Out of bounds access in SkSL::Compiler::scanCFG |
||
Issue descriptionChrome Version: r468179 Linux debug build What steps will reproduce the problem? I can't reproduce it. It just randomly happened one time when I canceled print preview. What is the expected result? No crashes What happens instead? ../../build/linux/debian_jessie_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/debug/safe_iterator.264: error: attempt to dereference a past-the-end iterator. Objects involved in the operation: iterator "this" @ 0x0x7ffca8a569a8 { state = past-the-end; references sequence @ 0x0x7ffca8a569a8 } Received signal 6 #0 0x7fe5401ef40b base::debug::StackTrace::StackTrace() #1 0x7fe5401ee10c base::debug::StackTrace::StackTrace() #2 0x7fe5401eef1f base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7fe54087a330 <unknown> #4 0x7fe528fe7c37 gsignal #5 0x7fe528feb028 abort #6 0x7fe52972ffe5 __gnu_debug::_Error_formatter::_M_error() #7 0x7fe53dee67ca __gnu_debug::_Safe_iterator<>::operator*() #8 0x7fe53dee0b87 SkSL::Compiler::scanCFG() #9 0x7fe53dedd358 SkSL::Compiler::internalConvertProgram() #10 0x7fe53dee0ff1 SkSL::Compiler::convertProgram() #11 0x7fe53de9cd2b GrGLCompileAndAttachShader() #12 0x7fe53de9acb7 GrGLProgramBuilder::compileAndAttachShaders() #13 0x7fe53de9a948 GrGLProgramBuilder::finalize() #14 0x7fe53de9a507 GrGLProgramBuilder::CreateProgram() #15 0x7fe53de378ac GrGLGpu::ProgramCache::refProgram() #16 0x7fe53de1eafa GrGLGpu::flushGLState() #17 0x7fe53de24a31 GrGLGpu::draw() #18 0x7fe53de355f6 GrGLGpuCommandBuffer::onDraw() #19 0x7fe53dc9d02a GrGpuCommandBuffer::draw() #20 0x7fe53dd3e0ad GrMeshDrawOp::onExecute() #21 0x7fe53dcd095f GrOp::execute() #22 0x7fe53dccf112 GrRenderTargetOpList::executeOps() #23 0x7fe53dc88db9 GrDrawingManager::internalFlush() #24 0x7fe53dc7e27f GrDrawingManager::flush() #25 0x7fe53dc89174 GrDrawingManager::prepareSurfaceForExternalIO() #26 0x7fe53dcc7564 GrRenderTargetContext::prepareForExternalIO() #27 0x7fe53debd123 SkGpuDevice::flush() #28 0x7fe53d6a3c54 SkCanvas::onFlush() #29 0x7fe53d6a3c16 SkCanvas::flush() #30 0x7fe52cfcaa47 blink::Canvas2DLayerBridge::Flush() #31 0x7fe52cfcb657 blink::Canvas2DLayerBridge::NewImageSnapshot() #32 0x7fe52cfcb258 blink::Canvas2DLayerBridge::PrepareTextureMailbox() #33 0x7fe5362a9f1e cc::TextureLayer::Update() #34 0x7fe5364e44e3 cc::LayerTreeHost::PaintContent() #35 0x7fe5364e3f01 cc::LayerTreeHost::DoUpdateLayers() #36 0x7fe5364e3109 cc::LayerTreeHost::UpdateLayers() #37 0x7fe5365b67b7 cc::ProxyMain::BeginMainFrame() +ethannicholas since https://skia-review.googlesource.com/c/7302/ touched the code last. Also, is that a self-review?
,
May 1 2017
(FYI Ethan has been begging people to review his code since starting this compiler project, but we haven't had many hits on expertise in the area...)
,
May 5 2017
It was a TBR simply because it was a re-land of a reverted change with a one-line fix added. I believe this is fixed by https://skia-review.googlesource.com/c/15383/. |
||
►
Sign in to add a comment |
||
Comment 1 by thestig@chromium.org
, Apr 29 2017