Closed Bug 968004 Opened 6 years ago Closed 6 years ago

Faulty: asser failure "should be implemented or not used" in CompositableHost::UpdateThebes for a DeprecatedImageHostSingle

Categories

(Core :: Graphics, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla30

People

(Reporter: bjacob, Assigned: bjacob)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067
Attached file Faulty session
Hit by webm-video reftests.
Not trivial to analyze why we're hitting this forbidden generic implementation, but we get this clue in the log:

[Faulty] pickle field {int} of value: 9 changed to: 1

We don't have that many relevant enum types that go up to value 9. The only one I see is CompositableType:

enum CompositableType
{
  BUFFER_UNKNOWN,
  // the deprecated compositable types
  BUFFER_IMAGE_SINGLE,    // image/canvas with a single texture, single buffered
  BUFFER_IMAGE_BUFFERED,  // canvas, double buffered
  BUFFER_BRIDGE,          // image bridge protocol
  BUFFER_CONTENT,         // thebes layer interface, single buffering
  BUFFER_CONTENT_DIRECT,  // thebes layer interface, double buffering
  BUFFER_CONTENT_INC,     // thebes layer interface, only sends incremental
                          // updates to a texture on the compositor side.
  BUFFER_TILED,           // tiled thebes layer
  // the new compositable types
  COMPOSITABLE_IMAGE,     // image with single buffering
  COMPOSITABLE_CONTENT_SINGLE,  // thebes layer interface, single buffering
  COMPOSITABLE_CONTENT_DOUBLE,  // thebes layer interface, double buffering
  BUFFER_COUNT
};

So the original value 9 was COMPOSITABLE_CONTENT_SINGLE i.e. a ThebesLayer, and this is changed to 1 which is BUFFER_IMAGE_SINGLE.

In other words a Content/ThebesLayer compositable is reinterpreted in place as an Image compositable, and then we call that ThebesLayer-specific method, UpdateThebes, on it.

This will need some thinking to figure the right way to handle such bad enums gracefully.

Classification: PLayerTransaction, bad compositable type, hard
Fixed by the landing of PLayerTransaction type checks before casting layers, bug 968833.
Assignee: nobody → bjacob
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.