Closed Bug 1679450 Opened 4 years ago Closed 2 years ago

Crash in [@ core::slice::slice_end_index_len_fail]

Categories

(Core :: Graphics: WebGPU, defect)

x86_64
Linux
defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: arussell123, Unassigned)

Details

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/03320123-d975-452b-85ab-1951e0201126

MOZ_CRASH Reason: range end index 306944 out of range for slice of length 306880

Top 10 frames of crashing thread:

0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 libxul.so core::ops::function::Fn::call /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70
3 libxul.so std::panicking::rust_panic_with_hook library/std/src/panicking.rs:573
4 libxul.so std::panicking::begin_panic_handler::{{closure}} library/std/src/panicking.rs:476
5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace library/std/src/sys_common/backtrace.rs:153
6 libxul.so rust_begin_unwind library/std/src/panicking.rs:475
7 libxul.so core::panicking::panic_fmt library/core/src/panicking.rs:85
8 libxul.so core::slice::slice_end_index_len_fail library/core/src/slice/mod.rs:3149
9 libxul.so wgpu_server_queue_write_texture gfx/wgpu_bindings/src/server.rs:458

I encountered this crash while trying to run the minimal-winit example from this code: https://github.com/euclio/pixels/tree/c4df2417a559438086f2cd6eedbf2924f73b636e (run the make.py script to build the example and host a local server). Opening the server in Firefox will cause the browser to crash.

Here is the offending code:

        self.context.queue.write_texture(
            wgpu::TextureCopyView {
                texture: &self.context.texture,
                mip_level: 0,
                origin: wgpu::Origin3d { x: 0, y: 0, z: 0 },
            },
            &self.pixels, // &[u8] with length 307200
            wgpu::TextureDataLayout {
                offset: 0,
                bytes_per_row, // 1280
                rows_per_image: self.context.texture_extent.height, // 240
            },
            self.context.texture_extent, // { width: 320, height: 240, depth: 1 }
        );

The crash is "range end index 306944 out of range for slice of length 306880" in wgpu_server_queue_write_texture. It seems like an off-by-one somewhere, since 306880 is 320 less than the length of self.pixels.

Component: General → Graphics: WebGPU
Product: Firefox → Core

The severity field is not set for this bug.
:kvark, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dmalyshau)

S3 for not being enabled by default in Nightly

Severity: -- → S3
Flags: needinfo?(dmalyshau)

The bug has a crash signature, thus the bug will be considered confirmed.

Status: UNCONFIRMED → NEW
Ever confirmed: true

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.