Status

()

Core
Canvas: WebGL
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: bas, Assigned: vlad)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
Many WebGL sites seem to crash in the latest nightly currently. In a debug build there were inside shader compile code.
(Reporter)

Comment 1

8 years ago
The crash is preceded by the following output in the debug window:

STATUS_STACK_BUFFER_OVERRUN encountered

The following Stack leads to the crash:

>	kernel32.dll!_UnhandledExceptionFilter@4()  + 0x16ae4 bytes	
 	xul.dll!__report_gsfailure()  Line 313	C
 	xul.dll!mozilla::WebGLContext::CompileShader(nsIWebGLShader * sobj=0x6f697469)  Line 3234 + 0xe bytes	C++
 	mozjs.dll!DefinePropertyById(JSContext * cx=0x00000000, JSObject * obj=0x00000000, int id=, const js::Value & value=, int (JSContext *, JSObject *, int, js::Value *)* getter=, int (JSContext *, JSObject *, int, js::Value *)* setter=, unsigned int attrs=0, unsigned int flags=0, int tinyid=)  Line 3262 + 0x24 bytes	C++
 	mozjs.dll!js_GenerateShape(JSContext * cx=, bool gcLocked=)  Line 79 + 0xd bytes	C++
 	mozjs.dll!js::Shape::Shape(JSContext * cx=0x00000000, js::Class * aclasp=0x00697884)  Line 161 + 0x1c bytes	C++
 	mozjs.dll!JSObject::getEmptyShape(JSContext * cx=0x09f9fd20, js::Class * aclasp=0x00697884)  Line 68 + 0xc bytes	C++
 	mozjs.dll!js::InitScopeForObject(JSContext * cx=0x00000320, JSObject * obj=0x0060b800, js::Class * clasp=0x5f45917b, JSObject * proto=0x00000000)  Line 845	C++
 	mozjs.dll!JS_SetReservedSlot(JSContext * cx=, JSObject * obj=, unsigned long index=, unsigned __int64 v=)  Line 3976 + 0x14 bytes	C++
 	xul.dll!nsCOMPtr_base::~nsCOMPtr_base()  Line 82	C++
 	xul.dll!ConstructSlimWrapper(XPCCallContext & ccx={...}, xpcObjectHelper & aHelper={...}, XPCWrappedNativeScope * xpcScope=0x00000000, unsigned __int64 * rval=0x00000000)  Line 3951 + 0x16 bytes	C++
 	xul.dll!XPCConvert::NativeInterface2JSObject(XPCLazyCallContext & lccx=, unsigned __int64 * d=, nsIXPConnectJSObjectHolder * * dest=, xpcObjectHelper & aHelper=, const nsID * iid=, XPCNativeInterface * * Interface=, JSObject * scope=, int allowNativeWrapper=, int isGlobal=, unsigned int * pErr=)  Line 1188 + 0x14 bytes	C++
 	xul.dll!castNativeFromWrapper(JSContext * cx=0x5f5470dd, JSObject * obj=0x00000000, JSObject * callee=0x00000000, unsigned int interfaceBit=2542712, nsISupports * * pRef=0x0def1798, unsigned __int64 * pVal=0xffff0007, XPCLazyCallContext * lccx=0x0026cc44, unsigned int * rv=0x0000ffff)  + 0x33aff2 bytes	C++
 	xul.dll!xpc_qsXPCOMObjectToJsval()  Line 1133 + 0x34 bytes	C++
 	xul.dll!XPCCallContext::`scalar deleting destructor'()  + 0x63 bytes	C++
 	xul.dll!nsXPConnect::GetWrapperForObject(JSContext * aJSContext=0x0cdb82d0, JSObject * aObject=0x040a0120, JSObject * aScope=0x0026cd44, nsIPrincipal * aPrincipal=0x5f49b1f5, unsigned int aFilenameFlags=56693856, unsigned __int64 * _retval=0x09f9fd20)  Line 2384 + 0x16 bytes	C++
Created attachment 482175 [details] [diff] [review]
avoid string API trap

Grr, string APIs!
Assignee: nobody → vladimir
Attachment #482175 - Flags: review?(bas.schouten)
(Reporter)

Updated

8 years ago
Attachment #482175 - Flags: review?(bas.schouten) → review+
http://hg.mozilla.org/mozilla-central/rev/73a03305165d

Filed bug 603243 on removing the pitfall string API.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED

Updated

8 years ago
Duplicate of this bug: 603183

Updated

8 years ago
Blocks: 602396

Updated

8 years ago
Blocks: 603175
You need to log in before you can comment on or make changes to this bug.