Closed Bug 1685100 Opened 4 years ago Closed 4 years ago

src/gl.cc:419: int DepthCursor::skip_failed(uint16_t) [FUNC = 515]: Assertion `valid()' failed.

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1679598

People

(Reporter: geeknik, Unassigned)

Details

(Keywords: assertion, nightly-community, reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

1-crash.html
39.37 KB, text/html
Details
Attached file 1-crash.html

Whilst fuzzing Firefox Nightly (ASAN) Build ID 20210105094403, we're able to crash the browser by triggering an Assertion Failure. The profile is clean and about:support reports Compositing WebRender (Software).

###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost

Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0) (t=1725.73) [GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0)
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0) (t=1725.73) |[C1][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0) (t=1725.74) [GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0)
[Child 170558, MediaDecoderStateMachine #1] WARNING: Decoder=617000177300 state=DECODING_METADATA Decode metadata failed, shutting down decoder: file /builds/worker/checkouts/gecko/dom/media/MediaDecoderStateMachine.cpp:368
[Child 170558, MediaDecoderStateMachine #1] WARNING: Decoder=617000177300 Decode error: NS_ERROR_DOM_MEDIA_METADATA_ERR (0x806e0006): file /builds/worker/checkouts/gecko/dom/media/MediaDecoderStateMachine.cpp:3465
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0) (t=1725.73) |[C1][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(10,0) (t=1725.74) |[C2][GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(0,0) (t=2118.28) [GFX1-]: Failed to allocate a surface due to invalid size (CDT) Size(0,0)
firefox: src/gl.cc:419: int DepthCursor::skip_failed(uint16_t) [FUNC = 515]: Assertion `valid()' failed.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=466.467) [GFX1-]: Receive IPC close with reason=AbnormalShutdown
Exiting due to channel error.
Flags: sec-bounty?
Group: firefox-core-security → core-security
Component: Security → Graphics: WebRender
Keywords: assertion, nightly-community
OS: Unspecified → Linux
Product: Firefox → Core
Hardware: Unspecified → x86_64
Version: unspecified → Trunk
Type: task → defect
Group: core-security
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: