Bug 1422908 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Jason Kratzer [:jkratzer]

on 2017-12-04 10:36:25 PST

(Hidden by Administrator)

Revision 1 by

Tyson Smith [:tsmith]

on 2020-06-29 15:38:56 PDT

(Hidden by Administrator)

Revision 2 by

Tyson Smith [:tsmith]

on 2020-06-29 15:39:50 PDT

Testcase found while fuzzing mozilla-central rev 785572419acc.

OS|Linux|0.0.0 Linux 4.4.0-98-generic #121-Ubuntu SMP Tue Oct 10 14:24:03 UTC 2017 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|nsDisplayItem::GetClipWithRespectToASR|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|3086|0x0
0|1|libxul.so|nsDisplayList::GetClippedBoundsWithRespectToASR|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|2270|0x16
0|2|libxul.so|nsDisplayWrapList::UpdateBounds|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.h:785572419acc|4709|0x19
0|3|libxul.so|nsDisplayWrapList::nsDisplayWrapList|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|6155|0xb
0|4|libxul.so|nsDisplayTransform::nsDisplayTransform|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.h:785572419acc|5766|0x5
0|5|libxul.so|WrapSeparatorTransform|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|2594|0xe
0|6|libxul.so|nsIFrame::BuildDisplayListForStackingContext|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3242|0x22
0|7|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3680|0x19
0|8|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19
0|9|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38
0|10|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|11|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c
0|12|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|13|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19
0|14|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38
0|15|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|16|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c
0|17|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|18|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19
0|19|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38
0|20|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|21|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c
0|22|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|23|libxul.so|nsCanvasFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsCanvasFrame.cpp:785572419acc|605|0x1c
0|24|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|25|libxul.so|mozilla::ScrollFrameHelper::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsGfxScrollFrame.cpp:785572419acc|3583|0x1a
0|26|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13
0|27|libxul.so|mozilla::ViewportFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/ViewportFrame.cpp:785572419acc|66|0x11
0|28|libxul.so|nsIFrame::BuildDisplayListForStackingContext|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|2976|0x17
0|29|libxul.so|nsLayoutUtils::PaintFrame|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:785572419acc|3887|0x18
0|30|libxul.so|mozilla::PresShell::Paint|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:785572419acc|6488|0x17
0|31|libxul.so|nsViewManager::ProcessPendingUpdatesPaint|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|480|0x12
0|32|libxul.so|nsViewManager::ProcessPendingUpdatesForView|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|412|0xd
0|33|libxul.so|nsViewManager::ProcessPendingUpdates|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|1102|0x11
0|34|libxul.so|nsRefreshDriver::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|2027|0x8
0|35|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|306|0xf
0|36|libxul.so|mozilla::RefreshDriverTimer::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|328|0x12
0|37|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|769|0x5
0|38|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|583|0xc
0|39|libxul.so|mozilla::layout::VsyncChild::RecvNotify|hg:hg.mozilla.org/mozilla-central:layout/ipc/VsyncChild.cpp:785572419acc|68|0x9
0|40|libxul.so|mozilla::layout::PVsyncChild::OnMessageReceived|s3:gecko-generated-sources:06086093ccb59dd5a99cf8c9f9fb7f4860fd8ddbfd516af5e5b3508be62029679421dcf2abdf6b1c945b6a054050bd403c9574aad49f857cb4a31d3f4cf56b9a/ipc/ipdl/PVsyncChild.cpp:|155|0xf
0|41|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|2110|0x6
0|42|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|2040|0xb
0|43|libxul.so|mozilla::ipc::MessageChannel::RunMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|1886|0xb
0|44|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|1919|0xc
0|45|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:785572419acc|1033|0x15