579191 - crash in WebGLContext::CompileShader [@ nsDependentCString::AssertValid]

Status: RESOLVED FIXED

(Core :: Graphics: CanvasWebGL, defect)

Description

[Benoit Jacob [:bjacob] (mostly away)]

While running the webgl conformance test suite.

backtrace:

#0  0x000000381e0a6afd in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x000000381e0a6970 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007fdcfd2d8dfc in ah_crap_handler (signum=11) at /home/bjacob/mozilla-central/toolkit/xre/nsSigHandlers.cpp:132
#3  0x00007fdcfd2ddb9d in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fffcd1066b0, context=0x7fffcd106580) at nsProfileLock.cpp:221
#4  <signal handler called>
#5  0x00007fdcfd2b36cc in nsDependentCString::AssertValid (this=0x7fffcd106a60) at ../../../../dist/include/nsTDependentString.h:67
#6  0x00007fdcfd419e50 in nsDependentCString::nsDependentCString (this=0x7fffcd106a60, str=...) at ../../../dist/include/nsTDependentString.h:98
#7  0x00007fdcfd99b9b3 in mozilla::WebGLContext::CompileShader (this=0x7fdcf0bbac00, sobj=0x7fdce2de9fe0)
    at /home/bjacob/mozilla-central/content/canvas/src/WebGLContextGL.cpp:2892
#8  0x00007fdcfe1b2dea in nsICanvasRenderingContextWebGL_CompileShader (cx=0x7fdce9490800, argc=1, vp=0x7fdcf0efe608) at dom_quickstubs.cpp:24361
#9  0x00007fdcfc852a38 in js_Interpret (cx=0x7fdce9490800) at /home/bjacob/mozilla-central/js/src/jsops.cpp:2145
#10 0x00007fdcfc868929 in Invoke<JSBool (*)(JSContext*, JSObject*, uintN, jsval*, jsval*)> (cx=0x7fdce9490800, fun=0x7fdce6fc48c0, script=
    0x7fdce61d3860, native=0, args=..., flags=0) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:602
#11 0x00007fdcfc865c37 in js_Invoke (cx=0x7fdce9490800, args=..., flags=0) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:693
#12 0x00007fdcfc865e95 in js_InternalInvoke (cx=0x7fdce9490800, thisv=140586744765120, fval=140586744816768, flags=0, argc=1, argv=0x7fdce5f03020, rval=
    0x7fffcd1076c8) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:739
#13 0x00007fdcfc7c8fb8 in JS_CallFunctionValue (cx=0x7fdce9490800, obj=0x7fdce6fb5ac0, fval=140586744816768, argc=1, argv=0x7fdce5f03020, rval=
    0x7fffcd1076c8) at /home/bjacob/mozilla-central/js/src/jsapi.cpp:4850
#14 0x00007fdcfdbb2086 in nsJSContext::CallEventHandler (this=0x7fdce94b2860, aTarget=0x7fdce9429068, aScope=0x7fdce6fb5ac0, aHandler=0x7fdce6fc2480, 
    aargv=0x7fdce6139160, arv=0x7fffcd107860) at /home/bjacob/mozilla-central/dom/base/nsJSEnvironment.cpp:2204
#15 0x00007fdcfdc3fea0 in nsJSEventListener::HandleEvent (this=0x7fdce6160500, aEvent=0x7fdcec5a4920)
    at /home/bjacob/mozilla-central/dom/src/events/nsJSEventListener.cpp:228
#16 0x00007fdcfd9aa8d1 in nsEventListenerManager::HandleEventSubType (this=0x7fdce622e030, aListenerStruct=0x7fdce72556e0, aListener=0x7fdce6160500, 
    aDOMEvent=0x7fdcec5a4920, aCurrentTarget=0x7fdce9429088, aPhaseFlags=6, aPusher=0x7fffcd107f30)
    at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.cpp:1094
#17 0x00007fdcfd9aad90 in nsEventListenerManager::HandleEventInternal (this=0x7fdce622e030, aPresContext=0x7fdce9426000, aEvent=0x7fffcd108060, 
    aDOMEvent=0x7fffcd107f00, aCurrentTarget=0x7fdce9429088, aFlags=6, aEventStatus=0x7fffcd107f08, aPusher=0x7fffcd107f30)
    at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.cpp:1190
#18 0x00007fdcfd9d67b9 in nsEventListenerManager::HandleEvent (this=0x7fdce622e030, aPresContext=0x7fdce9426000, aEvent=0x7fffcd108060, aDOMEvent=
    0x7fffcd107f00, aCurrentTarget=0x7fdce9429088, aFlags=6, aEventStatus=0x7fffcd107f08, aPusher=0x7fffcd107f30)
    at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.h:146
#19 0x00007fdcfd9d6ce9 in nsEventTargetChainItem::HandleEvent (this=0x7fdcf0463508, aVisitor=..., aFlags=6, aMayHaveNewListenerManagers=0, aPusher=
    0x7fffcd107f30) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:212
#20 0x00007fdcfd9d496e in nsEventTargetChainItem::HandleEventTargetChain (this=0x7fdcf0463658, aVisitor=..., aFlags=6, aCallback=0x0, 
    aMayHaveNewListenerManagers=0, aPusher=0x7fffcd107f30) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:341
#21 0x00007fdcfd9d5705 in nsEventDispatcher::Dispatch (aTarget=0x7fdce9490400, aPresContext=0x7fdce9426000, aEvent=0x7fffcd108060, aDOMEvent=0x0, 
---Type <return> to continue, or q <return> to quit---
    aEventStatus=0x7fffcd1080ac, aCallback=0x0, aTargets=0x0) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:628
#22 0x00007fdcfd585d24 in DocumentViewerImpl::LoadComplete (this=0x7fdce9347a80, aStatus=0)
    at /home/bjacob/mozilla-central/layout/base/nsDocumentViewer.cpp:1037
#23 0x00007fdcfe208754 in nsDocShell::EndPageLoad (this=0x7fdce9425400, aProgress=0x7fdce9425428, aChannel=0x7fdce72bc5b0, aStatus=0)
    at /home/bjacob/mozilla-central/docshell/base/nsDocShell.cpp:5794
#24 0x00007fdcfe207ff1 in nsDocShell::OnStateChange (this=0x7fdce9425400, aProgress=0x7fdce9425428, aRequest=0x7fdce72bc5b0, aStateFlags=131088, aStatus=
    0) at /home/bjacob/mozilla-central/docshell/base/nsDocShell.cpp:5654
#25 0x00007fdcfe23591d in nsDocLoader::FireOnStateChange (this=0x7fdce9425400, aProgress=0x7fdce9425428, aRequest=0x7fdce72bc5b0, aStateFlags=131088, 
    aStatus=0) at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:1321
#26 0x00007fdcfe234648 in nsDocLoader::doStopDocumentLoad (this=0x7fdce9425400, request=0x7fdce72bc5b0, aStatus=0)
    at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:929
#27 0x00007fdcfe234231 in nsDocLoader::DocLoaderIsEmpty (this=0x7fdce9425400, aFlushLayout=1)
    at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:805
#28 0x00007fdcfe233d5e in nsDocLoader::OnStopRequest (this=0x7fdce9425400, aRequest=0x7fdce63020c0, aCtxt=0x0, aStatus=0)
    at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:700
#29 0x00007fdcfd3259bd in nsLoadGroup::RemoveRequest (this=0x7fdce9403ea0, request=0x7fdce63020c0, ctxt=0x0, aStatus=0)
    at /home/bjacob/mozilla-central/netwerk/base/src/nsLoadGroup.cpp:680
#30 0x00007fdcfd8be37f in nsDocument::DoUnblockOnload (this=0x7fdce28f6000) at /home/bjacob/mozilla-central/content/base/src/nsDocument.cpp:6945
#31 0x00007fdcfd8be140 in nsDocument::UnblockOnload (this=0x7fdce28f6000, aFireSync=1)
    at /home/bjacob/mozilla-central/content/base/src/nsDocument.cpp:6887
#32 0x00007fdcfd8b3177 in nsDocument::DispatchContentLoadedEvents (this=0x7fdce28f6000)
    at /home/bjacob/mozilla-central/content/base/src/nsDocument.cpp:3888
#33 0x00007fdcfd8ce256 in nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run (this=0x7fdce6139220) at ../../../dist/include/nsThreadUtils.h:347
#34 0x00007fdcfe8acf4f in nsThread::ProcessNextEvent (this=0x7fdcfad38d70, mayWait=0, result=0x7fffcd108c9c)
    at /home/bjacob/mozilla-central/xpcom/threads/nsThread.cpp:547
#35 0x00007fdcfe839965 in NS_ProcessNextEvent_P (thread=0x7fdcfad38d70, mayWait=0) at nsThreadUtils.cpp:250
#36 0x00007fdcfe6eac02 in mozilla::ipc::MessagePump::Run (this=0x7fdcfadaf740, aDelegate=0x7fdcfadd21c0)
    at /home/bjacob/mozilla-central/ipc/glue/MessagePump.cpp:118
#37 0x00007fdcfe91b561 in MessageLoop::RunInternal (this=0x7fdcfadd21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:219
#38 0x00007fdcfe91b4e6 in MessageLoop::RunHandler (this=0x7fdcfadd21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:202
#39 0x00007fdcfe91b477 in MessageLoop::Run (this=0x7fdcfadd21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:176
#40 0x00007fdcfe590291 in nsBaseAppShell::Run (this=0x7fdcf33e0a20) at /home/bjacob/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:175
#41 0x00007fdcfe2e5c41 in nsAppStartup::Run (this=0x7fdcf0cbb4c0) at /home/bjacob/mozilla-central/toolkit/components/startup/src/nsAppStartup.cpp:191
#42 0x00007fdcfd2cacdd in XRE_main (argc=4, argv=0x7fffcd1098f8, aAppData=0x7fdcfad250f0)
    at /home/bjacob/mozilla-central/toolkit/xre/nsAppRunner.cpp:3603
#43 0x0000000000401f4f in main (argc=4, argv=0x7fffcd1098f8) at /home/bjacob/mozilla-central/browser/app/nsBrowserApp.cpp:158


in frame 7, Source() returns a null-string:

(gdb) frame 7
#7  0x00007fdcfd99b9b3 in mozilla::WebGLContext::CompileShader (this=0x7fdcf0bbac00, sobj=0x7fdce2de9fe0)
    at /home/bjacob/mozilla-central/content/canvas/src/WebGLContextGL.cpp:2892
2892            const char *s = nsDependentCString(shader->Source()).get();
(gdb) print shader
$1 = (mozilla::WebGLShader *) 0x7fdce9490800
(gdb) print shader->Source()
$2 = (const nsCString &) @0x7fdce9490838: {<nsACString_internal> = {mData = 0x0, mLength = 0, mFlags = 0}, <No data fields>}

Comment 1

[Benoit Jacob [:bjacob] (mostly away)]

Note: this is outside of the ANGLE path. I haven't done anything explicitly to enable ANGLE. I'm on linux x86-64.

Comment 3

[Benoit Jacob [:bjacob] (mostly away)]

Attachment: Fix crash in CompileShader

It's just that shader was an uninitialized pointer, needed to use GetConcreteObjectAndGLName instead of GetGLName.

Comment 4

[Benoit Jacob [:bjacob] (mostly away)]

Attachment: Fix crash in CompileShader and friends

...actually the same change needed to be done in other shader-related functions.

Comment 5

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

Comment on attachment 457867 [details] [diff] [review]
Fix crash in CompileShader and friends

Huh, wonder if I forgot to refresh at some point.. should've re-ran the test suite before checking in, the patch was pretty old.  Thanks!

Comment 6

[Benoit Jacob [:bjacob] (mostly away)]

http://hg.mozilla.org/mozilla-central/rev/467e61c0ca24