Crash in [@ core::slice::slice_end_index_len_fail]
Categories
(Core :: Graphics: WebGPU, defect)
Tracking
()
People
(Reporter: arussell123, Unassigned)
Details
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/03320123-d975-452b-85ab-1951e0201126
MOZ_CRASH Reason: range end index 306944 out of range for slice of length 306880
Top 10 frames of crashing thread:
0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 libxul.so core::ops::function::Fn::call /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70
3 libxul.so std::panicking::rust_panic_with_hook library/std/src/panicking.rs:573
4 libxul.so std::panicking::begin_panic_handler::{{closure}} library/std/src/panicking.rs:476
5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace library/std/src/sys_common/backtrace.rs:153
6 libxul.so rust_begin_unwind library/std/src/panicking.rs:475
7 libxul.so core::panicking::panic_fmt library/core/src/panicking.rs:85
8 libxul.so core::slice::slice_end_index_len_fail library/core/src/slice/mod.rs:3149
9 libxul.so wgpu_server_queue_write_texture gfx/wgpu_bindings/src/server.rs:458
I encountered this crash while trying to run the minimal-winit
example from this code: https://github.com/euclio/pixels/tree/c4df2417a559438086f2cd6eedbf2924f73b636e (run the make.py
script to build the example and host a local server). Opening the server in Firefox will cause the browser to crash.
Here is the offending code:
self.context.queue.write_texture(
wgpu::TextureCopyView {
texture: &self.context.texture,
mip_level: 0,
origin: wgpu::Origin3d { x: 0, y: 0, z: 0 },
},
&self.pixels, // &[u8] with length 307200
wgpu::TextureDataLayout {
offset: 0,
bytes_per_row, // 1280
rows_per_image: self.context.texture_extent.height, // 240
},
self.context.texture_extent, // { width: 320, height: 240, depth: 1 }
);
The crash is "range end index 306944 out of range for slice of length 306880" in wgpu_server_queue_write_texture. It seems like an off-by-one somewhere, since 306880 is 320 less than the length of self.pixels.
Reporter | ||
Updated•4 years ago
|
Comment 1•4 years ago
|
||
The severity field is not set for this bug.
:kvark, could you have a look please?
For more information, please visit auto_nag documentation.
Comment 2•4 years ago
|
||
S3 for not being enabled by default in Nightly
Comment 3•3 years ago
|
||
The bug has a crash signature, thus the bug will be considered confirmed.
Comment 4•2 years ago
|
||
Closing because no crashes reported for 12 weeks.
Description
•