Open
Bug 1590936
Opened 5 years ago
Updated 3 months ago
AddressSanitizer: SEGV /builds/worker/workspace/build/src/dom/vr/VRServiceTest.cpp in mozilla::dom::VRMockController::SetButtonPressed(unsigned int, bool)
Categories
(Core :: WebVR, defect, P3)
Core
WebVR
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | affected |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
|
333 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev ad7a152bc66c.
==18514==ERROR: AddressSanitizer: SEGV on unknown address 0x000000002d40 (pc 0x7f01c2fd70a5 bp 0x7ffdb22f7d30 sp 0x7ffdb22f7d30 T0)
==18514==The signal is caused by a WRITE memory access.
#0 0x7f01c2fd70a4 in mozilla::dom::VRMockController::SetButtonPressed(unsigned int, bool) /builds/worker/workspace/build/src/dom/vr/VRServiceTest.cpp
#1 0x7f01bfc53f2a in mozilla::dom::VRMockController_Binding::setButtonPressed(JSContext*, JS::Handle<JSObject*>, mozilla::dom::VRMockController*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/VRServiceTestBinding.cpp:793:24
#2 0x7f01c0b331ac in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3198:13
#3 0x7f01c767db89 in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:458:13
#4 0x7f01c767db89 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:550:12
#5 0x7f01c7666684 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:623:10
#6 0x7f01c7666684 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3112:16
#7 0x7f01c764856a in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:425:10
#8 0x7f01c767e68e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:591:13
#9 0x7f01c7680999 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:636:8
#10 0x7f01c7846ef3 in Call /builds/worker/workspace/build/src/js/src/vm/Interpreter.h:103:10
#11 0x7f01c7846ef3 in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1698:10
#12 0x7f01c767db89 in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:458:13
#13 0x7f01c767db89 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:550:12
#14 0x7f01c7680999 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:636:8
#15 0x7f01c78da8ec in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:2722:10
#16 0x7f01bf18f806 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PromiseBinding.cpp:26:8
#17 0x7f01b9f39d57 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:91:12
#18 0x7f01b9f39d57 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:104:12
#19 0x7f01b9f39d57 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:245:18
#20 0x7f01b9f14121 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:666:17
#21 0x7f01b9f14ddf in mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:495:3
#22 0x7f01bc4aba7d in XPCJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp:1326:28
#23 0x7f01ba110588 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1283:24
#24 0x7f01ba1164d1 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:486:10
#25 0x7f01bb36e38f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:88:21
#26 0x7f01bb2675b2 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
#27 0x7f01bb2675b2 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308:3
#28 0x7f01bb2675b2 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290:3
#29 0x7f01c34fc838 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:137:27
#30 0x7f01c7158baf in nsAppStartup::Run() /builds/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:276:30
#31 0x7f01c73ccd77 in XREMain::XRE_mainRun() /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4599:22
#32 0x7f01c73ced9d in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4734:8
#33 0x7f01c73d05e0 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4815:21
#34 0x561a4fe0bb8b in do_main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:218:22
#35 0x561a4fe0bb8b in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:300:16
#36 0x7f01dd0a8b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/dom/vr/VRServiceTest.cpp in mozilla::dom::VRMockController::SetButtonPressed(unsigned int, bool)
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
The priority flag is not set for this bug.
:kip, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(kgilbert)
|
||
Updated•5 years ago
|
Flags: needinfo?(kgilbert)
Priority: -- → P3
|
||
Updated•3 years ago
|
Blocks: asan-maintenance
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•