Closed Bug 626835 Opened 13 years ago Closed 13 years ago

[ANGLE] WebGLES shader crash [@IncLineNumber]

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox5 --- unaffected
firefox6 --- unaffected
blocking2.0 --- final+
status1.9.2 --- unaffected
status1.9.1 --- unaffected

People

(Reporter: posidron, Assigned: bjacob)

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:critical?][hardblocker][fx4-fixed-bugday] )

Crash Data

Attachments

(2 files)

testcase
5.67 KB, application/zip
Details
callstack
11.06 KB, text/plain
Details
Attached file testcase 
I haven't analyzed this bug yet but rax looks interesting and we have a write to rbp instruction in the second place. That's why I have marked it as a security issue.

OpenGL LayerManager Initialized Succesfully.
Version: 2.1 NVIDIA-1.6.26
Vendor: NVIDIA Corporation
Renderer: NVIDIA GeForce GT 330M OpenGL Engine
FBO Texture Target: TEXTURE_2D

Build identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10pre) Gecko/20110115 Firefox/4.0b10pre
Attached file callstack 

    
  
Summary: [ANGLE] WebGLES shader crash [@IncLineNumber()] → [ANGLE] WebGLES shader crash [@IncLineNumber]

    
    

    
  
I think I've got a fix for this one.

    
    

    
  
This should be fixed in ANGLE r540.

    
    

    
  
Are we likely to get an updated ANGLE library for Firefox 4 ship?
blocking2.0: --- → ?

          status1.9.1:
          --- → unaffected

          status1.9.2:
          --- → unaffected
Whiteboard: [sg:critical?]

    
    

    
  
Yes, absolutely.  Bug 629538 tracks it, benoit's working on it.
Assignee: nobody → bjacob
blocking2.0: ? → final+
Keywords: regression
Whiteboard: [sg:critical?] → [sg:critical?][hardblocker]

    
    

    
  
Updated to ANGLE r550. Reopen if you can still reproduce the issue.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
    

    
  
Verified fixed in beta 11 with Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
rv:2.0b11) Gecko/20100101 Firefox/4.0b11 using testcase. Crash reproduces in
beta 10.
Status: RESOLVED → VERIFIED
Whiteboard: [sg:critical?][hardblocker] → [sg:critical?][hardblocker][fx4-fixed-bugday]
Crash Signature: [@IncLineNumber]
Group: core-security

          status-firefox5:
          --- → unaffected

          status-firefox6:
          --- → unaffected

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: