Closed
Bug 610435
Opened 14 years ago
Closed 14 years ago
Firefox/4.0b8pre crash in [@ mozilla::WebGLBuffer::FindMaximum<unsigned short>(unsigned int, unsigned int) ]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: marcia, Assigned: bjacob)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.18 KB,
patch
|
vlad
:
review+
|
Details | Diff | Splinter Review |
Seen while reviewing crash data. http://tinyurl.com/2fswz5h is the link to today's crash reports, which are Win 7 only so far.
Frame Module Signature [Expand] Source
0 xul.dll mozilla::WebGLBuffer::FindMaximum<unsigned short> content/canvas/src/WebGLContext.h:676
1 xul.dll mozilla::WebGLContext::DrawElements content/canvas/src/WebGLContextGL.cpp:1117
2 xul.dll nsICanvasRenderingContextWebGL_DrawElements obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:30011
3 mozjs.dll CallCompiler::generateNativeStub js/src/methodjit/MonoIC.cpp:627
4 mozjs.dll js::mjit::ic::NativeCall js/src/methodjit/MonoIC.cpp:851
5 @0x20ef2dd
6 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:739
7 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:764
8 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:781
9 mozjs.dll js::RunScript js/src/jsinterp.cpp:662
10 mozjs.dll js::Invoke js/src/jsinterp.cpp:768
11 mozjs.dll js::ExternalInvoke js/src/jsinterp.cpp:881
12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:4898
13 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2171
14 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:8916
15 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9261
16 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:425
17 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:517
18 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609
19 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
20 xul.dll xul.dll@0xb0a9fb
21 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202
22 xul.dll _SEH_epilog4
23 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176
24 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:181
25 xul.dll xul.dll@0xb0a9fb
26 xul.dll nsAppShell::Run widget/src/windows/nsAppShell.cpp:243
27 GrooveIntlResource.dll GrooveIntlResource.dll@0x4c746d
28 GrooveIntlResource.dll GrooveIntlResource.dll@0x4c2e6b
29 GrooveIntlResource.dll GrooveIntlResource.dll@0x54642d
Assignee | ||
Comment 1•14 years ago
|
||
Great, thanks for the report. The fact that this crash is a read access at address 0, together with this stack, shows that the element array buffer here had mData==0 which is indeed the default value, and we weren't checking for that.
Attached patch fixes it.
I believe that a test-case for this crash would be basically just: create new buffer, bind as element array buffer, do a drawElements without having put any data in this buffer. In other words it's a pretty serious crash :)
Assignee | ||
Updated•14 years ago
|
blocking2.0: --- → ?
Attachment #489015 -
Flags: review?(vladimir) → review+
blocking2.0: ? → betaN+
Flags: in-testsuite?
Assignee | ||
Comment 2•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
Crash Signature: [@ mozilla::WebGLBuffer::FindMaximum<unsigned short>(unsigned int, unsigned int) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•