Closed
Bug 1778549
Opened 2 years ago
Closed 2 years ago
Hit MOZ_CRASH(Bad `packing`.) at /dom/canvas/WebGLFormats.cpp:685
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Tracking
()
VERIFIED
FIXED
105 Branch
| Tracking | Status | |
|---|---|---|
| firefox105 | --- | verified |
People
(Reporter: jkratzer, Assigned: jgilbert)
References
(Blocks 1 open bug)
Details
(Keywords: testcase, Whiteboard: [bugmon:bisected,confirmed][fuzzblocker])
Crash Data
Attachments
(2 files, 1 obsolete file)
Testcase found while fuzzing mozilla-central rev f93461c8f7ba (built with: --enable-address-sanitizer --enable-fuzzing).
Since this testcase is relatively simple, I'm going to mark it as a fuzzblocker. Please prioritize it accordingly.
Testcase can be reproduced using the following commands:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build f93461c8f7ba --asan --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Hit MOZ_CRASH(Bad `packing`.) at /dom/canvas/WebGLFormats.cpp:685
=================================================================
==235686==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7f8c90a530e7 bp 0x7f8c6e2addf0 sp 0x7f8c6e2adb60 T44)
==235686==The signal is caused by a WRITE memory access.
==235686==Hint: address points to the zero page.
#0 0x7f8c90a530e7 in mozilla::webgl::BytesPerPixel(mozilla::webgl::PackingInfo const&) /dom/canvas/WebGLFormats.cpp:685:3
#1 0x7f8c90a52b9b in mozilla::WebGLContext::ReadPixelsPbo(mozilla::webgl::ReadPixelsDesc const&, unsigned long) /dom/canvas/WebGLContextGL.cpp:937:9
#2 0x7f8c90afaba4 in ReadPixelsPbo /dom/canvas/HostWebGLContext.h:653:15
#3 0x7f8c90afaba4 in auto bool mozilla::MethodDispatcher<mozilla::WebGLMethodDispatcher, 87ul, void (mozilla::HostWebGLContext::*)(mozilla::webgl::ReadPixelsDesc const&, unsigned long) const, &(mozilla::HostWebGLContext::ReadPixelsPbo(mozilla::webgl::ReadPixelsDesc const&, unsigned long) const)>::DispatchCommand<mozilla::HostWebGLContext>(mozilla::HostWebGLContext&, unsigned long, mozilla::webgl::RangeConsumerView&)::'lambda'(auto&...)::operator()<mozilla::webgl::ReadPixelsDesc, unsigned long>(auto&...) const /dom/canvas/WebGLCommandQueue.h:246:13
#4 0x7f8c90a9c16c in __invoke_impl<bool, (lambda at /dom/canvas/WebGLCommandQueue.h:238:11), mozilla::webgl::ReadPixelsDesc &, unsigned long &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/invoke.h:60:14
#5 0x7f8c90a9c16c in __invoke<(lambda at /dom/canvas/WebGLCommandQueue.h:238:11), mozilla::webgl::ReadPixelsDesc &, unsigned long &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/invoke.h:95:14
#6 0x7f8c90a9c16c in __apply_impl<(lambda at /dom/canvas/WebGLCommandQueue.h:238:11), std::tuple<mozilla::webgl::ReadPixelsDesc, unsigned long> &, 0UL, 1UL> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/tuple:1662:14
#7 0x7f8c90a9c16c in apply<(lambda at /dom/canvas/WebGLCommandQueue.h:238:11), std::tuple<mozilla::webgl::ReadPixelsDesc, unsigned long> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/tuple:1671:14
#8 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:237:14
#9 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#10 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#11 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#12 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#13 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#14 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#15 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#16 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#17 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#18 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#19 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#20 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#21 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#22 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#23 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#24 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#25 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#26 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#27 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#28 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#29 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#30 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#31 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#32 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#33 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#34 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#35 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#36 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#37 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#38 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#39 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#40 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#41 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#42 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#43 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#44 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#45 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#46 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#47 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#48 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#49 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#50 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#51 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#52 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#53 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#54 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#55 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#56 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#57 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#58 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#59 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#60 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#61 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#62 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#63 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#64 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#65 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#66 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#67 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#68 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#69 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#70 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#71 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#72 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#73 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#74 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#75 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#76 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#77 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#78 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#79 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#80 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#81 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#82 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#83 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#84 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#85 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#86 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#87 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#88 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#89 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#90 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#91 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#92 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#93 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#94 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#95 0x7f8c90a9c16c in DispatchCommand<mozilla::HostWebGLContext> /dom/canvas/WebGLCommandQueue.h:251:12
#96 0x7f8c90a9c16c in mozilla::dom::WebGLParent::RecvDispatchCommands(mozilla::ipc::Shmem&&, unsigned long) /dom/canvas/WebGLParent.cpp:68:21
#97 0x7f8c90be3085 in mozilla::dom::PWebGLParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PWebGLParent.cpp:243:79
#98 0x7f8c8df84b0c in mozilla::gfx::PCanvasManagerParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PCanvasManagerParent.cpp:214:32
#99 0x7f8c8ccdf9b9 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /ipc/glue/MessageChannel.cpp:1749:25
#100 0x7f8c8ccdca27 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) /ipc/glue/MessageChannel.cpp:1674:9
#101 0x7f8c8ccdd674 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /ipc/glue/MessageChannel.cpp:1474:3
#102 0x7f8c8ccde902 in mozilla::ipc::MessageChannel::MessageTask::Run() /ipc/glue/MessageChannel.cpp:1572:14
#103 0x7f8c8b56a5fe in nsThread::ProcessNextEvent(bool, bool*) /xpcom/threads/nsThread.cpp:1199:16
#104 0x7f8c8b574254 in NS_ProcessNextEvent(nsIThread*, bool) /xpcom/threads/nsThreadUtils.cpp:465:10
#105 0x7f8c8cce8a7b in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:300:20
#106 0x7f8c8cb67551 in RunInternal /ipc/chromium/src/base/message_loop.cc:380:10
#107 0x7f8c8cb67551 in RunHandler /ipc/chromium/src/base/message_loop.cc:373:3
#108 0x7f8c8cb67551 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:355:3
#109 0x7f8c8b561748 in nsThread::ThreadFunc(void*) /xpcom/threads/nsThread.cpp:384:10
#110 0x7f8cb28d3b7e in _pt_root /nsprpub/pr/src/pthreads/ptthread.c:201:5
#111 0x7f8cb350a608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#112 0x7f8cb30d1132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /dom/canvas/WebGLFormats.cpp:685:3 in mozilla::webgl::BytesPerPixel(mozilla::webgl::PackingInfo const&)
Thread T44 (Compositor) created by T0 here:
#0 0x555b0fb2665c in __interceptor_pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:208:3
#1 0x7f8cb28c3c2c in _PR_CreateThread /nsprpub/pr/src/pthreads/ptthread.c:458:14
#2 0x7f8cb28b4fce in PR_CreateThread /nsprpub/pr/src/pthreads/ptthread.c:533:12
#3 0x7f8c8b5646c5 in nsThread::Init(nsTSubstring<char> const&) /xpcom/threads/nsThread.cpp:618:18
#4 0x7f8c8b571af8 in nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /xpcom/threads/nsThreadManager.cpp:534:12
#5 0x7f8c8b57df59 in NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, unsigned int) /xpcom/threads/nsThreadUtils.cpp:161:57
#6 0x7f8c8db66802 in NS_NewNamedThread<11UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:74:10
#7 0x7f8c8db66802 in mozilla::layers::CompositorThreadHolder::CreateCompositorThread() /gfx/layers/ipc/CompositorThread.cpp:66:17
#8 0x7f8c8db66d09 in CompositorThreadHolder /gfx/layers/ipc/CompositorThread.cpp:40:25
#9 0x7f8c8db66d09 in mozilla::layers::CompositorThreadHolder::Start() /gfx/layers/ipc/CompositorThread.cpp:109:33
#10 0x7f8c8ddd631c in gfxPlatform::Init() /gfx/thebes/gfxPlatform.cpp:953:3
#11 0x7f8c8ddd997e in GetPlatform /gfx/thebes/gfxPlatform.cpp:459:5
#12 0x7f8c8ddd997e in gfxPlatform::InitializeCMS() /gfx/thebes/gfxPlatform.cpp:2058:9
#13 0x7f8c93d328fc in EnsureCMSInitialized /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:968:7
#14 0x7f8c93d328fc in gfxPlatform::GetCMSMode() /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:526:5
#15 0x7f8c93d31e9e in nsXPLookAndFeel::GetUncachedColor(mozilla::StyleSystemColor, mozilla::ColorScheme, mozilla::LookAndFeel::UseStandins) /widget/nsXPLookAndFeel.cpp:926:9
#16 0x7f8c93d31a35 in nsXPLookAndFeel::GetColorValue(mozilla::StyleSystemColor, mozilla::ColorScheme, mozilla::LookAndFeel::UseStandins, unsigned int&) /widget/nsXPLookAndFeel.cpp:906:17
#17 0x7f8c93d35d46 in mozilla::LookAndFeel::GetColor(mozilla::StyleSystemColor, mozilla::ColorScheme, mozilla::LookAndFeel::UseStandins) /widget/nsXPLookAndFeel.cpp:1323:47
#18 0x7f8c93ca1101 in Color /builds/worker/workspace/obj-build/dist/include/mozilla/LookAndFeel.h:440:12
#19 0x7f8c93ca1101 in GetAccentColor /widget/ThemeColors.cpp:90:7
#20 0x7f8c93ca1101 in mozilla::widget::ThemeColors::RecomputeAccentColors() /widget/ThemeColors.cpp:193:20
#21 0x7f8c93ca0d3d in mozilla::widget::Theme::LookAndFeelChanged() /widget/Theme.cpp:180:3
#22 0x7f8c93d2fdce in nsXPLookAndFeel::GetInstance() /widget/nsXPLookAndFeel.cpp:383:3
#23 0x7f8c93d36805 in mozilla::LookAndFeel::GetThemeInfo(nsTSubstring<char>&) /widget/nsXPLookAndFeel.cpp:1436:3
#24 0x7f8c8b3c38fa in nsSystemInfo::Init() /xpcom/base/nsSystemInfo.cpp:1047:5
#25 0x7f8c8b4dcc1a in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:11830:7
#26 0x7f8c8b516c6e in CreateInstance /xpcom/components/nsComponentManager.cpp:184:46
#27 0x7f8c8b516c6e in nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor> >&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /xpcom/components/nsComponentManager.cpp:977:17
#28 0x7f8c8b517738 in nsComponentManagerImpl::GetService(mozilla::xpcom::ModuleID, nsID const&, void**) /xpcom/components/nsComponentManager.cpp:1067:10
#29 0x7f8c8b4fd64d in mozilla::xpcom::GetServiceHelper::operator()(nsID const&, void**) const /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12734:50
#30 0x7f8c8b379fe1 in nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const&, nsID const&) /xpcom/base/nsCOMPtr.cpp:109:7
#31 0x7f8c8cff9bf1 in nsCOMPtr /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:999:5
#32 0x7f8c8cff9bf1 in xpc::GetServiceImpl(JSContext*, mozilla::xpcom::JSServiceEntry const&, JS::MutableHandle<JSObject*>, mozilla::ErrorResult&) /js/xpconnect/src/JSServices.cpp:83:32
#33 0x7f8c8cff9678 in xpc::GetService(JSContext*, mozilla::xpcom::JSServiceEntry const&, mozilla::ErrorResult&) /js/xpconnect/src/JSServices.cpp:130:8
#34 0x7f8c8cff85a1 in xpc::Services_Resolve(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, bool*) /js/xpconnect/src/JSServices.cpp:153:25
#35 0x7f8c993b9456 in CallResolveOp /js/src/vm/NativeObject-inl.h:641:8
#36 0x7f8c993b9456 in NativeLookupOwnPropertyInline<js::CanGC, js::LookupResolveMode::CheckResolve> /js/src/vm/NativeObject-inl.h:753:14
#37 0x7f8c993b9456 in NativeGetPropertyInline<js::CanGC> /js/src/vm/NativeObject.cpp:2126:10
#38 0x7f8c993b9456 in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) /js/src/vm/NativeObject.cpp:2174:10
#39 0x7f8c9903d244 in GetProperty /js/src/vm/ObjectOperations-inl.h:120:10
#40 0x7f8c9903d244 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::PropertyName*, JS::MutableHandle<JS::Value>) /js/src/vm/ObjectOperations-inl.h:127:10
#41 0x7f8c9ab311e3 in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) /js/src/vm/Interpreter.cpp:4684:10
#42 0x7f8c9ab02c52 in Interpret(JSContext*, js::RunState&) /js/src/vm/Interpreter.cpp:2995:12
#43 0x7f8c9aafd9b9 in js::RunScript(JSContext*, js::RunState&) /js/src/vm/Interpreter.cpp:390:13
#44 0x7f8c9ab29f9e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /js/src/vm/Interpreter.cpp:540:13
#45 0x7f8c9ab2ba7e in InternalCall /js/src/vm/Interpreter.cpp:575:10
#46 0x7f8c9ab2ba7e in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /js/src/vm/Interpreter.cpp:606:8
#47 0x7f8c991d6ec4 in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /js/src/vm/CallAndConstruct.cpp:53:10
#48 0x7f8c8d03fd55 in nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /js/xpconnect/src/XPCWrappedJSClass.cpp:981:17
#49 0x7f8c8b5c27d2 in PrepareAndDispatch /xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:115:37
#50 0x7f8c8b5c1522 in SharedStub xptcstubs_x86_64_linux.cpp
#51 0x7f8c8b5104fd in NS_CreateServicesFromCategory(char const*, nsISupports*, char const*, char16_t const*) /xpcom/components/nsCategoryManager.cpp:682:19
#52 0x7f8c98cfd929 in nsXREDirProvider::DoStartup() /toolkit/xre/nsXREDirProvider.cpp:936:11
#53 0x7f8c98cd5420 in XREMain::XRE_mainRun() /toolkit/xre/nsAppRunner.cpp:5462:18
#54 0x7f8c98cd7cee in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:5913:8
#55 0x7f8c98cd8a6b in XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:5981:21
#56 0x555b0fb7b8e1 in do_main(int, char**, char**) /browser/app/nsBrowserApp.cpp:227:22
#57 0x555b0fb7ac1e in main /browser/app/nsBrowserApp.cpp:406:16
#58 0x7f8cb2fd6082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
==235686==ABORTING
|
Reporter | |
Comment 1•2 years ago
|
||
|
||
Comment 2•2 years ago
|
||
Bugmon Analysis
Verified bug as reproducible on mozilla-central 20220707214915-f609957386ac.
Unable to bisect testcase (Testcase reproduces on start build!):
Start: 9b0fc6f1555b248ec451d0947a85ed224847fdec (20210709035203)
End: f93461c8f7bac0491ec2acce3a98a58bea6acb9d (20220706151542)
BuildFlags: BuildFlags(asan=True, tsan=False, debug=False, fuzzing=True, coverage=False, valgrind=False, no_opt=False, fuzzilli=False, nyx=False)
Whiteboard: [bugmon:confirm][fuzzblocker] → [bugmon:bisected,confirmed][fuzzblocker]
|
||
Comment 3•2 years ago
|
||
Crash Signature: [@ mozilla::webgl::BytesPerPixel ]
|
||
Comment 4•2 years ago
|
||
The severity field is not set for this bug.
:aosmond, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(aosmond)
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → jgilbert
Severity: -- → S4
Priority: -- → P1
|
||
Updated•2 years ago
|
Flags: needinfo?(aosmond)
|
|
Assignee | |
Comment 5•2 years ago
|
||
|
|
Assignee | |
Comment 6•2 years ago
|
||
|
||
Updated•2 years ago
|
Attachment #9288011 -
Attachment is obsolete: true
Pushed by jgilbert@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/13d94a22d3cf Don't crash on validation failure in ReadPixelsPbo. r=gfx-reviewers,lsalzman
|
||
Comment 8•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox105:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
|
|
||
Comment 9•2 years ago
|
||
Bugmon Analysis
Verified bug as fixed on rev mozilla-central 20220803094413-2b0355f2d9f2.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
You need to log in
before you can comment on or make changes to this bug.
Description
•