Closed
Bug 1694783
Opened 3 years ago
Closed 3 years ago
firefox: src/gl.cc:638: void Texture::set_buffer(void *, size_t): Assertion `new_stride >= buf_stride' failed.
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
VERIFIED
FIXED
88 Branch
| Tracking | Status | |
|---|---|---|
| firefox88 | --- | verified |
People
(Reporter: jkratzer, Assigned: lsalzman)
References
(Blocks 2 open bugs)
Details
(Keywords: testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev b3eb91f0b5a7 (built with --enable-debug).
firefox: src/gl.cc:638: void Texture::set_buffer(void *, size_t): Assertion `new_stride >= buf_stride' failed.
#0 0x7fd2ea65718b in raise /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
#1 0x7fd2ea636858 in abort /build/glibc-eX1tMB/glibc-2.31/stdlib/abort.c:79:7
#2 0x7fd2ea636728 in __assert_fail_base /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:92:3
#3 0x7fd2ea647f35 in __assert_fail /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:101:3
#4 0x7fd2dd61d0eb in set_buffer /builds/worker/checkouts/gecko/gfx/wr/swgl/src/gl.cc:638:5
#5 0x7fd2dd61d0eb in set_tex_storage(Texture&, unsigned int, int, int, void*, int, int, int) /builds/worker/checkouts/gecko/gfx/wr/swgl/src/gl.cc:1913:7
#6 0x7fd2dd612f9f in swgl::swgl_fns::Context::set_texture_buffer::h189d0db37a653736 /builds/worker/checkouts/gecko/gfx/wr/swgl/src/swgl_fns.rs:456:13
#7 0x7fd2dd142423 in wr_swgl_set_texture_buffer /builds/worker/checkouts/gecko/gfx/webrender_bindings/src/swgl_bindings.rs:69:5
#8 0x7fd2d6e85369 in mozilla::wr::RenderTextureHostSWGL::UpdatePlanes(mozilla::wr::RenderCompositor*, mozilla::wr::ImageRendering) /builds/worker/checkouts/gecko/gfx/webrender_bindings/RenderTextureHostSWGL.cpp:71:5
#9 0x7fd2d6e856c4 in mozilla::wr::RenderTextureHostSWGL::LockSWGL(unsigned char, void*, mozilla::wr::RenderCompositor*, mozilla::wr::ImageRendering) /builds/worker/checkouts/gecko/gfx/webrender_bindings/RenderTextureHostSWGL.cpp:106:10
#10 0x7fd2d6e91436 in wr_renderer_lock_external_image /builds/worker/checkouts/gecko/gfx/webrender_bindings/RendererOGL.cpp:74:21
#11 0x7fd2dd127c6c in _$LT$webrender_bindings..bindings..WrExternalImageHandler$u20$as$u20$webrender_api..image..ExternalImageHandler$GT$::lock::h492a683c9eb41d9f /builds/worker/checkouts/gecko/gfx/webrender_bindings/src/bindings.rs:421:30
#12 0x7fd2dd3e1eda in webrender::renderer::Renderer::update_deferred_resolves::ha9f3eb66410f97d9 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/mod.rs:4065:25
#13 0x7fd2dd3e1eda in webrender::renderer::gpu_cache::_$LT$impl$u20$webrender..renderer..Renderer$GT$::prepare_gpu_cache::h334fc2c058b51fdc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/gpu_cache.rs:496:36
#14 0x7fd2dd42282f in webrender::renderer::Renderer::render_impl::h4a444b2d2db13a95 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/mod.rs:2139:15
#15 0x7fd2dd420f78 in webrender::renderer::Renderer::render::hff872ed6c710b9bb /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/mod.rs:1886:30
#16 0x7fd2dd128187 in wr_renderer_render /builds/worker/checkouts/gecko/gfx/webrender_bindings/src/bindings.rs:637:11
#17 0x7fd2d6e91ef7 in mozilla::wr::RendererOGL::UpdateAndRender(mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*, mozilla::wr::RendererStats*) /builds/worker/checkouts/gecko/gfx/webrender_bindings/RendererOGL.cpp:186:8
#18 0x7fd2d6e88d32 in mozilla::wr::RenderThread::UpdateAndRender(mozilla::wr::WrWindowId, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType> const&, mozilla::TimeStamp const&, bool, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*) /builds/worker/checkouts/gecko/gfx/webrender_bindings/RenderThread.cpp:482:31
#19 0x7fd2d6e886df in mozilla::wr::RenderThread::HandleFrameOneDoc(mozilla::wr::WrWindowId, bool) /builds/worker/checkouts/gecko/gfx/webrender_bindings/RenderThread.cpp:337:3
#20 0x7fd2d6e8fefe in applyImpl<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), StoreCopyPassByConstLRef<mozilla::wr::WrWindowId>, StoreCopyPassByConstLRef<bool> , 0, 1> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1148:12
#21 0x7fd2d6e8fefe in apply<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1154:12
#22 0x7fd2d6e8fefe in mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), true, (mozilla::RunnableKind)0, mozilla::wr::WrWindowId, bool>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1201:13
#23 0x7fd2d5e00c2c in MessageLoop::RunTask(already_AddRefed<nsIRunnable>) /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:468:11
#24 0x7fd2d5e01795 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:477:5
#25 0x7fd2d5e01a3a in MessageLoop::DoWork() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:552:13
#26 0x7fd2d5e02420 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_pump_default.cc:35:31
#27 0x7fd2d5e00893 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
#28 0x7fd2d5e007ad in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
#29 0x7fd2d5e007ad in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
#30 0x7fd2d5e0ed17 in base::Thread::ThreadMain() /builds/worker/checkouts/gecko/ipc/chromium/src/base/thread.cc:191:16
#31 0x7fd2d5e0a269 in ThreadFunc(void*) /builds/worker/checkouts/gecko/ipc/chromium/src/base/platform_thread_posix.cc:40:13
#32 0x7fd2eab6a608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#33 0x7fd2ea733292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
||
Updated•3 years ago
|
Blocks: sw-wr-stability
|
||
Comment 1•3 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210225092306-8708c121e21c.
The bug appears to have been introduced in the following build range:
Start: a1d9f08caae73299fd017c2c341cf7cf146a28e4 (20200819204025)
End: f83951453e94df4d4bf9930127a06bc8f878242a (20200819204308)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=a1d9f08caae73299fd017c2c341cf7cf146a28e4&tochange=f83951453e94df4d4bf9930127a06bc8f878242a
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
|
Assignee | |
Comment 2•3 years ago
|
||
We should be reasonably hardened these days against using linear filters and over-reading
things when we shouldn't. There isn't as much need for strict alignment requirements on
external buffers anymore.
|
||
Updated•3 years ago
|
Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
|
||
Comment 3•3 years ago
|
||
:lsalzman, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
Flags: needinfo?(lsalzman)
|
|
Assignee | |
Updated•3 years ago
|
Flags: needinfo?(lsalzman)
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/74d1f3c7ad15 Reduce alignment requirements for external buffers in SWGL. r=aosmond
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch
|
|
||
Comment 6•3 years ago
|
||
Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20210308094833-31551f880fc3.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
You need to log in
before you can comment on or make changes to this bug.
Description
•