Crash in [@ strlen | std::basic_string<T>::assign]
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Tracking
()
People
(Reporter: gsvelto, Assigned: jgilbert)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
jcristau
:
approval-mozilla-esr78+
|
Details | Review |
This bug is for crash report bp-a786feaf-ea57-4075-970f-8fceb0200404.
Top 10 frames of crashing thread:
0 ucrtbase.dll strlen
1 xul.dll std::basic_string<char, std::char_traits<char>, std::allocator<char> >::assign vs2017_15.8.4/VC/include/xstring:2676
2 xul.dll mozilla::WebGLContext::GetString const dom/canvas/WebGLContext.cpp
3 xul.dll mozilla::RunOn<mozilla::Maybe<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > dom/canvas/ClientWebGLContext.cpp:372
4 xul.dll mozilla::ClientWebGLContext::GetParameter dom/canvas/ClientWebGLContext.cpp:1907
5 xul.dll mozilla::dom::WebGLRenderingContext_Binding::getParameter dom/bindings/WebGLRenderingContextBinding.cpp:18104
6 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3205
7 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:581
8 xul.dll Interpret js/src/vm/Interpreter.cpp:3040
9 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:616
This is a NULL
pointer access that started with 74.0. Disregard all crashes for older versions as they're unrelated and have different stacks. The stacks are consistent across versions and the oldest crash I could find is for 74.0 nightly with buildid 20200116214549.
Reporter | ||
Comment 1•4 years ago
|
||
I could find a handful of Linux crashes too so this isn't Windows-specific. Interestingly on Linux we hit a MOZ_CRASH()
instead of seg-faulting.
Comment 2•4 years ago
|
||
The priority flag is not set for this bug.
:jgilbert, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 3•4 years ago
|
||
We're calling std::string(nullptr)
, which is UB.
Assignee | ||
Comment 4•4 years ago
|
||
Updated•4 years ago
|
Pushed by jgilbert@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c8da9511671f Don't use nullptr with std::string. r=lsalzman
Comment 6•4 years ago
|
||
bugherder |
Assignee | ||
Comment 7•4 years ago
|
||
[Tracking Requested - why for this release]: ~500 crashes last Release cycle
Assignee | ||
Comment 8•4 years ago
|
||
[Tracking Requested - why for this release]: ~500 crashes in Firefox 78 Release cycle, so we expect equivalent crashiness on 78esr.
Assignee | ||
Comment 9•4 years ago
|
||
Comment on attachment 9172293 [details]
Bug 1627667 - Don't use nullptr with std::string.
Beta/Release Uplift Approval Request
- User impact if declined: ~500 crashes per cycle on Release
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: 78esr
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Straightforward and local patch.
- String changes made/needed: none
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 10•4 years ago
|
||
Comment on attachment 9172293 [details]
Bug 1627667 - Don't use nullptr with std::string.
Approved for 81.0b4.
Comment 11•4 years ago
|
||
bugherder uplift |
Comment 12•4 years ago
|
||
Please nominate this for ESR78 approval when you get a chance.
Assignee | ||
Comment 13•4 years ago
|
||
Comment on attachment 9172293 [details]
Bug 1627667 - Don't use nullptr with std::string.
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Medium-volume crash fix
- User impact if declined: Content process crashes.
- Fix Landed on Version: 81
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low risk because simple patch.
- String or UUID changes made by this patch: none
Comment 14•4 years ago
|
||
Comment on attachment 9172293 [details]
Bug 1627667 - Don't use nullptr with std::string.
approved for 78.3
Comment 15•4 years ago
|
||
bugherder uplift |
Description
•