscreenCanvas] Crash uploading canvas as WebGL texture → [OffscreenCanvas] Crash in mozilla::WebGLContext::FromDomElem when uploading canvas as WebGL texture
I'll check this.
Assignee: nobody → mtseng
Flags: needinfo?(mtseng)
I can reproduce this.
Comment on attachment 8842297 [details] Bug 1342694 - Get correct principal when using OffscreenCanvas. https://reviewboard.mozilla.org/r/116164/#review118032 ::: dom/canvas/WebGLTextureUpload.cpp:361 (Diff revision 1) > auto& srcPrincipal = sfer.mPrincipal; > - nsIPrincipal* dstPrincipal = GetCanvas()->NodePrincipal(); > + nsIPrincipal* dstPrincipal; > + if (mOffscreenCanvas) { > + MOZ_ASSERT(NS_IsMainThread()); > + nsCOMPtr<nsIGlobalObject> global = mOffscreenCanvas->GetParentObject(); > + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(global); Why do we pull from the window, and not the offscreen canvas?
OffscreenCanvas doesn't have any principal info. But the OffscreenCanvas's parent object, which is window, has principal info. So I get the principal from the window instead of OffscreenCanvas.
Blocks: offscreen-canvas
Attachment #8842297 - Flags: review?(jgilbert)

OffscreenCanvas is P5 for now.

Severity: critical → minor
Priority: P3 → P5

I believe the code that caused this crash was deleted. I wrote a working implementation for WebRender in bug 1736177.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: