Open Bug 1461994 Opened 2 years ago Updated 11 months ago

Assertion failure: !mGamepads.Get(newIndex, nullptr), at /builds/worker/workspace/build/src/dom/gamepad/GamepadManager.cpp:263

Categories

(Core :: WebVR, defect, P3)

59 Branch
defect

Tracking

()

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])

Attachments

(1 file)

Attached file trigger.html
Testcase found while fuzzing mozilla-central rev 3c9d69736f4a421218e5eb01b6571d535d38318a.

Testcase must be served via a local webserver and requires 2-3 minutes to trigger.

rax = 0x0000000000000000   rdx = 0x0000000000000000
rcx = 0x00007f29798972dd   rbx = 0x00007f2956d87dc0
rsi = 0x00007f2979b66770   rdi = 0x00007f2979b65540
rbp = 0x00007ffde650b9c0   rsp = 0x00007ffde650b980
r8 = 0x00007f2979b66770    r9 = 0x00007f297ac35740
r10 = 0x0000000000000039   r11 = 0x0000000000000000
r12 = 0x00007f2956d87de8   r13 = 0x00007ffde650ba10
r14 = 0x00007ffde650b994   r15 = 0x0000000000000001
rip = 0x00007f29691e5115
OS|Linux|0.0.0 Linux 4.4.0-122-generic #146-Ubuntu SMP Mon Apr 23 15:34:04 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::dom::GamepadManager::AddGamepad|hg:hg.mozilla.org/mozilla-central:dom/gamepad/GamepadManager.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|263|0x18
0|1|libxul.so|mozilla::dom::GamepadManager::Update|hg:hg.mozilla.org/mozilla-central:dom/gamepad/GamepadManager.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|524|0x28
0|2|libxul.so|mozilla::gfx::VRManagerChild::RecvGamepadUpdate|hg:hg.mozilla.org/mozilla-central:gfx/vr/ipc/VRManagerChild.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|374|0xb
0|3|libxul.so|mozilla::gfx::PVRManagerChild::OnMessageReceived|s3:gecko-generated-sources:6aba9f9da3f6b78b553c9b1d64303a1a9ec7923ce74f9244b79a0c93609de928cd34c4d5179534c3058b322daf3bd8f135e32f969848f4ff309938004c24386f/ipc/ipdl/PVRManagerChild.cpp:|686|0x6
0|4|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|2136|0x6
0|5|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|2066|0xb
0|6|libxul.so|mozilla::ipc::MessageChannel::RunMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|1912|0xb
0|7|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|1945|0xc
0|8|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|1090|0x15
0|9|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|519|0x11
0|10|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|97|0xa
0|11|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c9d69736f4a421218e5eb01b6571d535d38318a|326|0x17
0|12|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c9d69736f4a421218e5eb01b6571d535d38318a|319|0x8
0|13|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|157|0xd
0|14|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|893|0x11
0|15|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|269|0x5
0|16|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c9d69736f4a421218e5eb01b6571d535d38318a|326|0x17
0|17|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c9d69736f4a421218e5eb01b6571d535d38318a|319|0x8
0|18|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|719|0x8
0|19|firefox|content_process_main|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|50|0x14
0|20|firefox|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:3c9d69736f4a421218e5eb01b6571d535d38318a|282|0x11
0|21|libc-2.23.so||||0x20830
0|22|firefox|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:3c9d69736f4a421218e5eb01b6571d535d38318a|164|0x5
Flags: in-testsuite?

The affected code is being removed with refactoring in Bug 1473402. It is likely that only the simulated "Puppet VR" devices are affected by this bug, disabled by default behind the "dom.vr.puppet.enabled" flag.

Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.