New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 120977 link

Starred by 2 users

Issue metadata

Status: Fixed
OOO until 2019-01-24
Closed: Dec 2012
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security

  • Only users with EditIssue permission may comment.

Sign in to add a comment

Crash in texSubImage2D on Mozilla's WebGL performance regression tests

Project Member Reported by, Mar 29 2012

Issue description

Version: 19.0.1082.1 (Official Build 129233) canary
OS: Mac OS X 10.6.8

What steps will reproduce the problem?
1. Visit

What is the expected output? What do you see instead?

Expect the tests to run. Instead, the renderer crashes while running test 23 out of 45 (I think) inside texSubImage2D. One representative crash (af76d177c3e02e63):

0x04598bdf	 [Google Chrome Framework	 -]	gpu::gles2::GLES2Implementation::TexSubImage2DImpl
0x04598e48	 [Google Chrome Framework	 -]	gpu::gles2::GLES2Implementation::TexSubImage2D
0x04559c32	 [Google Chrome Framework	 -]	WebGraphicsContext3DCommandBufferImpl::texSubImage2D
0x047323e8	 [Google Chrome Framework	 - GraphicsContext3DChromium.cpp:682]	WebCore::GraphicsContext3D::texSubImage2D
0x049f6946	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3623]	WebCore::WebGLRenderingContext::texSubImage2DBase
0x049f6a5a	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3640]	WebCore::WebGLRenderingContext::texSubImage2DImpl
0x049f6fa2	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3718]	WebCore::WebGLRenderingContext::texSubImage2D
0x0517bd67	 [Google Chrome Framework	 - V8WebGLRenderingContext.cpp:1863]	WebCore::WebGLRenderingContextInternal::texSubImage2DCallback


Comment 1 by, May 9 2012

Labels: WebKit-ID-85942

Comment 2 by, May 9 2012

Status: Assigned
Project Member

Comment 3 by, May 9 2012

Labels: -WebKit-ID-85942 WebKit-ID-85942-ASSIGNED
Project Member

Comment 4 by, May 17 2012

Labels: -WebKit-ID-85942-ASSIGNED WebKit-ID-85942-RESOLVED WebKit-Rev-117191

Comment 5 by, May 17 2012

Status: Fixed
Fixed per above bug.

Comment 6 by, May 24 2012

Labels: Mstone-20 Merge-Requested
Requesting backport to M20. Related  issue 128688  was approved for backport, and this one is similar.

Labels: -Type-Bug -Pri-2 -Merge-Requested Type-Security Pri-1 Merge-Approved SecSeverity-High SecImpacts-Stable SecImpacts-Beta
Status: FixUnreleased
Had a chat with Ken, it does affect m19, however it is preferred for m20.

Comment 8 by, May 24 2012

FYI, the rationale for fixing this only in M20 is that it is not triggered in commonly used functionality, and  Issue 128688  would also have to be backported to M19.

Comment 10 by, May 24 2012

Labels: -Merge-Approved Merge-Merged-1132
Labels: CVE-2012-2819
Project Member

Comment 12 by, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Status: Fixed
Project Member

Comment 14 by, Mar 10 2013

Labels: -Type-Security -Area-Internals -Internals-Graphics -Feature-GPU-WebGL -Mstone-20 -SecSeverity-High -SecImpacts-Stable -SecImpacts-Beta Cr-Internals-GPU-WebGL Security-Impact-Stable Security-Impact-Beta Cr-Internals-Graphics M-20 Cr-Internals Security-Severity-High Type-Bug-Security
Project Member

Comment 15 by, Mar 14 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member

Comment 16 by, Mar 21 2013

Labels: -Security-Severity-High Security_Severity-High
Project Member

Comment 17 by, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 18 by, Mar 21 2013

Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member

Comment 19 by, Apr 10 2013

Labels: -Cr-Internals-GPU-WebGL Cr-Blink-WebGL
Project Member

Comment 20 by, Jun 14 2016

Labels: -security_impact-beta
Project Member

Comment 21 by, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Project Member

Comment 22 by, Oct 1 2016

Labels: Restrict-View-SecurityNotify
Project Member

Comment 23 by, Oct 2 2016

Labels: -Restrict-View-SecurityNotify
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Labels: allpublic
Components: -Internals>Graphics Internals>GPU
Moving old issues out of Internal>Graphics to delete this obsolete component (  for details)
Labels: CVE_description-submitted

Sign in to add a comment