Closed Bug 603235 Opened 14 years ago Closed 14 years ago

Many WebGL sites crash

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bas.schouten, Assigned: vlad)

References

(
URL
)

Details

Attachments

(1 file)

avoid string API trap
1.08 KB, patch
bas.schouten
: review+
Details | Diff | Splinter Review 
Many WebGL sites seem to crash in the latest nightly currently. In a debug build there were inside shader compile code.
The crash is preceded by the following output in the debug window:

STATUS_STACK_BUFFER_OVERRUN encountered

The following Stack leads to the crash:

>	kernel32.dll!_UnhandledExceptionFilter@4()  + 0x16ae4 bytes	
 	xul.dll!__report_gsfailure()  Line 313	C
 	xul.dll!mozilla::WebGLContext::CompileShader(nsIWebGLShader * sobj=0x6f697469)  Line 3234 + 0xe bytes	C++
 	mozjs.dll!DefinePropertyById(JSContext * cx=0x00000000, JSObject * obj=0x00000000, int id=, const js::Value & value=, int (JSContext *, JSObject *, int, js::Value *)* getter=, int (JSContext *, JSObject *, int, js::Value *)* setter=, unsigned int attrs=0, unsigned int flags=0, int tinyid=)  Line 3262 + 0x24 bytes	C++
 	mozjs.dll!js_GenerateShape(JSContext * cx=, bool gcLocked=)  Line 79 + 0xd bytes	C++
 	mozjs.dll!js::Shape::Shape(JSContext * cx=0x00000000, js::Class * aclasp=0x00697884)  Line 161 + 0x1c bytes	C++
 	mozjs.dll!JSObject::getEmptyShape(JSContext * cx=0x09f9fd20, js::Class * aclasp=0x00697884)  Line 68 + 0xc bytes	C++
 	mozjs.dll!js::InitScopeForObject(JSContext * cx=0x00000320, JSObject * obj=0x0060b800, js::Class * clasp=0x5f45917b, JSObject * proto=0x00000000)  Line 845	C++
 	mozjs.dll!JS_SetReservedSlot(JSContext * cx=, JSObject * obj=, unsigned long index=, unsigned __int64 v=)  Line 3976 + 0x14 bytes	C++
 	xul.dll!nsCOMPtr_base::~nsCOMPtr_base()  Line 82	C++
 	xul.dll!ConstructSlimWrapper(XPCCallContext & ccx={...}, xpcObjectHelper & aHelper={...}, XPCWrappedNativeScope * xpcScope=0x00000000, unsigned __int64 * rval=0x00000000)  Line 3951 + 0x16 bytes	C++
 	xul.dll!XPCConvert::NativeInterface2JSObject(XPCLazyCallContext & lccx=, unsigned __int64 * d=, nsIXPConnectJSObjectHolder * * dest=, xpcObjectHelper & aHelper=, const nsID * iid=, XPCNativeInterface * * Interface=, JSObject * scope=, int allowNativeWrapper=, int isGlobal=, unsigned int * pErr=)  Line 1188 + 0x14 bytes	C++
 	xul.dll!castNativeFromWrapper(JSContext * cx=0x5f5470dd, JSObject * obj=0x00000000, JSObject * callee=0x00000000, unsigned int interfaceBit=2542712, nsISupports * * pRef=0x0def1798, unsigned __int64 * pVal=0xffff0007, XPCLazyCallContext * lccx=0x0026cc44, unsigned int * rv=0x0000ffff)  + 0x33aff2 bytes	C++
 	xul.dll!xpc_qsXPCOMObjectToJsval()  Line 1133 + 0x34 bytes	C++
 	xul.dll!XPCCallContext::`scalar deleting destructor'()  + 0x63 bytes	C++
 	xul.dll!nsXPConnect::GetWrapperForObject(JSContext * aJSContext=0x0cdb82d0, JSObject * aObject=0x040a0120, JSObject * aScope=0x0026cd44, nsIPrincipal * aPrincipal=0x5f49b1f5, unsigned int aFilenameFlags=56693856, unsigned __int64 * _retval=0x09f9fd20)  Line 2384 + 0x16 bytes	C++
Grr, string APIs!
Assignee: nobody → vladimir
Attachment #482175 - Flags: review?(bas.schouten)
Attachment #482175 - Flags: review?(bas.schouten) → review+
http://hg.mozilla.org/mozilla-central/rev/73a03305165d

Filed bug 603243 on removing the pitfall string API.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Blocks: 602396
Blocks: 603175
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: