Closed Bug 1354197 Opened 9 years ago Closed 8 years ago

WebGL EXCEPTION_ACCESS_VIOLATION_READ in sh::CollectVariables::visitDeclaration

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Version:
55 Branch
Platform:
Unspecified
Windows 10
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox56 --- wontfix
firefox57 --- wontfix
firefox58 --- fixed

People

(Reporter: aral.yaman, Assigned: cleu)

References

Details

(Keywords: crash, csectype-nullptr, testcase, Whiteboard: [sg:dos])

Crash Data

Attachments

(1 file)

crash01.html
661 bytes, text/html
Details
Attached file crash01.html
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170406030206 Steps to reproduce: Open crash01.html in the latest Firefox nightly on Windows 10 Actual results: Firefox is going to crash while trying to compile shader. This causes the crash: precision mediump float ; void main( ) { if (true) const float aVariable = 0.0 ; } unfortunately I was not able to analyze with WinDbg because I only got a ###!!! [Parent][MessageChannel] Error: (msgtype=0x2C008D,name=PBrowser::Msg_UpdateNativeWindowHandle) Channel error: cannot send/recv So I'm not sure if the crash is realy security relevant. I sent a crash report as well: https://crash-stats.mozilla.com/report/index/6ead8220-e7ec-4bcb-a839-21b6c2170406 Expected results: No Crash
OS: Unspecified → Windows 10
Jeff: this looks like a null deref from the crash report, but please take a look and see if there's anything to worry about here.
Group: firefox-core-security → gfx-core-security
Component: Untriaged → Canvas: WebGL
Flags: needinfo?(jgilbert)
Keywords: crash, testcase
Product: Firefox → Core
Still a null deref in nightly. I'm going to open this up bp-435b94d7-84e4-4a6a-95ed-9be2d0170511
Group: gfx-core-security
Keywords: csectype-nullptr
Whiteboard: [sg:dos]
I don't see the crashes after 2017/06. Michael, please help to confirm it was resolved or not.
Assignee: nobody → cleu
This crash still present in Nightly 56.0a1 (2017-07-09) I will look into it and test whether it would be fixed by updating to a newer ANGLE version.
Status: UNCONFIRMED → NEW
Ever confirmed: true
It is confirmed that this issue will be fixed after updating ANGLE to chromium/3118.
Depends on: 1371190
It's fixed by updating ANGLE
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Crash Signature: [@ sh::CollectVariables::visitDeclaration ]
status-firefox56: --- → wontfix
status-firefox57: --- → wontfix
status-firefox58: --- → fixed
status-firefox-esr52: --- → unaffected
Flags: needinfo?(jgilbert)
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: