Fennec crash on get.webgl.org in mozilla::WebGLUniformInfo::ElementSize

RESOLVED INCOMPLETE

Status

()

Core
Canvas: WebGL
--
critical
RESOLVED INCOMPLETE
6 years ago
2 years ago

People

(Reporter: bjacob, Unassigned)

Tracking

({crash})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [native-crash], crash signature)

STR:

use Fennec, go to get.webgl.org. Crash:

Program received signal SIGSEGV, Segmentation fault.
warning: Could not load shared library symbols for org.mozilla.fennec_bjacob.
Do you need "set solib-search-path" or "set sysroot"?
[Switching to Thread 3788]
0x4801791e in TouchBadMemory () at /hack/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:68
68          gDummyCounter += *p;   // TODO annotation saying we know 
(gdb) bt
#0  0x4801791e in TouchBadMemory () at /hack/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:68
#1  0x4801796e in mozalloc_abort (
    msg=0x45834930 "###!!! ABORT: file /hack/mozilla-central/content/canvas/src/WebGLContext.h, line 1688") at /hack/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:89
#2  0x4c10f65e in Abort (
    aMsg=0x45834930 "###!!! ABORT: file /hack/mozilla-central/content/canvas/src/WebGLContext.h, line 1688") at /hack/mozilla-central/xpcom/base/nsDebugImpl.cpp:417
#3  0x4c10f518 in NS_DebugBreak_P (aSeverity=3, aStr=0x0, aExpr=0x0, 
    aFile=0x4cc654f4 "/hack/mozilla-central/content/canvas/src/WebGLContext.h", aLine=1688)
    at /hack/mozilla-central/xpcom/base/nsDebugImpl.cpp:374
#4  0x4b4a4ac0 in mozilla::WebGLUniformInfo::ElementSize (this=0x45834dec)
    at /hack/mozilla-central/content/canvas/src/WebGLContext.h:1688
#5  0x4b4a6bcc in mozilla::WebGLUniformLocation::WebGLUniformLocation (this=0x4aaaab80, 
    context=0x4dda6e00, program=0x4a4fb460, location=1, info=...)
    at /hack/mozilla-central/content/canvas/src/WebGLContext.h:2566
#6  0x4b4ae792 in mozilla::WebGLContext::GetUniformLocation (this=0x4dda6e00, pobj=0x4a4fb460, name=..., 
    retval=0x45834f24) at /hack/mozilla-central/content/canvas/src/WebGLContextGL.cpp:3070
#7  0x4bb59834 in nsIDOMWebGLRenderingContext_GetUniformLocation (cx=0x44d30700, argc=2, vp=0x474004f8)
    at /hack/mozilla-central/obj-mobile-debug/js/xpconnect/src/dom_quickstubs.cpp:24623
#8  0x4c7403fa in js::CallJSNative (cx=0x44d30700, 
    native=0x4bb59631 <nsIDOMWebGLRenderingContext_GetUniformLocation(JSContext*, unsigned int, jsval*)>, args=...) at /hack/mozilla-central/js/src/jscntxtinlines.h:314
#9  0x4c745f22 in js::InvokeKernel (cx=0x44d30700, args=..., construct=js::NO_CONSTRUCT)
    at /hack/mozilla-central/js/src/jsinterp.cpp:519
#10 0x4c752bc0 in js::Interpret (cx=0x44d30700, entryFrame=0x47400078, interpMode=js::JSINTERP_NORMAL)
    at /hack/mozilla-central/js/src/jsinterp.cpp:2757
#11 0x4c745cd6 in js::RunScript (cx=0x44d30700, script=0x47c583c0, fp=0x47400078)
    at /hack/mozilla-central/js/src/jsinterp.cpp:475
#12 0x4c745fc2 in js::InvokeKernel (cx=0x44d30700, args=..., construct=js::NO_CONSTRUCT)
    at /hack/mozilla-central/js/src/jsinterp.cpp:535
#13 0x4c6ba64c in js::Invoke (cx=0x44d30700, args=..., construct=js::NO_CONSTRUCT)
    at /hack/mozilla-central/js/src/jsinterp.h:172


I think I know what this is. Since bug 732233 landed, we rely on having identifier information, but because of the Android-specific disabling of long identifier mapping, we might have a bug here that causes us to not generate that identifier information (even though it is a separate thing from identifier mapping).
(Reporter)

Updated

6 years ago
Depends on: 743748
(Reporter)

Comment 1

6 years ago
Confirmed: re-enabling shader translation does fix this crash.

Updated

6 years ago
Severity: normal → critical
Crash Signature: [@ TouchBadMemory | mozalloc_abort | NS_DebugBreak_P | mozilla::WebGLUniformInfo::ElementSize]
Keywords: crash
Whiteboard: [native-crash]
I am closing this bug as incomplete since there are no recent reports of this crash against a modern product version. Please reopen this bug if you can reproduce the crash.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.