Crash in [@ gl::Program::getInfoLogLength]
Categories
(Core :: Graphics: CanvasWebGL, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox71 | --- | unaffected |
firefox72 | + | fixed |
firefox73 | --- | fixed |
People
(Reporter: philipp, Assigned: jgilbert)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files)
47 bytes,
text/x-phabricator-request
|
Details | Review | |
2.98 KB,
patch
|
jgilbert
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug is for crash report bp-9093fd88-3e3f-4d0c-8057-318490191205.
Top 10 frames of crashing thread:
0 libglesv2.dll gl::Program::getInfoLogLength gfx/angle/checkout/src/libANGLE/Program.cpp:1824
1 libglesv2.dll gl::QueryProgramiv gfx/angle/checkout/src/libANGLE/queryutils.cpp:1153
2 libglesv2.dll gl::Context::getProgramiv gfx/angle/checkout/src/libANGLE/Context.cpp:5814
3 xul.dll mozilla::gl::GLContext::fGetProgramiv gfx/gl/GLContext.h:1266
4 xul.dll void mozilla::WebGLProgram::LinkAndUpdate dom/canvas/WebGLProgram.cpp:1515
5 xul.dll mozilla::WebGLProgram::LinkProgram dom/canvas/WebGLProgram.cpp:1238
6 xul.dll mozilla::WebGLContext::LinkProgram dom/canvas/WebGLContextGL.cpp:1122
7 xul.dll static bool mozilla::dom::WebGLRenderingContext_Binding::linkProgram dom/bindings/WebGLRenderingContextBinding.cpp:19220
8 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3153
9 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:548
this crash signature is starting to show up since firefox 72. so far it's fairly low volume and most reports show fairly high memory percentage use and the signature is skewed towards 32bit builds.
Assignee | ||
Comment 1•4 years ago
|
||
Sounds like OOM handling in the update we just took.
I'll take a look.
Comment 2•4 years ago
|
||
Marking 71 as unaffected as all the crashes are in 72.
Comment 3•4 years ago
|
||
Jeff any luck here? We're getting close to the end of beta72, what with the holidays...
Assignee | ||
Comment 4•4 years ago
|
||
This actually looks like bad behavior in ANGLE in this case during context loss.
Assignee | ||
Comment 5•4 years ago
|
||
My read is:
We violate this assert:
ASSERT(program != nullptr || pname == GL_COMPLETION_STATUS_KHR);
https://searchfox.org/mozilla-central/rev/c79fc6e32a5b561205a71fcfef9112d34b4037ae/gfx/angle/checkout/src/libANGLE/queryutils.cpp#1129
Because the context is lost:
void Context::getProgramiv(GLuint program, GLenum pname, GLint *params)
{
Program *programObject = nullptr;
if (!mContextLost)
{
// Don't resolve link if checking the link completion status.
programObject = (pname == GL_COMPLETION_STATUS_KHR ? getProgramNoResolveLink(program)
: getProgramResolveLink(program));
ASSERT(programObject);
}
QueryProgramiv(this, programObject, pname, params);
}
Normally, validation would prevent this call:
if (context->skipValidation() || ValidateGetProgramiv(context, program, pname, params))
{
context->getProgramiv(program, pname, params);
}
But since we ask for NO_VALIDATION
, we skipValidation()
, skipping the is-lost check, and causing our null-deref.
https://searchfox.org/mozilla-central/rev/c79fc6e32a5b561205a71fcfef9112d34b4037ae/gfx/gl/GLContextProviderEGL.cpp#566
Updated•4 years ago
|
Assignee | ||
Comment 6•4 years ago
|
||
Assignee | ||
Comment 7•4 years ago
|
||
Pushed by jgilbert@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/264003682fbf Cherry-pick lost no-error context fix for GetProgramiv. r=lsalzman
Comment 9•4 years ago
|
||
bugherder |
Comment 10•4 years ago
|
||
Do you think this is OK for uplift? The RC build will be on Monday. I could check back Sunday night or early Monday morning.
Assignee | ||
Comment 11•4 years ago
|
||
Approval Request Comment
[Feature/Bug causing the regression]: angle-72 update
[User impact if declined]: Occasional crashes
[Is this code covered by automated tests?]: Upstream yes, but not in our CI.
[Has the fix been verified in Nightly?]: no
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: low risk
[Why is the change risky/not risky?]: This code looks safe, and we've tested the fix upstream.
[String changes made/needed]: none
Comment 12•4 years ago
|
||
Comment on attachment 9117922 [details] [diff] [review] 0001-Bug-1601703-beta72-Cherry-pick-lost-no-error-context.patch May be risky but the crash volume in beta is high enough that I think it's worth a try for the RC.
Comment 13•4 years ago
|
||
bugherder uplift |
Description
•