Closed
Bug 629149
Opened 15 years ago
Closed 15 years ago
Crash in [ @ mozilla::WebGLTexture::NeedFakeBlack() ]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Core
Graphics: CanvasWebGL
Tracking
()
RESOLVED
FIXED
mozilla2.0b11
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: bjacob, Assigned: vlad)
Details
Attachments
(2 files)
|
1.39 KB,
patch
|
vlad
:
review-
|
Details | Diff | Splinter Review |
|
1.54 KB,
patch
|
bjacob
:
review+
|
Details | Diff | Splinter Review |
http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=mozilla%3A%3AWebGLTexture%3A%3ANeedFakeBlack%28%29&version=Firefox%3A4.0b10
Crash address near zero (typically 0x58) suggests that we have a null WebGLTexture here.
|
Reporter | |
Comment 1•15 years ago
|
||
Attachment #507242 -
Flags: review?(vladimir)
|
|
Reporter | |
Comment 2•15 years ago
|
||
My understanding of the stack traces is that WebGLContext::NeedFakeBlack() has been inlined, and the crash happens when it calls WebGLTexture::NeedFakeBlack().
What puzzles me is that the near-zero addresses were suggesting a null WebGLTexture object, but the code was checking for that already:
if (mBound2DTextures[i] && mBound2DTextures[i]->NeedFakeBlack())
so my second best chance is to check for Deleted...
|
|
Reporter | |
Comment 3•15 years ago
|
||
I admit to be completely in the fuzzy on this one.
The fact is that we are crashing when doing
if (mBound2DTextures[i] &&
mBound2DTextures[i]->NeedFakeBlack())
Is there some nsRefPtr subtlety that I'm missing here, that's causing NeedFakeBlack() to be called even though the pointer is null?
I don't like my own patch because I don't understand why suddenly here we'd have to check for Deleted.
|
|
Reporter | |
Comment 4•15 years ago
|
||
Ah OK... if I understand well, when a WebGLTexture falls out of scope in the JS program, it enters this 'Deleted' state and really we should check for Deleted everytime we access objects in our C++ code? If so, then a much bigger patch is needed.
|
Assignee | |
Comment 5•15 years ago
|
||
Comment on attachment 507242 [details] [diff] [review]
check if deleted
hm, no, this isn't right; something weird is going on with those crashes
Attachment #507242 -
Flags: review?(vladimir) → review-
|
|
Assignee | |
Comment 6•15 years ago
|
||
I don't know if this is the fix, but the loops should be over mGLMaxTextureUnits. However, mGLMaxTextureImageUnits *should* always be <= mGLMaxTextureUnits, so I don't think we could have read over the end of the array or something here.
Attachment #507664 -
Flags: review?(bjacob)
|
|
Reporter | |
Comment 7•15 years ago
|
||
Comment on attachment 507664 [details] [diff] [review]
fix TextureImageUnits -> TextureUnits
Yup, checked the code, that is the size of these arrays created in InitAndValidateGL(), and this value is indeed MAX_COMBINED_TEXTURE_IMAGE_UNITS:
gl->fGetIntegerv(LOCAL_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS, (GLint*) &mGLMaxTextureUnits);
mBound2DTextures.SetLength(mGLMaxTextureUnits);
mBoundCubeMapTextures.SetLength(mGLMaxTextureUnits);
so r+.
Attachment #507664 -
Flags: review?(bjacob) → review+
|
|
Assignee | |
Comment 8•15 years ago
|
||
marking this blocking final, to make sure we get this in.
blocking2.0: --- → final+
|
|
Assignee | |
Comment 9•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/5eb64cb4592d
Optimistically calling this fixed..
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•15 years ago
|
Assignee: nobody → vladimir
Target Milestone: --- → mozilla2.0b11
Version: unspecified → Trunk
You need to log in
before you can comment on or make changes to this bug.
Description
•