612572 - Crash [@GLContext::ListHasExtension] when extensions is null

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[Benoit Jacob [:bjacob] (mostly away)]

Julian Seward reports this crash:


Program received signal SIGSEGV, Segmentation fault.
__strstr_sse42 (s1=0x0, s2=0x2aaaad2cc8e6 "GLX_SGIX_fbconfig") at ../sysdeps/x86_64/multiarch/strstr.c:262
262	../sysdeps/x86_64/multiarch/strstr.c: No such file or directory.
	in ../sysdeps/x86_64/multiarch/strstr.c
(gdb) where
#0  __strstr_sse42 (s1=0x0, s2=0x2aaaad2cc8e6 "GLX_SGIX_fbconfig") at ../sysdeps/x86_64/multiarch/strstr.c:262
#1  0x00002aaaacbbc467 in strstr (extensions=0x0, extension=0x2aaaad2cc8e6 "GLX_SGIX_fbconfig") at /usr/include/string.h:335
#2  mozilla::gl::GLContext::ListHasExtension (extensions=0x0, extension=0x2aaaad2cc8e6 "GLX_SGIX_fbconfig") at /space2/sewardj/MOZ/MC-15-11-2010/gfx/thebes/GLContext.cpp:477
#3  0x00002aaaacbd65b8 in HasExtension (this=0x2aaaadbc03e0) at /space2/sewardj/MOZ/MC-15-11-2010/gfx/thebes/GLContextProviderGLX.cpp:81
#4  mozilla::gl::GLXLibrary::EnsureInitialized (this=0x2aaaadbc03e0) at /space2/sewardj/MOZ/MC-15-11-2010/gfx/thebes/GLContextProviderGLX.cpp:185
#5  0x00002aaaacbd6894 in CreateOffscreenPixmapContext (aSize=<value optimised out>, aFormat=..., aShare=71)
    at /space2/sewardj/MOZ/MC-15-11-2010/gfx/thebes/GLContextProviderGLX.cpp:606
#6  0x00002aaaacbd6e36 in mozilla::gl::GLContextProviderGLX::CreateOffscreen (aSize=..., aFormat=...)
    at /space2/sewardj/MOZ/MC-15-11-2010/gfx/thebes/GLContextProviderGLX.cpp:715
#7  0x00002aaaabb6df11 in mozilla::WebGLContext::SetDimensions (this=0x1bcfcf0, width=300, height=150)
    at /space2/sewardj/MOZ/MC-15-11-2010/content/canvas/src/WebGLContext.cpp:395
#8  0x00002aaaabc0b6e5 in nsHTMLCanvasElement::UpdateContext (this=0x195e390) at /space2/sewardj/MOZ/MC-15-11-2010/content/html/content/src/nsHTMLCanvasElement.cpp:513
#9  0x00002aaaabc0bb70 in nsHTMLCanvasElement::GetContext (this=0x195e390, aContextId=..., aContext=0x7fffffffb910)
    at /space2/sewardj/MOZ/MC-15-11-2010/content/html/content/src/nsHTMLCanvasElement.cpp:446
#10 0x00002aaaac34b47e in nsIDOMHTMLCanvasElement_GetContext (cx=0x153ed40, argc=1, vp=0x2aaabb93f2d8) at dom_quickstubs.cpp:20967
#11 0x00002aaaace8d7fe in CallCompiler::generateNativeStub() () from /space2/sewardj/MOZ/MC-15-11-2010/ff-deb/dist/bin/libxul.so
#12 0x00002aaaace8af91 in js::mjit::ic::NativeCall (f=..., ic=0x2aaaad2cc8e6) at /space2/sewardj/MOZ/MC-15-11-2010/js/src/methodjit/MonoIC.cpp:851
#13 0x00002aaac6ac87e0 in ?? ()

Comment 1

[Benoit Jacob [:bjacob] (mostly away)]

Attachment: fix crash with null extensions string

Comment 2

[Julian Seward [:jseward]]

Comment on attachment 490857 [details] [diff] [review]
fix crash with null extensions string

Works for me (no more segfault), and at least OSMesa-based GL still
works.

Comment 3

[Joe Drew (not getting mail)]

Comment on attachment 490857 [details] [diff] [review]
fix crash with null extensions string

This doesn't block, but let's get it in.

Comment 4

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Sorry about that; this is definitely the result of bug 605992.

I don't think we should need the null-check on extension; only on extensions.

Comment 5

[Benoit Jacob [:bjacob] (mostly away)]

http://hg.mozilla.org/mozilla-central/rev/789f0f85f75a

David, I saw your comment too late, sorry. At least it doesn't hurt to check |extension| too even if that's useless. It's true that to fix this particular crash it was enough to check |extensions|.