Closed
Bug 639322
Opened 15 years ago
Closed 13 years ago
WebGL SL crash / Assertion failure: lock != NULL
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox-esr10 | --- | unaffected |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: posidron, Assigned: bjacob)
References
Details
(Keywords: crash, sec-other, testcase, Whiteboard: [sg:nse?])
Attachments
(3 files)
I was trying to report this to the ANGLE project but they have no option to mark a bug as a security issue.
It looks like a out-of-bounds read error. Trying to increase the array index leads to different kind of results.
We also get the message:
(0) : fatal error C9999: marking a sampler that is not a scalar
Cg compiler terminated due to fatal error
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Comment 2•15 years ago
|
||
|
|
Reporter | |
Updated•15 years ago
|
Summary: WebGL SL crash → WebGL SL crash / Assertion failure: lock != NULL
|
||
Comment 3•15 years ago
|
||
These appear to be crashing in the OpenGL driver? Can you paste your graphics info from about:support in here? Maybe we need to block that driver?
|
|
||
Comment 4•15 years ago
|
||
This must be a crash _inside_ ANGLE; we shouldn't be using the OpenGL driver at all.
Benoit, can you look into this?
Assignee: nobody → bjacob
|
Assignee | |
Comment 5•15 years ago
|
||
Regarding the lock!=null assertion, could this be the same as ANGLE bug 120, for which I already wrote a patch? Also see bug 627965.
Regarding the "C9999" bug, I filed this as Bug 636926, it looks like a Mac OpenGL bug, I don't know what to do about it (I will file a bunch of Apple bugs tomorrow).
|
|
||
Comment 6•15 years ago
|
||
So kind of the dupes of the other bugs, which are not marked as security problems?
|
||
Comment 7•14 years ago
|
||
maybe this should get retested with mozilla-central, as an angle update has landed there.
Bug 663162 - Update ANGLE to r686
mark as dependence if it seems to be fixed on central now.
|
|
Reporter | |
Comment 8•14 years ago
|
||
mozilla-central: fixed
|
|
Assignee | |
Comment 9•13 years ago
|
||
Closing this bug based on comment 8.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Updated•13 years ago
|
status-b2g18:
--- → unaffected
status-firefox-esr10:
--- → unaffected
status-firefox-esr17:
--- → unaffected
|
|
||
Updated•11 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•