Crash in [@ js::wasm::CompileStreaming]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: marcia, Assigned: luke)
References
()
Details
(Keywords: crash, regression, reproducible)
Crash Data
Attachments
(1 file)
4.01 KB,
patch
|
bbouvier
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug is for crash report bp-68fa5cd1-00f3-419b-a3bd-eda8e0190220.
Seen while looking at nightly crash stats, but doesn't appear to be new to 67: https://bit.ly/2GTNJKD. 23 crashes/8 installs on nightly in the last 7 days.
The crash reason is MOZ_RELEASE_ASSERT(mIsSome)
This crash is reproducible using this site: https://rustwasm.github.io/wasm-bindgen/exbuild/webgl/
Top 9 frames of crashing thread:
0 XUL js::wasm::CompileStreaming mfbt/Maybe.h:494
1 XUL CompileStreamTask::execute js/src/wasm/WasmJS.cpp:3368
2 XUL js::HelperThread::handlePromiseHelperTaskWorkload js/src/vm/HelperThreads.cpp:2001
3 XUL js::HelperThread::ThreadMain js/src/vm/HelperThreads.cpp:2463
4 XUL js::detail::ThreadTrampoline<void js/src/threading/Thread.h:239
5 @0x7fff60fd62ea
6 @0x7fff60fd9248
7 @0x7fff60fd540c
8 XUL XUL@0x572636f
Comment 1•6 years ago
|
||
https://github.com/rustwasm/wasm-bindgen/blob/gh-pages/exbuild/webgl/90181a3120a9933288c1.module.wasm + the following makes it trivial to trigger assertions in a debug build:
var file = os.file.readFile('./90181a3120a9933288c1.module.wasm', 'binary');
WebAssembly.compileStreaming(file);
drainJobQueue();
Seems to be Luke's territory :)
Assignee | ||
Comment 2•6 years ago
|
||
Arg, StartsCodeSection()=true and DecodeModuleEnvironment()=true doesn't imply that a code section was actually decoded: if there is an unexpected section before the code section in the module environment, then DecodeModuleEnvironment() will just stop. Simple fix, though.
Comment 3•6 years ago
|
||
Comment 5•6 years ago
|
||
bugherder |
Comment 6•6 years ago
|
||
Please nominate this for Beta approval if you feel it's reasonable to do so.
Assignee | ||
Comment 7•6 years ago
|
||
Comment on attachment 9045793 [details] [diff] [review]
fix-streaming
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: Bug 1347644
- User impact if declined: Potential crash on malformed .wasm files
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): It's a simple problem and fix.
- String changes made/needed:
Comment 8•6 years ago
|
||
Comment 9•6 years ago
|
||
bugherder uplift |
Description
•