Closed Bug 939368 Opened 7 years ago Closed 7 years ago
GL: crash [@mozilla::gl::GLContext::Make Current]
In the fuzzing run I am seeing this as a stack-buffer-underflow, when executed as a testcase it results in a null ptr deref. The report for the SBU suggests it is a false positive. The only function which is in both reports the same is a call to "mozilla::WebGLContext::ErrorInvalidValue". Tested with https://hg.mozilla.org/integration/mozilla-inbound/rev/67f5d934127c and the following preferences: user_pref("webgl.enable-draft-extensions", true); user_pref("webgl.enable-prototype-webgl2", true);
Add lost context check to WebGLContext::DrawBuffers() to stop NULL ptr dereference inside ErrorInvalidValue().
Attachment #8335866 - Flags: review?(jgilbert)
Assignee: nobody → dglastonbury
Status: NEW → ASSIGNED
Attachment #8335866 - Flags: review?(jgilbert) → review+
We enabled WEBGL_draw_buffers in bug 936246, which landed in 28. Prior to that, this was only accessible via prototype prefs, so we shouldn't need to uplift anything.
Per comment 0 and 4, b2g18 and b2g1.1 had this functionality disabled by default unless a specific pref was added. b2g1.2 forked at Fx26 and should be disabled as well
Christoph, can you reproduce this anymore?
(In reply to Anthony Hughes, QA Mentor (:ashughes) [unavailable until Jan 2, 2014] from comment #8) > Christoph, can you reproduce this anymore? I can not reproduce it anymore with http://hg.mozilla.org/integration/mozilla-inbound/rev/1e13634eceb2
Verified fixed based on comment 9. Thanks Christoph.
You need to log in before you can comment on or make changes to this bug.