Closed
Bug 688513
Opened 13 years ago
Closed 13 years ago
Mobile crash while compiling shaders
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jdm, Unassigned)
Details
(Keywords: crash, topcrash, Whiteboard: [native-crash], [QA+])
Crash Data
This bug was filed from the Socorro interface and is report bp-82351257-03fa-4077-bb8a-7748e2110918 . ============================================================= This is a new crash this week on Fennec 9.0. All stacks seem to involve compiling shaders and crash at 0xdeadbaad. 0 libc.so abort 1 libc.so dlfree 2 libc.so free 3 libstdc++.so _ZdaPvRKSt9nothrow_t 4 libxul.so TOutputESSL::writeVariablePrecision _new.h:135 5 libxul.so TOutputGLSLBase::writeVariableType gfx/angle/src/compiler/OutputGLSLBase.cpp:123 6 libxul.so TOutputGLSLBase::visitAggregate gfx/angle/src/compiler/OutputGLSLBase.cpp:539 7 libxul.so TIntermAggregate::traverse gfx/angle/src/compiler/IntermTraverse.cpp:135 8 libxul.so TOutputGLSLBase::visitAggregate gfx/angle/src/compiler/OutputGLSLBase.cpp:454 9 libxul.so TIntermAggregate::traverse gfx/angle/src/compiler/IntermTraverse.cpp:135 10 libxul.so TranslatorESSL::translate gfx/angle/src/compiler/OutputGLSLBase.h:17 11 libxul.so TCompiler::compile gfx/angle/src/compiler/Compiler.cpp:181 12 libxul.so ShCompile gfx/angle/src/compiler/ShaderLang.cpp:169 13 libxul.so mozilla::WebGLContext::CompileShader content/canvas/src/WebGLContextGL.cpp:4015 14 libxul.so nsIDOMWebGLRenderingContext_CompileShader obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:29817 15 libxul.so js::Interpret js/src/jscntxtinlines.h:305 16 libxul.so js::RunScript js/src/jsinterp.cpp:614 17 libxul.so js::Invoke js/src/vm/Stack.h:1002 18 libxul.so JS_CallFunctionValue js/src/jscntxt.h:1302 19 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1928 20 libxul.so nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:213 21 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:727 22 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:777 23 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:160 24 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:346 25 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:674 26 libxul.so DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:1068 27 libxul.so nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:6162 28 libxul.so nsDocShell::OnStateChange nsCOMPtr.h:482 29 libxul.so nsDocLoader::DoFireOnStateChange uriloader/base/nsDocLoader.cpp:1367 30 libxul.so nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:962 31 libxul.so nsDocLoader::DocLoaderIsEmpty nsAutoPtr.h:1036 32 libxul.so nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:740 33 libxul.so nsLoadGroup::RemoveRequest netwerk/base/src/nsLoadGroup.cpp:734 34 libxul.so nsDocument::DoUnblockOnload nsCOMPtr.h:482 35 libxul.so nsDocument::UnblockOnload content/base/src/nsDocument.cpp:7181 36 libxul.so nsDocument::DispatchContentLoadedEvents nsCOMPtr.h:482 37 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:347 38 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 39 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 40 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 41 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 42 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:209 43 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:487 44 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:191 45 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:677 46 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 47 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:209 48 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:487 49 libxul.so XRE_InitChildProcess nsAutoPtr.h:155 50 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:778 51 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 More crashes at https://crash-stats.mozilla.com/report/list?range_value=7&range_unit=days&date=2011-09-22%2005%3A00%3A00&signature=abort&version=Fennec%3A9.0a1
|
Reporter | |
Updated•13 years ago
|
OS: Mac OS X → Android
Hardware: x86 → ARM
|
||
Comment 1•13 years ago
|
||
$ echo _ZdaPvRKSt9nothrow_t | c++filt operator delete[](void*, std::nothrow_t const&) http://hg.mozilla.org/mozilla-central/annotate/f2a2adaaacba/gfx/angle/src/compiler/OutputGLSLBase.cpp#l123 is: if (writeVariablePrecision(type.getPrecision())) writeVariablePrecision is a virtual function and on Mobile we call bool TOutputESSL::writeVariablePrecision(TPrecision precision) { if (precision == EbpUndefined) return false; TInfoSinkBase& out = objSink(); out << getPrecisionString(precision); return true; } the crash suggests that we are making an invalid free here. Hard to debug. Can anyone reproduce?
duplicate of bug 684863? I repro'ed in https://bugzilla.mozilla.org/show_bug.cgi?id=684863#c2
|
||
Updated•13 years ago
|
Crash Signature: [@ abort] → [@ abort]
[@ TOutputESSL::writeVariablePrecision ]
|
||
Comment 3•13 years ago
|
||
There have been no crashes in Fennec for the last four weeks. I close it as WFM.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•