Bug#877445: Certain sites crash Firefox on pre-SSE2 CPUs

Fanael Linithien fanael4 at gmail.com
Sun Oct 1 20:54:35 UTC 2017 

Package: firefox
Version: 56.0-2
Severity: important

Visiting certain sites such as github crashes with SIGILL on Pentium
III and other CPUs with no SSE2 support due to some parts of Firefox
code assuming SSE2 unconditionally. While the upstream doesn't support
pre-SSE2 processors anymore, my understanding is that the Debian
package does, and therefore it's a bug. AFAIU the fix shouldn't be too
invasive, because the upstream sources still pretty much *have to*,
and do, contain scalar fallbacks for non-x86 platforms.

The same sites work for the time being in firefox-esr, which is what
I'm using as a workaround.

Top of backtrace after receiving SIGILL:

(gdb) bt
#0  0xb0b2dae3 in _mm_unpacklo_epi64(long long __vector(2), long long
__vector(2)) (__B=..., __A=...)
    at /usr/lib/gcc/i686-linux-gnu/7/include/emmintrin.h:1011
#1  mozilla::gfx::UnpremultiplyVector_SSE2<true> (
    aSrc=<synthetic pointer>...)
    at /build/firefox-yYj8Vc/firefox-56.0/gfx/2d/SwizzleSSE2.cpp:184
#2  mozilla::gfx::Unpremultiply_SSE2<true> (
    aSrc=0x8dd88b00 "", aSrcGap=944, aDst=0x8ddc4000 "",
    aDstGap=0, aSize=...)
    at /build/firefox-yYj8Vc/firefox-56.0/gfx/2d/SwizzleSSE2.cpp:227
#3  0xb0b8021a in mozilla::gfx::UnpremultiplyData (
    aSrc=0x8dd88b00 "", aSrcStride=1200,
    aSrcFormat=mozilla::gfx::SurfaceFormat::B8G8R8A8,
    aDst=0x8ddc4000 "", aDstStride=256,
    aDstFormat=mozilla::gfx::SurfaceFormat::R8G8B8A8,
    aSize=...)
    at /build/firefox-yYj8Vc/firefox-56.0/gfx/2d/Swizzle.cpp:416
#4  0xb178a64d in mozilla::dom::CanvasRenderingContext2D::GetImageDataArray (
    this=0x90b19000, aCx=0xb7073000, aX=0, aY=16,
    aWidth=64, aHeight=1, aRetval=0xbfd5d3a8)
    at /build/firefox-yYj8Vc/firefox-56.0/dom/canvas/CanvasRenderingContext2D.cpp:5936
#5  0xb178a84a in mozilla::dom::CanvasRenderingContext2D::GetImageData (
    this=0x90b19000, aCx=0xb7073000, aSx=0, aSy=16,
    aSw=64, aSh=1, aError=...)
    at /build/firefox-yYj8Vc/firefox-56.0/dom/canvas/CanvasRenderingContext2D.cpp:5839
#6  0xb13a3d7e in mozilla::dom::CanvasRenderingContext2DBinding::getImageData (
    cx=0xb7073000, obj=..., self=0x90b19000,
    args=...)
    at /build/firefox-yYj8Vc/firefox-56.0/build-browser/dom/bindings/CanvasRenderingContext2DBinding.cpp:4064
#7  0xb1725c5d in mozilla::dom::GenericBindingMethod (
    cx=0xb7073000, argc=<optimized out>, vp=0xa8b84210)
    at /build/firefox-yYj8Vc/firefox-56.0/dom/bindings/BindingUtils.cpp:3053
#8  0xb329220c in js::CallJSNative (args=...,
    native=0xb1725a80 <mozilla::dom::GenericBindingMethod(JSContext*,
unsigned int, JS::Value*)>,
    cx=0xb7073000)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/jscntxtinlines.h:293
#9  js::InternalCallOrConstruct (cx=0xb7073000, args=...,
    construct=js::NO_CONSTRUCT)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/vm/Interpreter.cpp:469
#10 0xb3292592 in InternalCall (cx=<optimized out>, args=...)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/vm/Interpreter.cpp:514
#11 0xb3285c6a in js::CallFromStack (args=...,
    cx=<optimized out>)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/vm/Interpreter.cpp:520
#12 Interpret (cx=0xb7073000, state=...)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/vm/Interpreter.cpp:3064
#13 0xb3291e8d in js::RunScript (cx=0xb7073000, state=...)
    at /build/firefox-yYj8Vc/firefox-56.0/js/src/vm/Interpreter.cpp:409

More information about the pkg-mozilla-maintainers mailing list