740313 - Uninitialised value use in mozilla::gl::GLContext::ApplyFilterToBoundTexture

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[Julian Seward [:jseward]]

m-c, Android on Xoom.  Start up and wait for a while (couple of mins).
I think this happens some time during the drawing of the thumbnails of
recently visited pages -- not sure though.

From a brief peer at the sources, kinda looks like
TiledTextureImage::mFilter is being used uninitialised.

Conditional jump or move depends on uninitialised value(s)
   at 0x2CA3ECE2: mozilla::gl::GLContext::ApplyFilterToBoundTexture(gfxPattern::GraphicsFilter) (GLContext.cpp:695)
   by 0x2CA3ED4B: mozilla::gl::TiledTextureImage::ApplyFilter() (GLContext.cpp:1123)
   by 0x2CA3663D: mozilla::layers::ThebesLayerBufferOGL::RenderTo(nsIntPoint const&, mozilla::layers::LayerManagerOGL*, unsigned int) (ThebesLayerOGL.cpp:302)
   by 0x2CA3831B: mozilla::layers::ShadowThebesLayerOGL::RenderLayer(int, nsIntPoint const&) (ThebesLayerOGL.cpp:1341)
   by 0x2CA2D799: mozilla::layers::ShadowContainerLayerOGL::RenderLayer(int, nsIntPoint const&) (ContainerLayerOGL.cpp:252)
   by 0x2CA35205: mozilla::layers::LayerManagerOGL::Render() (LayerManagerOGL.cpp:810)
   by 0x2CA355C5: mozilla::layers::LayerManagerOGL::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (LayerManagerOGL.cpp:454)
   by 0x2CA30CD9: mozilla::layers::LayerManagerOGL::EndEmptyTransaction() (LayerManagerOGL.cpp:427)
   by 0x2CA3B9BB: mozilla::layers::CompositorParent::Composite() (CompositorParent.cpp:200)
   by 0x2CA3AFCF: RunnableMethod<mozilla::layers::CompositorParent, void (mozilla::layers::CompositorParent::*)(), Tuple0>::Run() (tuple.h:383)
   by 0x2C9C9CCD: MessageLoop::RunTask(Task*) (message_loop.cc:318)
   by 0x2C9CA85F: MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) (message_loop.cc:326)

 Uninitialised value was created by a heap allocation
   at 0x4805318: malloc (vg_replace_malloc.c:263)
   by 0x2D1FF66B: moz_xmalloc (mozalloc.cpp:103)
   by 0x2CA453BF: mozilla::gl::GLContextEGL::CreateTextureImage(nsIntSize const&, gfxASurface::gfxContentType, unsigned int, bool) (mozalloc.h:229)
   by 0x2CA35C1F: mozilla::layers::CreateClampOrRepeatTextureImage(mozilla::gl::GLContext*, nsIntSize const&, gfxASurface::gfxContentType, unsigned int) (ThebesLayerOGL.cpp:81)
   by 0x2CA3748D: mozilla::layers::ShadowBufferOGL::EnsureTexture(nsIntSize, gfxASurface::gfxContentType) (ThebesLayerOGL.cpp:932)
   by 0x2CA374DD: mozilla::layers::ShadowBufferOGL::DirectUpdate(gfxASurface*, nsIntRegion&) (ThebesLayerOGL.cpp:940)
   by 0x2CA37611: mozilla::layers::ShadowBufferOGL::Upload(gfxASurface*, nsIntRegion const&, nsIntRect const&, nsIntPoint const&, bool, nsIntRegion&) (ThebesLayerOGL.cpp:976)
   by 0x2CA37905: mozilla::layers::ShadowThebesLayerOGL::Swap(mozilla::layers::ThebesBuffer const&, nsIntRegion const&, mozilla::layers::OptionalThebesBuffer*, nsIntRegion*, mozilla::layers::OptionalThebesBuffer*, nsIntRegion*) (ThebesLayerOGL.cpp:1230)
   by 0x2CA3DCDD: mozilla::layers::ShadowLayersParent::RecvUpdate(InfallibleTArray<mozilla::layers::Edit> const&, bool const&, InfallibleTArray<mozilla::layers::EditReply>*) (ShadowLayersParent.cpp:334)
   by 0x2C916EDF: mozilla::layers::PLayersParent::OnMessageReceived(IPC::Message const&, IPC::Message*&) (PLayersParent.cpp:318)
   by 0x2C91306F: mozilla::layers::PCompositorParent::OnMessageReceived(IPC::Message const&, IPC::Message*&) (PCompositorParent.cpp:338)
   by 0x2C8ED5E5: mozilla::ipc::SyncChannel::OnDispatchMessage(IPC::Message const&) (SyncChannel.cpp:175)

Comment 1

[Ali Juma [:ajuma]]

ThebesLayerBufferOGL::RenderTo is neglecting to call SetFilter before calling ApplyFilter. I think we should just be explicit here that we want FILTER_GOOD.

Comment 2

[Ali Juma [:ajuma]]

Attachment: Specify which filter to apply in ThebesLayerBufferOGL::RenderTo

Comment 3

[Benoit Girard (:BenWa)]

Comment on attachment 610541 [details] [diff] [review]
Specify which filter to apply in ThebesLayerBufferOGL::RenderTo

I think this would break crisp edge, let's initialize TiledTextureImage::mFilter instead.

Comment 4

[Ali Juma [:ajuma]]

Attachment: Initialize TextureImage::mFilter

(In reply to Benoit Girard (:BenWa) from comment #3)
> I think this would break crisp edge, let's initialize
> TiledTextureImage::mFilter instead.

mFilter is uninitialized in TextureImage in general, not just TiledTextureImage, so let's fix that.

Comment 5

[Mozilla RelEng Bot]

Autoland Patchset:
	Patches: 610547
	Branch: mozilla-central => try
	Destination: http://hg.mozilla.org/try/pushloghtml?changeset=84f7dd5410ff
Try run started, revision 84f7dd5410ff. To cancel or monitor the job, see: https://tbpl.mozilla.org/?tree=Try&rev=84f7dd5410ff

Comment 6

[Julian Seward [:jseward]]

(In reply to Ali Juma [:ajuma] from comment #4)
> Created attachment 610547 [details] [diff] [review]
> Initialize TextureImage::mFilter

WFM, in the sense that I can no longer reproduce the complaint
in comment #0 with the patch in place.

Comment 7

[Mozilla RelEng Bot]

Try run for 84f7dd5410ff is complete.
Detailed breakdown of the results available here:
    https://tbpl.mozilla.org/?tree=Try&rev=84f7dd5410ff
Results (out of 218 total builds):
    exception: 1
    success: 195
    warnings: 22
Builds (or logs if builds failed) available at:
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/autolanduser@mozilla.com-84f7dd5410ff

Comment 8

[Ali Juma [:ajuma]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/7cec359d6736

Comment 9

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/7cec359d6736