Closed
Bug 939117
Opened 11 years ago
Closed 10 years ago
WebGL2: Assertion failure: targetSlot (unknown query object's type) [@mozilla::WebGLQuery::IsActive]
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
| Tracking | Status | |
|---|---|---|
| firefox27 | --- | disabled |
| firefox28 | --- | disabled |
| firefox29 | --- | fixed |
| firefox-esr24 | --- | unaffected |
| b2g18 | --- | unaffected |
| b2g-v1.2 | --- | unaffected |
| b2g-v1.3 | --- | unaffected |
People
(Reporter: posidron, Assigned: u480271)
Details
(4 keywords, Whiteboard: sec-critical if WebGL2 turned on)
Attachments
(4 files)
Tested with https://hg.mozilla.org/integration/mozilla-inbound/rev/67f5d934127c and the following preferences: user_pref("webgl.enable-draft-extensions", true); user_pref("webgl.enable-prototype-webgl2", true);
|
||
Comment 1•11 years ago
|
||
Christoph: please also CC :djg on new WebGL bugs.
|
Reporter | |
Comment 2•11 years ago
|
||
|
|
Reporter | |
Comment 3•11 years ago
|
||
Produces a weird stack-buffer-overflow in an opt build.
Group: core-security
|
|
Reporter | |
Comment 4•11 years ago
|
||
|
||
Comment 5•11 years ago
|
||
Crashes from unsupported configs probably shouldn't be 'critical'.
Severity: critical → minor
|
||
Comment 6•11 years ago
|
||
Unsupported config - unlikely for users to encounter - sec-moderate.
Keywords: sec-moderate
|
||
Updated•10 years ago
|
Assignee: nobody → dglastonbury
If GetQueryTargetSlot returns NULL, don't dereference it.
Attachment #8362347 -
Flags: review?(jgilbert)
|
|
||
Updated•10 years ago
|
Attachment #8362347 -
Flags: review?(jgilbert) → review+
Keywords: checkin-needed
Changed to ASSIGNED to follow Milan's protocol.
Status: NEW → ASSIGNED
|
||
Comment 10•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/32e6863fc29b Does this affect any other branches?
Keywords: checkin-needed
|
|
||
Comment 11•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/32e6863fc29b
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox29:
--- → fixed
Flags: needinfo?(dglastonbury)
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
|
Assignee | |
Comment 12•10 years ago
|
||
I checked with :jgilbert. "No, because people shouldn't be browsing with prototype things enabled."
Flags: needinfo?(dglastonbury)
|
||
Comment 13•10 years ago
|
||
(In reply to Jeff Gilbert [:jgilbert] from comment #5) > Crashes from unsupported configs probably shouldn't be 'critical'. That's a tricky thing. This isn't exactly an 'unsupported config', it's a pref'ed off feature that we fully intend to turn on at some point. If we call this "moderate" and then don't fix it due to higher priorities then we end up with a forgotten sec-critical in our product. On the other hand calling it sec-critical does overstate the current risk to our users. IMHO the closest we can get to reality in such situations is to call it sec-critical or sec-high but then note in the release status flags that it's 'unaffected' or 'disabled' for the various releases. Not great, but better than losing bad security bugs. In this case it's all good, the bug got fixed anyway. You might as well get credit for finding and fixing a bad bug before release.
status-b2g18:
--- → unaffected
status-b2g-v1.2:
--- → unaffected
status-b2g-v1.3:
--- → unaffected
status-firefox27:
--- → disabled
status-firefox28:
--- → disabled
status-firefox-esr24:
--- → unaffected
Keywords: sec-moderate → sec-high
Whiteboard: sec-critical if WebGL2 turned on
|
|
||
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•