Closed
Bug 653419
Opened 13 years ago
Closed 13 years ago
WebGL crash [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
firefox5 | --- | fixed |
People
(Reporter: Virtual, Assigned: bjacob)
References
()
Details
(Keywords: nightly-community)
Crash Data
Attachments
(3 files, 1 obsolete file)
1017 bytes,
patch
|
joe
:
review-
|
Details | Diff | Splinter Review |
1.38 KB,
patch
|
joe
:
review+
asa
:
approval-mozilla-aurora+
dveditz
:
approval2.0-
|
Details | Diff | Splinter Review |
804 bytes,
patch
|
joe
:
review+
asa
:
approval-mozilla-aurora+
dveditz
:
approval2.0-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110427 Firefox/6.0a1 Build Identifier: Crashlogs: https://crash-stats.mozilla.com/report/index/551ae92e-7c08-4a77-ad99-c3bc62110428 https://crash-stats.mozilla.com/report/index/d53c4e0b-232f-4202-bbb2-971e52110428 https://crash-stats.mozilla.com/report/index/ceabb40e-799a-4271-9aa9-110d52110428 https://crash-stats.mozilla.com/report/index/fc63c5ef-f2aa-466a-b4c1-cf5c82110428 Graphic info Adapter Description - NVIDIA GeForce 8600 GT Vendor ID - 10de Device ID - 0402 Adapter RAM - 256 Adapter Drivers - nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um Driver Version - 8.17.12.7061 Driver Date - 4-7-2011 Direct2D Enabled - true DirectWrite Enabled - true (6.1.7601.17563) WebGL Renderer - NVIDIA Corporation -- GeForce 8600 GT/PCI/SSE2 -- 3.3.0 GPU Accelerated Windows - 1/1 Direct3D 10 Reproducible: Always
Assignee | ||
Comment 1•13 years ago
|
||
Attachment #528837 -
Flags: review?(joe)
Assignee | ||
Comment 2•13 years ago
|
||
Attachment #528838 -
Flags: review?(joe)
Assignee | ||
Comment 3•13 years ago
|
||
Attachment #528838 -
Attachment is obsolete: true
Attachment #528838 -
Flags: review?(joe)
Attachment #528846 -
Flags: review?(joe)
Assignee | ||
Comment 4•13 years ago
|
||
Attachment #528847 -
Flags: review?(joe)
Assignee | ||
Comment 5•13 years ago
|
||
OK, I don't fully understand this bug, here's what I know. There are at least 2 bugs here. 1) The first bug is the crash. It is a read at address 0 at this line of code: void* native_surface = gl->GetNativeData(gl::GLContext::NativeImageSurface); Since GetNativeData is a virtual method, that crash almost certainly means that the gl pointer is null. The 'handle null gl pointer' patch is a bruteforce fix for it, the 'check for null gl ptr in SetDimensions NOP path' patch is an attempt at a smart fix (see below). 2) The second bug is that the AppNotes entries for WebGL are unreliable because of a bug, which is fixed by the 'correctly mark WebGL context creation as successful' patch. So in any case I would like this patch to go it, it will at least allow us to get accurate crash reports. Here's what I don't know: The AppNotes say: AdapterVendorID: 10de, AdapterDeviceID: 0402, AdapterDriverVersion: 8.17.12.7061 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL- WGL? GL Context? GL Context+ WGL+ WebGL+ WebGL- There are 2 ways to interprete that. 1) one way is to say that the last WebGL- is produced by the above-discussed bug i.e. there never was a WebGL context creation failure, there just was a SetDimensions call that returned early here: if (mWidth == width && mHeight == height) return NS_OK; The bug (null gl pointer) could the be explained in the scenario of a race condition between destroying and resizing a WebGL context. 2) another way is to take the WebGL- seriously, despite the above-discussed bug which can produce bogus WebGL-. One thing that pleads for this is the EGL-. Something is really wrong on this machine: despite using a recent NVIDIA driver, it failed to create a ANGLE EGL context. So it tried WGL as fallback. That worked once and, under this hypothesis, failed the second time. It is still not clear how we ended up calling GetCanvasLayer on a failed WebGL context object.
Assignee | ||
Comment 6•13 years ago
|
||
Ah! Didn't see that this is a 64bit build. That explains why EGL fails. I suggest taking the 2nd and 3rd patch; perhaps we can pass on the 1st patch for now.
Assignee | ||
Comment 7•13 years ago
|
||
@ Virtual_ManPL: 64bit builds on Windows are not supported yet.
Assignee | ||
Updated•13 years ago
|
Summary: WebGL crash [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ] → WebGL Win64 crash [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ]
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Comment 8•13 years ago
|
||
(In reply to comment #7) > @ Virtual_ManPL: 64bit builds on Windows are not supported yet. I know that "officially" 64bit builds of Firefox for Windows aren't supported yet, but someone need to test them and report bugs, so you guys will have less job to do in the future and we will have fewer bugs :)
Comment 9•13 years ago
|
||
Confirm this bug. Tested in Firefox 4 in default profile. My reports: https://crash-stats.mozilla.com/report/index/bp-05197bea-07b7-4e1e-a05e-eb0152110428 https://crash-stats.mozilla.com/report/index/1a3aac84-4f87-4c72-9a2f-ec2442110428 Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0 ID:20110318052756 Graphics: Descrierea adaptorului NVIDIA GeForce 8600 GT ID furnizor 10de ID dispozitiv 0402 RAM pentru adaptor 512 Drivere pentru adaptor nvd3dum nvwgf2um,nvwgf2um Versiune driver 8.17.12.6724 Dată driver 2-23-2011 Direct2D activat true DirectWrite activa ttrue (6.1.7601.17563, font cache n/a) Motor de afișare WebGL Google Inc. -- ANGLE -- OpenGL ES 2.0 (ANGLE 0.0.0.541) Accelerare GPU Windows 1/1 Direct3D 10 My addons: Abduction! 3.0.10 About startup 0.1.5 about:me 0.5 about:response 0.1 Add-on Collector 2.0.1 Add-on Compatibility Reporter 0.8.3 AddonFox 1.1.7 Adobe Acrobat 10.0.1.434 Adobe Contribute Toolbar 6.0 [DISABLED] Blog Comment Autofill British English Dictionary 1.19.1 Bugzilla Tweaks 1.10 ChatZilla 0.9.86.1 Converter 1.0.9 Crash Report Helper 1.2 [DISABLED] Default 4.0 [DISABLED] Dicționar românesc de corectare ortografică. 1.11 Download Statusbar 0.9.8 DownloadHelper 4.8.6 DownThemAll! 2.0.2 F1 by Mozilla Labs 0.8.3 FFixer 2.3.1 FileList V3 fireblur 1260925626 Firefox 4 Menu Button with icon+(Tabs in Titlebar) Firefox B 1260925626 [DISABLED] Flagfox 4.1.2 FlashGames Maximizer 3.1.3.86 [DISABLED] FlashGot 1.2.9.3 FoxTab 1.4.2 German Dictionary 2.0.2 Google Earth Plugin 1.0.0.1 Google Shortcuts 2.1.6 Google Talk Plugin 1.9.2.0 Google Talk Plugin Video Accelerator 0.1.43.5 Google Update 1.3.21.53 Greasefire 1.0.4 [DISABLED] Greasemonkey 0.9.2 Hard blockers counter 1.0.1 [DISABLED] IE Tab 2 (FF 3.6+) 2.12.21.1 IE Tab Plug-in 2.2.0.1 ImTranslator 4.01 Java Deployment Toolkit 6.0.240.7 6.0.240.7 Java(TM) Platform SE 6 U24 6.0.240.7 Massive Extender 1.0b5 Microsoft Office 2010 14.0.4730.1010 Microsoft Office 2010 14.0.4761.1000 Minefield - Better Add-on Bar/Status Bar [DISABLED] Movie Torrent Search Linker (for IMDB, Rotten Tomatoes and Yahoo Movies) 0.3.7.9 Mozilla Labs: Prospector - Home Dash 10 [DISABLED] Mozilla QA Companion 1.2.3 MozMill Crowd 0.1.2 Nightly and Aurora 1303328422 [DISABLED] Nightly Tester Tools 3.1.6 NoScript 2.1.0.2 NVIDIA 3D Vision 7.17.12.6099 NVIDIA 3D VISION 7.17.12.6099 Personas 1.6.2 Picasa 3.0.0.0 Power Twitter 1.60 Prism for Firefox 1.0b4 [DISABLED] Puppy Dogs... 1291695684 [DISABLED] QuickTime Plug-in 7.6.9 7.6.9.0 Read It Later 2.1.1 RealJukebox NS Plugin 12.0.1.647 RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) 12.0.1.647 RealPlayer Version Plugin 12.0.1.647 RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 12.0.1.647 RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) 12.0.1.647 ReminderFox 1.9.9.3.1 Sage 1.4.10 Shockwave Flash 10.2.159.1 Shockwave for Director 11.5.9.620 Show Just Image 2 2.5.3 Silverlight Plug-In 5.0.60401.0 startup.service 0.2 Status-4-Evar 2011.04.06.18 StumbleUpon 3.81 Stylish 1.1.2 Test Pilot 1.1 TortoiseSVN Menu 0.2.5 Ubiquity 0.6 [DISABLED] URL Fixer 2.0.3 Userscripts Updater Windows Live Photo Gallery 15.4.3508.1109 WiseStamp 2.2.1 Yahoo Application State Plugin 1.0.0.7 Yoono 7.6.5 YouTube Enhancer 2010-12-18
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•13 years ago
|
Keywords: crash,
crashreportid
Hardware: x86_64 → All
Assignee | ||
Comment 10•13 years ago
|
||
Raul: this seems like a separate bug, it would be a good idea to file it separately. Indeed your Firefox survives the line that's crashy in the original report here. That means that gl!=null in your case. The line that's crashy for you is HRESULT hr = mTexture->Map(0, D3D10_MAP_WRITE_DISCARD, 0, &map); in CanvasLayerD3D10::Updated(). Could well be that the mTexture pointer was null.
Comment 11•13 years ago
|
||
Also confirmed in Nightly. Mozilla/5.0 (Windows NT 6.1; rv:6.0a1) Gecko/20110428 Firefox/6.0a1 ID:20110428030557 Crash reports: https://crash-stats.mozilla.com/report/index/8257dd4e-5e84-4b40-8707-5053d2110428 https://crash-stats.mozilla.com/report/index/aaf756f6-7d42-48b8-8f48-8697e2110428
Comment 12•13 years ago
|
||
(In reply to comment #10) > Raul: this seems like a separate bug, it would be a good idea to file it > separately. Indeed your Firefox survives the line that's crashy in the original > report here. That means that gl!=null in your case. The line that's crashy for > you is > HRESULT hr = mTexture->Map(0, D3D10_MAP_WRITE_DISCARD, 0, &map); > in CanvasLayerD3D10::Updated(). Could well be that the mTexture pointer was > null. Oh! Not same bug? Sorry.
Comment 13•13 years ago
|
||
And also, crash report for my Nighlty is different bug?
Comment 14•13 years ago
|
||
I was the one that had problems originally on this and reported on MozillaZine. Here are my crash reports. Had earlier updated it to Catalyst 11.4 drivers. https://crash-stats.mozilla.com/report/index/bp-41306687-9555-4e25-acfc-d77b72110427 https://crash-stats.mozilla.com/report/index/bp-6bcabeaf-8ada-48f7-9309-c1e222110428
Comment 15•13 years ago
|
||
Sorry, here are the links. https://crash-stats.mozilla.com/report/index/41306687-9555-4e25-acfc-d77b72110427 https://crash-stats.mozilla.com/report/index/6bcabeaf-8ada-48f7-9309-c1e222110428 Apparently, it started crashing in Firefox 4 also. https://crash-stats.mozilla.com/report/index/3b612e41-4184-4951-bc8f-667a12110428 https://crash-stats.mozilla.com/report/index/490967be-0069-4729-bfbb-d6c0b2110428
Updated•13 years ago
|
tracking-firefox5:
--- → ?
Comment 16•13 years ago
|
||
Definitely want to fix this, but Firefox 5 isn't supported on win64, so this doesn't need tracking-firefox5
Comment 17•13 years ago
|
||
Comment on attachment 528837 [details] [diff] [review] handle null gl pointer Review of attachment 528837 [details] [diff] [review]: I'm not really in favour of adding null checks at seemingly arbitrary points in the code, and, as Benoit says in comment 6, we probably don't need this patch.
Attachment #528837 -
Flags: review?(joe) → review-
Updated•13 years ago
|
Attachment #528846 -
Flags: review?(joe) → review+
Updated•13 years ago
|
Attachment #528847 -
Flags: review?(joe) → review+
Assignee | ||
Comment 18•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/b23704f29948 http://hg.mozilla.org/mozilla-central/rev/844ada724179
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•13 years ago
|
Attachment #528846 -
Flags: approval2.0?
Attachment #528846 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 19•13 years ago
|
||
Comment on attachment 528847 [details] [diff] [review] check for null gl ptr in SetDimensions NOP path These two patches are low-risk; one fixes a serious crasher (not just on Win64), the other one improves the quality of crash reports. Recommending for both Firefox 4 and Aurora/5.
Attachment #528847 -
Flags: approval2.0?
Attachment #528847 -
Flags: approval-mozilla-aurora?
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Comment 20•13 years ago
|
||
Verified on Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110507 Firefox/6.0a1 But now I get other crash. bug #655589
Blocks: 655589
Status: RESOLVED → VERIFIED
Summary: WebGL Win64 crash [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ] → WebGL crash [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ]
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•13 years ago
|
Version: unspecified → 2.0 Branch
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•13 years ago
|
tracking-firefox5:
- → ---
Keywords: crash,
crashreportid
Assignee | ||
Comment 21•13 years ago
|
||
Replying on bug 655589: it seems that you're still not using a build of Firefox that has these fixes.
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•13 years ago
|
No longer blocks: 655589
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Comment 22•13 years ago
|
||
Odd, it still happens in Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110510 Firefox/6.0a1 https://crash-stats.mozilla.com/report/index/bp-e2f2976c-4de2-4960-a3d5-54a9d2110510
Assignee | ||
Comment 23•13 years ago
|
||
Can you please go to about:buildconfig and paste the "built from" link?
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Comment 24•13 years ago
|
||
Sure. http://hg.mozilla.org/mozilla-central/rev/e0f6db50231f
Assignee | ||
Comment 25•13 years ago
|
||
Looks like a separate bug, though it could have caused the first bug that we fixed here. You're crashing at: if ((value = GetParsedAttr(nsGkAtoms::height)) && value->Type() == nsAttrValue::eInteger) { size.height = value->GetIntegerValue(); // <-- crash, deref null } If that crash were caused by value being null, then you should have crashed above, at value->Type() already. Indeed, neither of the methods here is virtual. So I rather think that GetIntegerValue() was inlined here (you're running an optimized build) and you're crashing inside of it: inline PRInt32 nsAttrValue::GetIntegerValue() const { NS_PRECONDITION(Type() == eInteger, "wrong type"); return (BaseType() == eIntegerBase) ? GetIntInternal() : GetMiscContainer()->mInteger; } The crash could well be explained if for example GetMiscContainer() were returning null. In any case please file this as a separate bug, against Canvas:2D, and please CC me.
Assignee | ||
Comment 26•13 years ago
|
||
Well, you can file as Canvas:WebGL if you want. I dont know what component is appropriate for generic HTMLCanvasElement code.
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•13 years ago
|
Blocks: 656215
Updated•13 years ago
|
Attachment #528846 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•13 years ago
|
Attachment #528847 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 27•13 years ago
|
||
Please land for Aurora by Monday May 16 or the approval will potentially be lost. Please mark as status-firefox5 fixed when you do.
Updated•13 years ago
|
Assignee: nobody → bjacob
Comment 28•13 years ago
|
||
Transplanted to mozilla-aurora: http://hg.mozilla.org/releases/mozilla-aurora/rev/dc3f31ef14f9 http://hg.mozilla.org/releases/mozilla-aurora/rev/7f1a1f89a06a
status-firefox5:
--- → fixed
Updated•13 years ago
|
Attachment #528846 -
Flags: approval2.0? → approval2.0-
Comment 29•13 years ago
|
||
Comment on attachment 528847 [details] [diff] [review] check for null gl ptr in SetDimensions NOP path Since we don't plan another 2.0-based release I assume you don't still want these approvals
Attachment #528847 -
Flags: approval2.0? → approval2.0-
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•8 years ago
|
Blocks: 655589
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•7 years ago
|
Keywords: nightly-community
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•7 years ago
|
QA Contact: Virtual
Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)
Reporter
|
||
Updated•5 years ago
|
Crash Signature: [@ mozilla::WebGLContext::GetCanvasLayer(nsDisplayListBuilder*, mozilla::layers::CanvasLayer*, mozilla::layers::LayerManager*) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•