search

shairai / angleproject

Automatically exported from code.google.com/p/angleproject
Other
0 stars 0 forks source link

ESSL compiler crash in WebGL Aquarium, null deref in TInfoSinkBase::operator<< #230

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This is https://bugzilla.mozilla.org/show_bug.cgi?id=694831

Steps to reproduce: in Firefox Mobile / Android, go to WebGL Aquarium.

We use the ESSL back-end. Crash report here:

https://crash-stats.mozilla.com/report/index/bp-be3ab428-4649-4aa5-907c-807b2211
1016

This is a null pointer dereference.

Call stack:

0   libmozutils.so  arena_dalloc    memory/jemalloc/jemalloc.c:4308
1   libmozutils.so  __wrap_free     memory/jemalloc/jemalloc.c:6263
2   libmozalloc.so  moz_free    memory/mozalloc/mozalloc.cpp:98
3   libxul.so   std::__node_alloc::deallocate   mozalloc.h:254
4   libxul.so   std::priv::_String_base<char, std::allocator<char> 
>::_M_deallocate_block  _string_base.h:102
5   libxul.so   std::basic_string<char, std::char_traits<char>, 
std::allocator<char> >::_M_append   _string_base.h:160
6   libxul.so   TInfoSinkBase::operator<<   gfx/angle/src/compiler/InfoSink.h:66
7   libxul.so   TOutputGLSLBase::writeVariableType 
    gfx/angle/src/compiler/OutputGLSLBase.cpp:125
8   libxul.so   TOutputGLSLBase::visitAggregate 
    gfx/angle/src/compiler/OutputGLSLBase.cpp:541
9   libxul.so   TIntermAggregate::traverse 
    gfx/angle/src/compiler/IntermTraverse.cpp:135
10  libxul.so   TOutputGLSLBase::visitAggregate 
    gfx/angle/src/compiler/OutputGLSLBase.cpp:456
11  libxul.so   TIntermAggregate::traverse 
    gfx/angle/src/compiler/IntermTraverse.cpp:135
12  libxul.so   TranslatorESSL::translate 
    gfx/angle/src/compiler/OutputGLSLBase.h:17
13  libxul.so   TCompiler::compile  gfx/angle/src/compiler/Compiler.cpp:182
14  libxul.so   ShCompile   gfx/angle/src/compiler/ShaderLang.cpp:169
15  libxul.so   mozilla::WebGLContext::CompileShader 
    content/canvas/src/WebGLContextGL.cpp:4097
16  libxul.so   nsIDOMWebGLRenderingContext_CompileShader 
    obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:30196

Original issue reported on code.google.com by jacob.be...@gmail.com on 16 Oct 2011 at 5:44

GoogleCodeExporter commented 9 years ago 
This is in Firefox 10.0a1 which uses ANGLE r774.

Original comment by jacob.be...@gmail.com on 16 Oct 2011 at 5:46

GoogleCodeExporter commented 9 years ago 
This issue, and all other allocator-mismatch issues we reported, were all our 
fault (not properly wrapping malloc when we try to use jemalloc). Sorry for the 
noise.

Original comment by jacob.be...@gmail.com on 26 Oct 2012 at 7:55