New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Owner:
Closed: Dec 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Crash in texSubImage2D on Mozilla's WebGL performance regression tests
Project Member Reported by kbr@chromium.org, Mar 29 2012 Back to list
Version: 19.0.1082.1 (Official Build 129233) canary
OS: Mac OS X 10.6.8


What steps will reproduce the problem?
1. Visit http://hg.mozilla.org/users/bjacob_mozilla.com/webgl-perf-tests/raw-file/tip/webgl-performance-tests.html

What is the expected output? What do you see instead?

Expect the tests to run. Instead, the renderer crashes while running test 23 out of 45 (I think) inside texSubImage2D. One representative crash (af76d177c3e02e63):

0x04598bdf	 [Google Chrome Framework	 - gles2_implementation.cc:1884]	gpu::gles2::GLES2Implementation::TexSubImage2DImpl
0x04598e48	 [Google Chrome Framework	 - gles2_implementation.cc:1818]	gpu::gles2::GLES2Implementation::TexSubImage2D
0x04559c32	 [Google Chrome Framework	 - webgraphicscontext3d_command_buffer_impl.cc:1009]	WebGraphicsContext3DCommandBufferImpl::texSubImage2D
0x047323e8	 [Google Chrome Framework	 - GraphicsContext3DChromium.cpp:682]	WebCore::GraphicsContext3D::texSubImage2D
0x049f6946	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3623]	WebCore::WebGLRenderingContext::texSubImage2DBase
0x049f6a5a	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3640]	WebCore::WebGLRenderingContext::texSubImage2DImpl
0x049f6fa2	 [Google Chrome Framework	 - WebGLRenderingContext.cpp:3718]	WebCore::WebGLRenderingContext::texSubImage2D
0x0517bd67	 [Google Chrome Framework	 - V8WebGLRenderingContext.cpp:1863]	WebCore::WebGLRenderingContextInternal::texSubImage2DCallback

 
Comment 1 by kbr@chromium.org, May 9 2012
Labels: WebKit-ID-85942
Comment 2 by kbr@chromium.org, May 9 2012
Owner: kbr@chromium.org
Status: Assigned
Project Member Comment 3 by bugdroid1@chromium.org, May 9 2012
Labels: -WebKit-ID-85942 WebKit-ID-85942-ASSIGNED
https://bugs.webkit.org/show_bug.cgi?id=85942
Project Member Comment 4 by bugdroid1@chromium.org, May 17 2012
Labels: -WebKit-ID-85942-ASSIGNED WebKit-ID-85942-RESOLVED WebKit-Rev-117191
https://bugs.webkit.org/show_bug.cgi?id=85942
http://trac.webkit.org/changeset/117191
Comment 5 by kbr@chromium.org, May 17 2012
Status: Fixed
Fixed per above bug.

Comment 6 by kbr@chromium.org, May 24 2012
Cc: infe...@chromium.org scarybea...@gmail.com
Labels: Mstone-20 Merge-Requested
Requesting backport to M20. Related  issue 128688  was approved for backport, and this one is similar.

Labels: -Type-Bug -Pri-2 -Merge-Requested Type-Security Pri-1 Merge-Approved SecSeverity-High SecImpacts-Stable SecImpacts-Beta
Status: FixUnreleased
Had a chat with Ken, it does affect m19, however it is preferred for m20.
Comment 8 by kbr@chromium.org, May 24 2012
FYI, the rationale for fixing this only in M20 is that it is not triggered in commonly used functionality, and  Issue 128688  would also have to be backported to M19.

Comment 10 by kbr@chromium.org, May 24 2012
Labels: -Merge-Approved Merge-Merged-1132
Labels: CVE-2012-2819
Project Member Comment 12 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Status: Fixed
Project Member Comment 14 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Type-Security -Area-Internals -Internals-Graphics -Feature-GPU-WebGL -Mstone-20 -SecSeverity-High -SecImpacts-Stable -SecImpacts-Beta Cr-Internals-GPU-WebGL Security-Impact-Stable Security-Impact-Beta Cr-Internals-Graphics M-20 Cr-Internals Security-Severity-High Type-Bug-Security
Project Member Comment 15 by bugdroid1@chromium.org, Mar 14 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 16 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Severity-High Security_Severity-High
Project Member Comment 17 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 18 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member Comment 19 by bugdroid1@chromium.org, Apr 10 2013
Labels: -Cr-Internals-GPU-WebGL Cr-Blink-WebGL
Project Member Comment 20 by sheriffbot@chromium.org, Jun 14 2016
Labels: -security_impact-beta
Project Member Comment 21 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 22 by sheriffbot@chromium.org, Oct 1 2016
Labels: Restrict-View-SecurityNotify
Project Member Comment 23 by sheriffbot@chromium.org, Oct 2 2016
Labels: -Restrict-View-SecurityNotify
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Components: -Internals>Graphics Internals>GPU
Moving old issues out of Internal>Graphics to delete this obsolete component ( crbug.com/685425  for details)
Sign in to add a comment