search

ValhallaTeam / angleproject

Automatically exported from code.google.com/p/angleproject
Other
0 stars 0 forks source link

crash [@ TConstTraverser::visitConstantUnion] #381

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Crash in pixel shader program parser.

What steps will reproduce the problem?
1. Open the attached testcase in browser (tested on Firefox 16 - 
Linux/MacOS/Windows)

Please provide any additional information below.
Reported as https://bugzilla.mozilla.org/show_bug.cgi?id=808526

Original issue reported on code.google.com by gronda...@gmail.com on 5 Nov 2012 at 2:51

Attachments:

GoogleCodeExporter commented 9 years ago 
Indeed I can reproduce the crash with the provided test case.  Will have a look.

Original comment by z...@google.com on 27 Feb 2013 at 6:06

GoogleCodeExporter commented 9 years ago 
#0  0x00007f291bad71e8 in TConstTraverser::visitConstantUnion (
    this=0x7fffed173670, node=0x86ad4c1a18)
    at ../../third_party/angle/src/compiler/parseConst.cpp:180
#1  0x00007f291bad4db8 in TIntermConstantUnion::traverse (this=0x86ad4c1a18, 
    it=0x7fffed173670)
    at ../../third_party/angle/src/compiler/IntermTraverse.cpp:33
#2  0x00007f291bad6fb3 in TConstTraverser::visitAggregate (this=0x7fffed173670, 
    visit=PreVisit, node=0x86ad4c1d58)
    at ../../third_party/angle/src/compiler/parseConst.cpp:132
#3  0x00007f291bad508f in TIntermAggregate::traverse (this=0x86ad4c1d58, 
    it=0x7fffed173670)
    at ../../third_party/angle/src/compiler/IntermTraverse.cpp:135
#4  0x00007f291bad7473 in TIntermediate::parseConstTree (this=0x7fffed177ff0, 
    line=5, root=0x86ad4c1d58, unionArray=0x86ad4c1e78, 
    constructorType=EOpConstructVec4, symbolTable=..., t=..., 
    singleConstantParam=true)
    at ../../third_party/angle/src/compiler/parseConst.cpp:233
#5  0x00007f291badb73b in TParseContext::foldConstConstructor (
    this=0x7fffed177f30, aggrNode=0x86ad4c1d58, type=...)
    at ../../third_party/angle/src/compiler/ParseHelper.cpp:1198
#6  0x00007f291badb398 in TParseContext::addConstructor (this=0x7fffed177f30, 
    node=0x86ad4c1a18, type=0x7fffed176ce0, op=EOpConstructVec4, fnCall=
    0x86ad4c17b8, line=5)
    at ../../third_party/angle/src/compiler/ParseHelper.cpp:1147
#7  0x00007f291bab6d2b in yyparse (context=0x7fffed177f30)
    at ../../third_party/angle/src/compiler/glslang_tab.cpp:2414
#8  0x00007f291babf9c6 in glslang_parse (context=0x7fffed177f30)
    at ../../third_party/angle/src/compiler/glslang_tab.cpp:4756
#9  0x00007f291badc71a in PaParseStrings (count=1, string=0x7fffed178090, 
    length=0x0, context=0x7fffed177f30)
    at ../../third_party/angle/src/compiler/ParseHelper.cpp:1520
#10 0x00007f291baa6041 in TCompiler::compile (this=0x86ad31ca20, 
    shaderStrings=0x7fffed178090, numStrings=1, compileOptions=6221)
    at ../../third_party/angle/src/compiler/Compiler.cpp:174
#11 0x00007f291baa24cf in ShCompile (handle=0x86ad31ca20, 
    shaderStrings=0x7fffed178090, numStrings=1, compileOptions=6220)
---Type <return> to continue, or q <return> to quit---
    at ../../third_party/angle/src/compiler/ShaderLang.cpp:195
#12 0x00007f291bfcecae in gpu::gles2::ShaderTranslator::Translate (
    this=0x86acbee260, 
    shader=0x86acfe42f8 "\n  const   float tmp;\n  void main(void) {\n      tmp = 0.5;\n      gl_FragColor = vec4(tmp);\n  }\n")
    at ../../gpu/command_buffer/service/shader_translator.cc:163

Original comment by z...@google.com on 27 Feb 2013 at 6:34

GoogleCodeExporter commented 9 years ago

Original comment by kbr@chromium.org on 27 Feb 2013 at 7:39

GoogleCodeExporter commented 9 years ago 
"const float tmp;" is invalid since constants have to be initialized, but after 
logging this error the parser tries to recover and continue with the rest of 
the code. Later in the code it expects tmp to have a 'ConstantUnion', but it's 
NULL because the constant was never intialized.

Unless someone's already working on fixing this, I can go ahead and do it.

Original comment by nicolas....@gmail.com on 27 Feb 2013 at 8:40

GoogleCodeExporter commented 9 years ago

Original comment by z...@google.com on 27 Feb 2013 at 9:25

GoogleCodeExporter commented 9 years ago 
Issue 238 has been merged into this issue.

Original comment by z...@google.com on 27 Feb 2013 at 9:25

GoogleCodeExporter commented 9 years ago 
Issue 239 has been merged into this issue.

Original comment by z...@google.com on 27 Feb 2013 at 9:26

GoogleCodeExporter commented 9 years ago 
Issue 240 has been merged into this issue.

Original comment by z...@google.com on 27 Feb 2013 at 9:26

GoogleCodeExporter commented 9 years ago 
Nicolas: thanks for volunteering to take care of this.  It seems we have a 
bunch of issues that are the same or similar. Merge them into one.

Original comment by z...@google.com on 27 Feb 2013 at 9:27

GoogleCodeExporter commented 9 years ago 
Set to priority high since it crashes the GPU process.

Original comment by z...@google.com on 27 Feb 2013 at 9:28

GoogleCodeExporter commented 9 years ago 
I have patches for each of these in review.

Original comment by nicolas....@gmail.com on 28 Feb 2013 at 2:19

GoogleCodeExporter commented 9 years ago 
Committed in r1995 to r1998.

Original comment by nicolas....@gmail.com on 19 Mar 2013 at 1:12