Closed Bug 1421182 Opened 7 years ago Closed 1 year ago

Google map crash in OSX with Intel HD Graphics 3000

Categories

(Core :: Graphics: CanvasWebGL, defect, P3)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
x86_64
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: daoshengmu, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

OpenGL extensions viewer on HD 3000
85.27 KB, image/png
Details
Although we have given a workaround patch for Bug 1413269, we still need to find the root cause for this crash. This crash only happens on the specific hardware, MBP with Intel HD Graphics 3000. Btw, I upload an attachment for devTool: Canvas inspector. We can realize the WebGL draw calls when viewing Google map from this snapshot.
See Also: → 1413269
Assignee: nobody → dmu
I notice Google map will send a very big number to gl.drawArrays(TRIANGLES, 52308, 3060), and it seems to exceed the vertex buffer size. If I add a temporary condition for checking the number of `first` and `vertCount` at WebGLContext::DrawArrays() to avoid the number is bigger than 100, it would be more difficult to happen crashes. But, it still has chance to crash...
Adding a check for avoiding the loc is nullptr at WebGLContext::Uniform4f() of WebGLContextGL.cpp is also helpful. I don't see any crash currently.
I disable gl.multithreaded and here is the last draw call before crash. WebGLContext::DrawArrays() mode GLenum 4 first GLint 0 vertCount GLsizei 6 The buffer data size is 48 and only attrib0 is enabled. Its mByteLength is 48, mBytesPerVertex is 8, and mStride is 8. I think the number from the vertex buffer makes sense. :jgilbert do you have any thought that might be a good point to keep investigating? Thanks!
Flags: needinfo?(jgilbert)
We can see HD Graphics 3000 only implement the features until OpenGL 3.3.
(In reply to Daosheng Mu[:daoshengmu] from comment #4) > I disable gl.multithreaded and here is the last draw call before crash. > > WebGLContext::DrawArrays() > mode GLenum 4 > first GLint 0 > vertCount GLsizei 6 > > The buffer data size is 48 and only attrib0 is enabled. Its mByteLength is > 48, mBytesPerVertex is 8, and mStride is 8. > > I think the number from the vertex buffer makes sense. :jgilbert do you have > any thought that might be a good point to keep investigating? Thanks! Please dump all the vertex attribs, not just the enabled one.
Flags: needinfo?(jgilbert)
Well, it seems to the program for the draw call no.39 and no.40 at DrawArrays will use mBoundVertexArray->mAttribs[1], but its mEnabled is false. It can be sure after forcing to make mGLMaxVertexAttribs to be 1, and it will hit the assertion when calling DrawArrays().
Assignee: dmu → nobody
Coyping the signature from bug 1413269 which still occur.
Blocks: 1413269
Crash Signature: [@ _sigtramp] [@ libsystem_c.dylib@0x5e6de] [@ libsystem_c.dylib@0x5e6e6] [@ libsystem_kernel.dylib@0x10f72] [@ libsystem_kernel.dylib@0x114de] [@ libsystem_kernel.dylib@0x11a1a] [@ mozilla::gl::SharedSurface_IOSurface::SharedSurface_IOSurface]
Keywords: crash
Type: enhancement → defect
Severity: normal → S3

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: