Closed
Bug 992874
Opened 10 years ago
Closed 10 years ago
Firefox 28 Crashes when creating a big WebGL Context
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
VERIFIED
FIXED
mozilla31
People
(Reporter: nerom86, Assigned: jgilbert)
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
1.93 KB,
text/html
|
Details | |
783 bytes,
patch
|
bas.schouten
:
review+
lsblakk
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 Steps to reproduce: Create a WebGL Context (Simple example) and calling it See attached file for a html file causing the issue Actual results: Browser crashes https://crash-stats.mozilla.com/report/index/ab711cbb-bc7d-4f63-80c5-97dff2140407 Expected results: It shouldnt crash ;) Chrome has no problems with it
Could you please take care of this until the next version? It is reproducible on multiple systems no matter what hardware. It always crashes firefox 28. Just click on the attached html and FF28 crashes completely here the one i am using: Adapter Description NVIDIA GeForce GT 630 Adapter Drivers nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um Adapter RAM 2048 Device ID 0x0fc2 Direct2D Enabled true DirectWrite Enabled true (6.2.9200.16571) Driver Date 3-4-2014 Driver Version 9.18.13.3523 GPU #2 Active false GPU Accelerated Windows 1/1 Direct3D 10 Vendor ID 0x10de WebGL Renderer Google Inc. -- ANGLE (NVIDIA GeForce GT 630 Direct3D9Ex vs_3_0 ps_3_0) windowLayerManagerRemote false AzureCanvasBackend direct2d AzureContentBackend direct2d AzureFallbackCanvasBackend cairo AzureSkiaAccelerated 0
Assignee | ||
Comment 2•10 years ago
|
||
I cannot reproduce this on my Win8.1 MBP, but I think I see what the problem is. It looks like mTexture creation fails in CanvasLayerD3D10, and later we dereference the null mTexture.
Component: Canvas: WebGL → Graphics: Layers
Assignee | ||
Comment 3•10 years ago
|
||
Assignee: nobody → jgilbert
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #8406407 -
Flags: review?(bas)
Hi, thanks for looking into this. Maybe it works on Macbook Pro but i have tested several PCs (with Win7 and win8) , NVIDIA or AMD - they all crash. Also i dont know checking for mTexture == null does actually solve the issue (maybe just prevents the crash) Both IE11 and Chrome have no issues at all with a big WebGL Context (actually chrome has too, because sometimes not rendered correctly). But IE working perfectly.
Assignee | ||
Comment 5•10 years ago
|
||
Right, my patch just fixes the crash. I'm not sure about the best way to handle these large layers. For non-basic ShSurfs (non-readback paths), we handle it fine.
Comment 6•10 years ago
|
||
Comment on attachment 8406407 [details] [diff] [review] handle-bad-tex Review of attachment 8406407 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/layers/d3d10/CanvasLayerD3D10.cpp @@ +117,5 @@ > } else if (mIsD2DTexture) { > return; > } > > + if (!mTexture) nit: single line if-statements should have { }
Attachment #8406407 -
Flags: review?(bas) → review+
Assignee | ||
Comment 7•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/1e163918ea05
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/1e163918ea05
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Assignee | ||
Updated•10 years ago
|
status-firefox28:
--- → wontfix
status-firefox29:
--- → affected
status-firefox30:
--- → affected
status-firefox31:
--- → fixed
tracking-firefox29:
--- → ?
tracking-firefox30:
--- → ?
Assignee | ||
Comment 9•10 years ago
|
||
Comment on attachment 8406407 [details] [diff] [review] handle-bad-tex [Approval Request Comment] Bug caused by (feature/regressing bug #): unknown User impact if declined: Some windows users could crash on large-webgl-canvas pages. Testing completed (on m-c, etc.): on m-c Risk to taking this patch (and alternatives if risky): very low String or IDL/UUID changes made by this patch: none
Attachment #8406407 -
Flags: approval-mozilla-beta?
Attachment #8406407 -
Flags: approval-mozilla-aurora?
Updated•10 years ago
|
Comment 10•10 years ago
|
||
Comment on attachment 8406407 [details] [diff] [review] handle-bad-tex Let's get this on Aurora and also see if QA can reproduce. If we can reproduce the crash and know this low risk fix takes care of it, we can consider taking this in final 29 builds on Monday.
Attachment #8406407 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Flags: needinfo?(jbecerra)
Assignee | ||
Comment 11•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/9ab6c1dd9a74
Updated•10 years ago
|
Crash Signature: [@ mozilla::layers::CanvasLayerD3D10::UpdateSurface() ]
Keywords: crash
Comment 12•10 years ago
|
||
I haven't been able to reproduce this on the latest Fx30 or Fx29 on the hardware at hand, however if the reporter can with a variety of PCs with Win7 and Win 8, then we may want to consider this for Fx29. What do you think Jeff?
Flags: needinfo?(jbecerra) → needinfo?(jgilbert)
Assignee | ||
Comment 13•10 years ago
|
||
(In reply to juan becerra [:juanb] from comment #12) > I haven't been able to reproduce this on the latest Fx30 or Fx29 on the > hardware at hand, however if the reporter can with a variety of PCs with > Win7 and Win 8, then we may want to consider this for Fx29. What do you > think Jeff? This is really low risk, so I think this is worth it.
Flags: needinfo?(jgilbert)
Comment 14•10 years ago
|
||
Comment on attachment 8406407 [details] [diff] [review] handle-bad-tex We are not going to make an other build for 29. So, it is too late for this release...
Attachment #8406407 -
Flags: approval-mozilla-beta? → approval-mozilla-beta-
Updated•10 years ago
|
Comment 15•10 years ago
|
||
Reproduced the crash using old Nightly (2014-04-07) on Windows 7 64bit, verified that the issue is fixed on Firefox 30 beta 3 and latest Aurora.
You need to log in
before you can comment on or make changes to this bug.
Description
•