Crash in [@ mozilla::binding_danger::TErrorResult<T>::ThrowDOMException]
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox98 | --- | disabled |
| firefox99 | --- | fixed |
| firefox100 | --- | fixed |
People
(Reporter: aosmond, Assigned: aosmond)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-beta+
|
Details | Review |
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/0e8104a6-4588-410b-9bb5-4e59f0220312
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 XUL mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::ThrowDOMException dom/bindings/BindingUtils.cpp:429
1 XUL mozilla::webgl::FromOffscreenCanvas dom/canvas/WebGLTextureUpload.cpp:149
2 XUL mozilla::ClientWebGLContext::TexImage const dom/canvas/ClientWebGLContext.cpp:4027
3 XUL void mozilla::ClientWebGLContext::TexImage2D<mozilla::dom::OffscreenCanvas> const dom/canvas/ClientWebGLContext.h:1787
4 XUL mozilla::dom::WebGLRenderingContext_Binding::texImage2D dom/bindings/WebGLRenderingContextBinding.cpp:14394
5 XUL bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3307
6 XUL js::Call js/src/vm/Interpreter.cpp:589
7 XUL js::fun_apply js/src/vm/JSFunction.cpp:1022
8 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:512
9 XUL Interpret js/src/vm/Interpreter.cpp:3309
When we create a TexImageSourceAdapter for OffscreenCanvas, we don't actually supply an ErrorResult:
https://searchfox.org/mozilla-central/rev/d4d7611ee4dd0003b492b865bc5988a4e6afc985/dom/canvas/ClientWebGLContext.h#686
We pass the null ErrorResult to FromOffscreenCanvas:
https://searchfox.org/mozilla-central/rev/d4d7611ee4dd0003b492b865bc5988a4e6afc985/dom/canvas/ClientWebGLContext.cpp#4081
And we will attempt to set it here:
https://searchfox.org/mozilla-central/rev/d4d7611ee4dd0003b492b865bc5988a4e6afc985/dom/canvas/WebGLTextureUpload.cpp#149
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 1•2 years ago
|
||
The ErrorResult is actually used by FromOffscreenCanvas and setting this
properly will avoid a crash.
Pushed by aosmond@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/79702be188fc Ensure we initialize TexImageSourceAdapter::mOut_error for OffscreenCanvas. r=gfx-reviewers,nical
|
||
Comment 3•2 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 4•2 years ago
|
||
Comment on attachment 9267867 [details]
Bug 1759706 - Ensure we initialize TexImageSourceAdapter::mOut_error for OffscreenCanvas.
Beta/Release Uplift Approval Request
- User impact if declined: User may experience crashes for sites where OffscreenCanvas is enabled (Zoom in 99)
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low, as we are following an existing pattern to avoid a null pointer deref that would cause a crash 100% of the time we hit this error path anyways.
- String changes made/needed:
|
||
Comment 5•2 years ago
|
||
Comment on attachment 9267867 [details]
Bug 1759706 - Ensure we initialize TexImageSourceAdapter::mOut_error for OffscreenCanvas.
Approved for 99.0b5. Thanks.
|
|
||
Comment 6•2 years ago
|
||
| bugherder uplift | ||
|
|
||
Updated•2 years ago
|
Description
•