Open Bug 1997070 Opened 2 months ago Updated 1 month ago

Calling `array<f32>()` without a size crashes WebGPU on Windows

Categories

(Core :: Graphics: WebGPU, defect, P1)

Product:
Core
Component:
Graphics: WebGPU
Version:
Firefox 144
Platform:
Desktop
Windows
Type:
defect

Tracking

()

People

(Reporter: brandmairstefan, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Attachments

(2 files)

crash-reproduction.html
933 bytes, text/html
Details
about:support
262.14 KB, text/plain
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0

Steps to reproduce:

I created a compute shader with the following code. There's also a index.html file attached which does the whole setup

@compute @workgroup_size(1)
        fn main() {
          let a = array<f32>(); // pretty sure this is invalid
        }

Actual results:

I then started a fresh Firefox, and opened the index.html.
The entire Firefox window flashed white for a moment. Then it got back under control and seemingly accepted the shader.

Reloading it repeats the same behavior. If I reload it often enough, I end up getting

Uncaught (in promise) DOMException: WebGPU is disabled by blocklist

Expected results:

It should have reject the shader.

And Firefox definitely shouldn't have flashed white.

Attached file about:support
Status: UNCONFIRMED → NEW
Crash Signature: https://crash-stats.mozilla.org/report/index/46de9328-a407-4cf3-b864-2bbd10251029
Ever confirmed: true
Keywords: crash

https://crash-stats.mozilla.org/report/index/46de9328-a407-4cf3-b864-2bbd10251029

Crash Signature: https://crash-stats.mozilla.org/report/index/46de9328-a407-4cf3-b864-2bbd10251029 → [@ naga::back::hlsl::Writer<T>::write_wrapped_zero_value_function_name<T> ]

This doesn't reproduce for me on macOS, but it does for Windows. Looking at the crash that's taking down the GPU process on Windows (which causes the symptoms you're noting with the screen blanking out), it seems that there's some validation not being done by our shader compiler for this problem. Yikes!

Filed wgpu#8442, since this is reproducible upstream using naga-cli.

See Also: → https://github.com/gfx-rs/wgpu/issues/8442

Can you set severity please? Thank you.

Flags: needinfo?(egubler)
Severity: -- → S3
Flags: needinfo?(egubler)
Attachment #9523154 - Attachment description: crash-repro.html → crash-reproduction.html

wgpu#8442 has been prioritized as P1 and assigned to me, so I'll update here accordingly.

Assignee: nobody → egubler
Status: NEW → ASSIGNED
Priority: -- → P1
OS: Unspecified → Windows
Hardware: Unspecified → Desktop
Summary: Calling array<f32>() without a size crashes WebGPU → Calling `array<f32>()` without a size crashes WebGPU on Windows
Assignee: egubler → nobody
Status: ASSIGNED → NEW
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: