Open
Bug 1584640
Opened 5 years ago
Updated 2 years ago
undefined shift in src/dom/canvas/WebGLTexelConversions.h:94
Categories
(Core :: Graphics: CanvasWebGL, defect, P2)
Core
Graphics: CanvasWebGL
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-undefined, testcase)
This is triggered with an UBSan build. To enable this check add the following to your mozconfig:
ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="shift"
ac_add_options --disable-jemalloc
dom/canvas/test/webgl-conf/generated/test_conformance__extensions__oes-texture-half-float-with-canvas.html
...
src/dom/canvas/WebGLTexelConversions.h:94:40: runtime error: shift exponent 126 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')
#0 0x7ff1297a3735 in run<mozilla::WebGLTexelFormat::BGRA8, mozilla::WebGLTexelFormat::RGBA16F> src/dom/canvas/WebGLTexelConversions.h
#1 0x7ff1297a3735 in void mozilla::(anonymous namespace)::WebGLImageConverter::run<(mozilla::WebGLTexelFormat)27>(mozilla::WebGLTexelFormat, mozilla::WebGLTexelPremultiplicationOp) src/dom/canvas/WebGLTexelConversions.cpp:267
#2 0x7ff129733c20 in run src/dom/canvas/WebGLTexelConversions.cpp:309:7
#3 0x7ff129733c20 in mozilla::ConvertImage(unsigned long, unsigned long, void const*, unsigned long, mozilla::gl::OriginPos, mozilla::WebGLTexelFormat, bool, void*, unsigned long, mozilla::gl::OriginPos, mozilla::WebGLTexelFormat, bool, bool*) src/dom/canvas/WebGLTexelConversions.cpp:407
#4 0x7ff129633659 in mozilla::webgl::TexUnpackBlob::ConvertIfNeeded(mozilla::WebGLContext*, unsigned int, unsigned int, mozilla::WebGLTexelFormat, unsigned char const*, long, mozilla::WebGLTexelFormat, long, unsigned char const**, mozilla::UniqueBuffer*) const src/dom/canvas/TexUnpackBlob.cpp:373:8
#5 0x7ff1296385d8 in mozilla::webgl::TexUnpackSurface::TexOrSubImage(bool, bool, mozilla::WebGLTexture*, StrongGLenum<TexImageTargetDetails>, int, mozilla::webgl::DriverUnpackInfo const*, int, int, int, mozilla::webgl::PackingInfo const&, unsigned int*) const src/dom/canvas/TexUnpackBlob.cpp:864:8
#6 0x7ff12974555b in mozilla::WebGLTexture::TexImage(StrongGLenum<TexImageTargetDetails>, int, unsigned int, mozilla::webgl::PackingInfo const&, mozilla::webgl::TexUnpackBlob const*) src/dom/canvas/WebGLTextureUpload.cpp:1239:14
#7 0x7ff1297444ab in mozilla::WebGLTexture::TexImage(StrongGLenum<TexImageTargetDetails>, int, unsigned int, int, int, int, int, mozilla::webgl::PackingInfo const&, mozilla::TexImageSource const&) src/dom/canvas/WebGLTextureUpload.cpp:475:3
#8 0x7ff1296ba272 in mozilla::WebGLContext::TexImage(unsigned char, unsigned int, int, unsigned int, int, int, int, int, unsigned int, unsigned int, mozilla::TexImageSource const&) src/dom/canvas/WebGLContextTextures.cpp:339:8
#9 0x7ff128beb27d in TexImage2D src/dom/canvas/WebGLContext.h:1366:5
#10 0x7ff128beb27d in TexImage2D<mozilla::dom::HTMLCanvasElement> src/dom/canvas/WebGLContext.h:1344
#11 0x7ff128beb27d in void mozilla::WebGLContext::TexImage2D<mozilla::dom::HTMLCanvasElement>(unsigned int, int, unsigned int, unsigned int, unsigned int, mozilla::dom::HTMLCanvasElement const&, mozilla::ErrorResult&) src/dom/canvas/WebGLContext.h:1322
#12 0x7ff128cae748 in mozilla::dom::WebGLRenderingContext_Binding::texImage2D(JSContext*, JS::Handle<JSObject*>, mozilla::WebGLContext*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/WebGLRenderingContextBinding.cpp:13743:32
#13 0x7ff129505206 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3250:13
#14 0x7ff12f06b8b4 in CallJSNative src/js/src/vm/Interpreter.cpp:458:13
#15 0x7ff12f06b8b4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:551
#16 0x7ff12f06d7d9 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:620:10
#17 0x7ff12f052cd2 in CallFromStack src/js/src/vm/Interpreter.cpp:624:10
#18 0x7ff12f052cd2 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3113
#19 0x7ff12f035735 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:424:10
#20 0x7ff12f06b9b6 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:592:13
#21 0x7ff12f06d7d9 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:620:10
#22 0x7ff12f06dba4 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:637:8
#23 0x7ff12f17bfa4 in js::PromiseObject::create(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, bool) src/js/src/builtin/Promise.cpp:2236:15
#24 0x7ff12f1bc9df in PromiseConstructor(JSContext*, unsigned int, JS::Value*) src/js/src/builtin/Promise.cpp:2157:7
#25 0x7ff12f06e5ba in CallJSNative src/js/src/vm/Interpreter.cpp:458:13
#26 0x7ff12f06e5ba in CallJSNativeConstructor src/js/src/vm/Interpreter.cpp:474
#27 0x7ff12f06e5ba in InternalConstruct(JSContext*, js::AnyConstructArgs const&) src/js/src/vm/Interpreter.cpp:664
#28 0x7ff12f06de4f in js::ConstructFromStack(JSContext*, JS::CallArgs const&) src/js/src/vm/Interpreter.cpp:710:10
#29 0x7ff12f04877a in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3104:16
#30 0x7ff12f035735 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:424:10
#31 0x7ff12f06b9b6 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:592:13
#32 0x7ff12f06d7d9 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:620:10
#33 0x7ff12f06dba4 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:637:8
#34 0x7ff12f9ae8c3 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2728:10
#35 0x7ff128ff556c in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:267:37
#36 0x7ff129b53b0b in void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(nsCOMPtr<mozilla::dom::EventTarget> const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12
#37 0x7ff129b51b11 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:205:12
#38 0x7ff129b1611f in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1039:22
#39 0x7ff129b17651 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1231:17
#40 0x7ff129b0516b in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:349:17
#41 0x7ff129b03aaa in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:551:16
#42 0x7ff129b080bb in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1045:11
#43 0x7ff12bcf1a95 in nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1170:7
#44 0x7ff12e43004a in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:6564:20
#45 0x7ff12e42f264 in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6342:7
#46 0x7ff12e433acf in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp
#47 0x7ff12678c0a0 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1346:3
#48 0x7ff12678b1e6 in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:905:14
#49 0x7ff126787402 in nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:731:9
#50 0x7ff126789cce in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:619:5
#51 0x7ff12678ad6c in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp
#52 0x7ff124c27cec in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:568:22
#53 0x7ff1278f9e4f in mozilla::dom::Document::DoUnblockOnload() src/dom/base/Document.cpp:10769:18
#54 0x7ff1278ab1ac in mozilla::dom::Document::UnblockOnload(bool) src/dom/base/Document.cpp:10701:9
#55 0x7ff1278d20dc in mozilla::dom::Document::DispatchContentLoadedEvents() src/dom/base/Document.cpp:7258:3
#56 0x7ff12799fd24 in applyImpl<mozilla::dom::Document, void (mozilla::dom::Document::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1124:12
#57 0x7ff12799fd24 in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1130
#58 0x7ff12799fd24 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1176
#59 0x7ff1249a2521 in mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:295:32
#60 0x7ff1249d8216 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#61 0x7ff1249dfe4d in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#62 0x7ff1259a5cb8 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#63 0x7ff1258d9e77 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#64 0x7ff1258d9e77 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#65 0x7ff1258d9e77 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#66 0x7ff12b740559 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#67 0x7ff12ee43dcf in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#68 0x7ff1258d9e77 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#69 0x7ff1258d9e77 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#70 0x7ff1258d9e77 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#71 0x7ff12ee433f6 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#72 0x55f2937b120f in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#73 0x55f2937b120f in main src/browser/app/nsBrowserApp.cpp:272
#74 0x7ff143d5982f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
#75 0x55f2936d2e18 in _start (application/firefox/firefox+0x8ae18)
|
||
Comment 1•5 years ago
|
||
The priority flag is not set for this bug.
:jgilbert, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(jgilbert)
|
||
Updated•5 years ago
|
Flags: needinfo?(jgilbert)
Priority: -- → P2
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•