On Windows: bp-4163d421-8c71-4a16-b481-777092120615
It's a regression, you can add 'regression' keyword. Regression range: m-c good=2012-06-02 bad=2012-06-03 http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5199196b65ec&tochange=d0ebcaa7efb5 m-i good=2012-06-01 bad=2012-06-02 http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=50c9995aa7d0&tochange=9abc60f44fd5 Suspected bug: Boris Zbarsky — Bug 748266. Switch the WebGL canvas context to new DOM bindings. r=peterv
Many thanks for the report. The crash is trivial: the testcase calls readpixels with null |pixels| argument and we crash at: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3e2e703 in mozilla::WebGLContext::ReadPixels (this=0x3a3f2b0, x=7, y=7, width=7, height=63, format=6406, type=32820, pixels=0x0, rv=...) at /hack/mozilla-central/content/canvas/src/WebGLContextGL.cpp:3856 3856 void* data = pixels->mData; (gdb) p pixels $1 = (mozilla::dom::ArrayBufferView *) 0x0
Created attachment 633529 [details] [diff] [review] check for null pixels in readPixels Per spec, 5.14.12: If pixels is null, an INVALID_VALUE error is generated.
Confirming the testcase doesn't crash anymore with this patch.
> Per spec, 5.14.12: If pixels is null, an INVALID_VALUE error is generated. This should probably have a test in the test suite, if there isn't one already; our old binding code threw NS_ERROR_FAILURE in that case....
Comment on attachment 633529 [details] [diff] [review] check for null pixels in readPixels r=me
I can only reproduce this crash on Win7 and on Mac; I cannot reproduce on Linux and WinXP. So I will need a bit more time than normal to debug this.
Actually, I can't reproduce anymore on my Mac since I updated Nightly from June 11's build to today's. Can you still reproduce in current Nightly?
I can reproduce it with an ASAN enabled build (trunk).
I can't reproduce the crash anymore in a Windows debug build from today's mozilla-central. Last week, I could reproduce. Can you still reproduce a crash or is ASAN necessary to observe any issue?
Yes, an ASAN build seems to be necessary.
Can you teach me how to make an ASAN build? And then, how to reproduce with it?
The steps for building are described here: https://developer.mozilla.org/en/Building_Firefox_with_Address_Sanitizer Once you have done that, you can just open the testcase with Firefox and you will see the result in the shell.
Fixed. The bug is indeed fixed with a build of today even with ASAN enabled.