Found with m-c 20190829-8edbf8fe48bf. This issue is hit on startup. Marking a s-s to be safe.
This was build with undefined behavior sanitizer checks enabled via mozconfig.
ac_add_options --enable-undefined-sanitizer="object-size"
```
src/gfx/harfbuzz/src/hb-ot-layout-common.hh:254:1: runtime error: reference binding to address 0x7ff4c359bca0 with insufficient space for an object of type 'const OT::LangSys'
0x7ff4c359bca0: note: pointer points here
00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x7ff4d1aabf0a in OT::Script::get_lang_sys(unsigned int) const src/gfx/harfbuzz/src/hb-ot-layout-common.hh
#1 0x7ff4d1a43fc5 in hb_ot_layout_language_get_required_feature src/gfx/harfbuzz/src/hb-ot-layout.cc:824:54
#2 0x7ff4d1a4bd2f in hb_ot_map_builder_t::compile(hb_ot_map_t&, hb_ot_shape_plan_key_t const&) src/gfx/harfbuzz/src/hb-ot-map.cc:172:5
#3 0x7ff4d1a684fe in hb_ot_shape_planner_t::compile(hb_ot_shape_plan_t&, hb_ot_shape_plan_key_t const&) src/gfx/harfbuzz/src/hb-ot-shape.cc:108:7
#4 0x7ff4d1a6977f in hb_ot_shape_plan_t::init0(hb_face_t*, hb_shape_plan_key_t const*) src/gfx/harfbuzz/src/hb-ot-shape.cc:225:11
#5 0x7ff4d1a724ea in hb_shape_plan_create2 src/gfx/harfbuzz/src/hb-shape-plan.cc:232:7
#6 0x7ff4d1a72f32 in hb_shape_plan_create_cached2 src/gfx/harfbuzz/src/hb-shape-plan.cc:489:33
#7 0x7ff4d1a73300 in hb_shape_full src/gfx/harfbuzz/src/hb-shape.cc:135:33
#8 0x7ff4ca17062a in gfxHarfBuzzShaper::ShapeText(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, gfxFontShaper::RoundingFlags, gfxShapedText*) src/gfx/thebes/gfxHarfBuzzShaper.cpp:1398:3
#9 0x7ff4ca113b31 in gfxFont::ShapeText(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, gfxFontShaper::RoundingFlags, gfxShapedText*) src/gfx/thebes/gfxFont.cpp:2834:24
#10 0x7ff4ca144dfa in gfxShapedWord* gfxFont::GetShapedWord<char16_t>(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, int, mozilla::gfx::ShapedTextFlags, gfxFontShaper::RoundingFlags, gfxTextPerfMetrics*) src/gfx/thebes/gfxFont.cpp:2745:24
#11 0x7ff4ca1437c8 in bool gfxFont::SplitAndInitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, mozilla::gfx::ShapedTextFlags) src/gfx/thebes/gfxFont.cpp:3122:27
#12 0x7ff4ca1ed286 in void gfxFontGroup::InitScriptRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2501:25
#13 0x7ff4ca1d9218 in void gfxFontGroup::InitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2408:9
#14 0x7ff4ca1b0749 in gfxFontGroup::MakeTextRun(char16_t const*, unsigned int, gfxTextRunFactory::Parameters const*, mozilla::gfx::ShapedTextFlags, nsTextFrameUtils::Flags, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2280:3
#15 0x7ff4cfeb6e83 in BuildTextRunsScanner::BuildTextRunForFrames(void*) src/layout/generic/nsTextFrame.cpp:2482:28
#16 0x7ff4cfeb2edb in BuildTextRunsScanner::FlushFrames(bool, bool) src/layout/generic/nsTextFrame.cpp:1640:17
#17 0x7ff4cfebe1e2 in BuildTextRuns src/layout/generic/nsTextFrame.cpp:1564:11
#18 0x7ff4cfebe1e2 in nsTextFrame::EnsureTextRun(nsTextFrame::TextRunType, mozilla::gfx::DrawTarget*, nsIFrame*, nsLineList_iterator const*, unsigned int*) src/layout/generic/nsTextFrame.cpp:2937
#19 0x7ff4cfef866c in nsTextFrame::ReflowText(nsLineLayout&, int, mozilla::gfx::DrawTarget*, mozilla::ReflowOutput&, nsReflowStatus&) src/layout/generic/nsTextFrame.cpp:9150:7
#20 0x7ff4cfdfcc50 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) src/layout/generic/nsLineLayout.cpp:880:40
#21 0x7ff4cfc3a615 in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) src/layout/generic/nsBlockFrame.cpp:4331:15
#22 0x7ff4cfc39155 in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:4133:5
#23 0x7ff4cfc313b7 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:4018:9
#24 0x7ff4cfc2903d in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2997:5
#25 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#26 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#27 0x7ff4cfc36880 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:297:11
#28 0x7ff4cfc2c834 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#29 0x7ff4cfc29291 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#30 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#31 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#32 0x7ff4cfc36880 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:297:11
#33 0x7ff4cfc2c834 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#34 0x7ff4cfc29291 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#35 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#36 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#37 0x7ff4cfc66191 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:896:14
#38 0x7ff4cfc64be4 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:729:5
#39 0x7ff4cfc66191 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:896:14
#40 0x7ff4cfd5c4be in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*) src/layout/generic/nsGfxScrollFrame.cpp:644:3
#41 0x7ff4cfd5dfab in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:758:3
#42 0x7ff4cfd62162 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1160:3
#43 0x7ff4cfc07fc1 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:936:14
#44 0x7ff4cfc0755b in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:309:7
#45 0x7ff4cf9e7664 in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) src/layout/base/PresShell.cpp:9261:11
#46 0x7ff4cf9fd2c0 in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9431:24
#47 0x7ff4cf9fb7b6 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4174:11
#48 0x7ff4cf98226b in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2006:20
#49 0x7ff4cf9947e1 in TickDriver src/layout/base/nsRefreshDriver.cpp:373:13
#50 0x7ff4cf9947e1 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:350
#51 0x7ff4cf994321 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:367:5
#52 0x7ff4cf99815e in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:807:5
#53 0x7ff4cf99815e in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:727
#54 0x7ff4cf997298 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:622:9
#55 0x7ff4d01e8584 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#56 0x7ff4c874d334 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PVsyncChild.cpp:187:54
#57 0x7ff4c81d72bf in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PBackgroundChild.cpp:5759:32
#58 0x7ff4c7a0a72b in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2184:25
#59 0x7ff4c7a04dc8 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2108:9
#60 0x7ff4c7a07208 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1955:3
#61 0x7ff4c7a082d6 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1986:13
#62 0x7ff4c64f3092 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#63 0x7ff4c64f9bb6 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#64 0x7ff4c7a171ff in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#65 0x7ff4c788a7a7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#66 0x7ff4c788a7a7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#67 0x7ff4c788a7a7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#68 0x7ff4cf479391 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#69 0x7ff4d37c008d in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#70 0x7ff4c788a7a7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#71 0x7ff4c788a7a7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#72 0x7ff4c788a7a7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#73 0x7ff4d37bee30 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#74 0x5579cd578049 in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#75 0x5579cd5782e5 in main src/browser/app/nsBrowserApp.cpp:267:18
```
Bug 1577584 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found with m-c 20190829-8edbf8fe48bf. This issue is hit on startup. Marking a s-s to be safe.
This was built with undefined behavior sanitizer checks enabled via mozconfig.
ac_add_options --enable-undefined-sanitizer="object-size"
```
src/gfx/harfbuzz/src/hb-ot-layout-common.hh:254:1: runtime error: reference binding to address 0x7ff4c359bca0 with insufficient space for an object of type 'const OT::LangSys'
0x7ff4c359bca0: note: pointer points here
00 00 00 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x7ff4d1aabf0a in OT::Script::get_lang_sys(unsigned int) const src/gfx/harfbuzz/src/hb-ot-layout-common.hh
#1 0x7ff4d1a43fc5 in hb_ot_layout_language_get_required_feature src/gfx/harfbuzz/src/hb-ot-layout.cc:824:54
#2 0x7ff4d1a4bd2f in hb_ot_map_builder_t::compile(hb_ot_map_t&, hb_ot_shape_plan_key_t const&) src/gfx/harfbuzz/src/hb-ot-map.cc:172:5
#3 0x7ff4d1a684fe in hb_ot_shape_planner_t::compile(hb_ot_shape_plan_t&, hb_ot_shape_plan_key_t const&) src/gfx/harfbuzz/src/hb-ot-shape.cc:108:7
#4 0x7ff4d1a6977f in hb_ot_shape_plan_t::init0(hb_face_t*, hb_shape_plan_key_t const*) src/gfx/harfbuzz/src/hb-ot-shape.cc:225:11
#5 0x7ff4d1a724ea in hb_shape_plan_create2 src/gfx/harfbuzz/src/hb-shape-plan.cc:232:7
#6 0x7ff4d1a72f32 in hb_shape_plan_create_cached2 src/gfx/harfbuzz/src/hb-shape-plan.cc:489:33
#7 0x7ff4d1a73300 in hb_shape_full src/gfx/harfbuzz/src/hb-shape.cc:135:33
#8 0x7ff4ca17062a in gfxHarfBuzzShaper::ShapeText(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, gfxFontShaper::RoundingFlags, gfxShapedText*) src/gfx/thebes/gfxHarfBuzzShaper.cpp:1398:3
#9 0x7ff4ca113b31 in gfxFont::ShapeText(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, gfxFontShaper::RoundingFlags, gfxShapedText*) src/gfx/thebes/gfxFont.cpp:2834:24
#10 0x7ff4ca144dfa in gfxShapedWord* gfxFont::GetShapedWord<char16_t>(mozilla::gfx::DrawTarget*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, bool, int, mozilla::gfx::ShapedTextFlags, gfxFontShaper::RoundingFlags, gfxTextPerfMetrics*) src/gfx/thebes/gfxFont.cpp:2745:24
#11 0x7ff4ca1437c8 in bool gfxFont::SplitAndInitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, mozilla::gfx::ShapedTextFlags) src/gfx/thebes/gfxFont.cpp:3122:27
#12 0x7ff4ca1ed286 in void gfxFontGroup::InitScriptRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2501:25
#13 0x7ff4ca1d9218 in void gfxFontGroup::InitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2408:9
#14 0x7ff4ca1b0749 in gfxFontGroup::MakeTextRun(char16_t const*, unsigned int, gfxTextRunFactory::Parameters const*, mozilla::gfx::ShapedTextFlags, nsTextFrameUtils::Flags, gfxMissingFontRecorder*) src/gfx/thebes/gfxTextRun.cpp:2280:3
#15 0x7ff4cfeb6e83 in BuildTextRunsScanner::BuildTextRunForFrames(void*) src/layout/generic/nsTextFrame.cpp:2482:28
#16 0x7ff4cfeb2edb in BuildTextRunsScanner::FlushFrames(bool, bool) src/layout/generic/nsTextFrame.cpp:1640:17
#17 0x7ff4cfebe1e2 in BuildTextRuns src/layout/generic/nsTextFrame.cpp:1564:11
#18 0x7ff4cfebe1e2 in nsTextFrame::EnsureTextRun(nsTextFrame::TextRunType, mozilla::gfx::DrawTarget*, nsIFrame*, nsLineList_iterator const*, unsigned int*) src/layout/generic/nsTextFrame.cpp:2937
#19 0x7ff4cfef866c in nsTextFrame::ReflowText(nsLineLayout&, int, mozilla::gfx::DrawTarget*, mozilla::ReflowOutput&, nsReflowStatus&) src/layout/generic/nsTextFrame.cpp:9150:7
#20 0x7ff4cfdfcc50 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) src/layout/generic/nsLineLayout.cpp:880:40
#21 0x7ff4cfc3a615 in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) src/layout/generic/nsBlockFrame.cpp:4331:15
#22 0x7ff4cfc39155 in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:4133:5
#23 0x7ff4cfc313b7 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:4018:9
#24 0x7ff4cfc2903d in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2997:5
#25 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#26 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#27 0x7ff4cfc36880 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:297:11
#28 0x7ff4cfc2c834 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#29 0x7ff4cfc29291 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#30 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#31 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#32 0x7ff4cfc36880 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:297:11
#33 0x7ff4cfc2c834 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#34 0x7ff4cfc29291 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#35 0x7ff4cfc1fe98 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#36 0x7ff4cfc18803 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#37 0x7ff4cfc66191 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:896:14
#38 0x7ff4cfc64be4 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:729:5
#39 0x7ff4cfc66191 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:896:14
#40 0x7ff4cfd5c4be in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*) src/layout/generic/nsGfxScrollFrame.cpp:644:3
#41 0x7ff4cfd5dfab in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:758:3
#42 0x7ff4cfd62162 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1160:3
#43 0x7ff4cfc07fc1 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:936:14
#44 0x7ff4cfc0755b in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:309:7
#45 0x7ff4cf9e7664 in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) src/layout/base/PresShell.cpp:9261:11
#46 0x7ff4cf9fd2c0 in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9431:24
#47 0x7ff4cf9fb7b6 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4174:11
#48 0x7ff4cf98226b in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2006:20
#49 0x7ff4cf9947e1 in TickDriver src/layout/base/nsRefreshDriver.cpp:373:13
#50 0x7ff4cf9947e1 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:350
#51 0x7ff4cf994321 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:367:5
#52 0x7ff4cf99815e in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:807:5
#53 0x7ff4cf99815e in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:727
#54 0x7ff4cf997298 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:622:9
#55 0x7ff4d01e8584 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#56 0x7ff4c874d334 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PVsyncChild.cpp:187:54
#57 0x7ff4c81d72bf in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PBackgroundChild.cpp:5759:32
#58 0x7ff4c7a0a72b in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2184:25
#59 0x7ff4c7a04dc8 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2108:9
#60 0x7ff4c7a07208 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1955:3
#61 0x7ff4c7a082d6 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1986:13
#62 0x7ff4c64f3092 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#63 0x7ff4c64f9bb6 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#64 0x7ff4c7a171ff in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#65 0x7ff4c788a7a7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#66 0x7ff4c788a7a7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#67 0x7ff4c788a7a7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#68 0x7ff4cf479391 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#69 0x7ff4d37c008d in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#70 0x7ff4c788a7a7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#71 0x7ff4c788a7a7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#72 0x7ff4c788a7a7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#73 0x7ff4d37bee30 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#74 0x5579cd578049 in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#75 0x5579cd5782e5 in main src/browser/app/nsBrowserApp.cpp:267:18
```