Bug 1706792 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Jason Kratzer [:jkratzer]

on 2021-04-21 15:03:34 PDT

Testcase found while fuzzing mozilla-central rev 6531d095b2a7 (built with --enable-address-sanitizer --enable-fuzzing).

Testcase can be reproduced using the following commands:
```
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 6531d095b2a7 --debug --fuzzing -n build
$ python -m grizzly.replay --xvfb ./build/firefox ./testcase.html
```

```
    #0 0x7fce52e62f0f in NS_ABORT_OOM(unsigned long) /builds/worker/checkouts/gecko/xpcom/base/nsDebugImpl.cpp:618:3
    #1 0x7fce52e11304 in nsTArrayInfallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:154:5
    #2 0x7fce5b6b7273 in mozilla::ColorStop* nsTArray_Impl<mozilla::ColorStop, nsTArrayInfallibleAllocator>::InsertElementAtInternal<nsTArrayInfallibleAllocator, mozilla::ColorStop&>(unsigned long, mozilla::ColorStop&) /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2600:47
    #3 0x7fce5b63d3b7 in InsertElementAt<mozilla::ColorStop &> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2873:24
    #4 0x7fce5b63d3b7 in ResolvePremultipliedAlpha /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:471:16
    #5 0x7fce5b63d3b7 in mozilla::nsCSSGradientRenderer::Paint(gfxContext&, nsRect const&, nsRect const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, nsRect const&, float) /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:992:3
    #6 0x7fce5b6e72fe in mozilla::nsImageRenderer::Draw(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:495:16
    #7 0x7fce5b6ea691 in mozilla::nsImageRenderer::DrawLayer(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsSize const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:740:10
    #8 0x7fce5b6088ef in nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const&, gfxContext&, mozilla::ComputedStyle*, nsStyleBorder const&) /builds/worker/checkouts/gecko/layout/painting/nsCSSRendering.cpp:2584:38
    #9 0x7fce5b3fde6b in mozilla::PaintMaskSurface(mozilla::SVGIntegrationUtils::PaintFramesParams const&, mozilla::gfx::DrawTarget*, float, mozilla::ComputedStyle*, nsTArray<mozilla::SVGMaskFrame*> const&, mozilla::gfx::BaseMatrix<float> const&, nsPoint const&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:503:35
    #10 0x7fce5b3fc0da in mozilla::SVGIntegrationUtils::PaintMask(mozilla::SVGIntegrationUtils::PaintFramesParams const&, bool&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:831:26
    #11 0x7fce5b5c98fa in nsDisplayMasksAndClipPaths::PaintMask(nsDisplayListBuilder*, gfxContext*, bool*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9285:18
    #12 0x7fce558a0ebe in mozilla::layers::WebRenderCommandBuilder::BuildWrMaskImage(nsDisplayMasksAndClipPaths*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2559:20
    #13 0x7fce5b6959a1 in CreateWRClipPathAndMasks /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9563:58
    #14 0x7fce5b6959a1 in nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9593:30
    #15 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #16 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #17 0x7fce5b673cd3 in nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5601:30
    #18 0x7fce5b67a403 in nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6355:22
    #19 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #20 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #21 0x7fce55892280 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1593:5
    #22 0x7fce558acc3b in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderLayerManager.cpp:372:30
    #23 0x7fce5b652ae2 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2464:18
    #24 0x7fce5af6a9a6 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3490:45
    #25 0x7fce5ae7fff1 in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6392:5
    #26 0x7fce5a870d35 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:459:18
    #27 0x7fce5a87044f in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:394:22
    #28 0x7fce5a87234c in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:972:5
    #29 0x7fce5adffa32 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2364:11
    #30 0x7fce5ae0a3c5 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:346:13
    #31 0x7fce5ae0a3c5 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:324:7
    #32 0x7fce5ae0a12d in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:340:5
    #33 0x7fce5ae09631 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:773:5
    #34 0x7fce5ae09631 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:702:16
    #35 0x7fce5ae08bed in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:615:7
    #36 0x7fce5ae08371 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:536:9
    #37 0x7fce5a0686d7 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncChild.cpp:68:15
    #38 0x7fce54b9878c in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
    #39 0x7fce54825122 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6008:32
    #40 0x7fce542bdeba in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2154:25
    #41 0x7fce542ba56e in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2078:9
    #42 0x7fce542bbf28 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1926:3
    #43 0x7fce542bca8b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1957:13
    #44 0x7fce530a38ca in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:473:16
    #45 0x7fce5306fe30 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:757:26
    #46 0x7fce5306d967 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:612:15
    #47 0x7fce5306ddbd in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:396:36
    #48 0x7fce530accc1 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:135:37
    #49 0x7fce530accc1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:534:5
    #50 0x7fce5308aaa3 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16
    #51 0x7fce53095a2c in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #52 0x7fce542c57ef in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #53 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #54 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #55 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #56 0x7fce5a92e5f7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #57 0x7fce5e44015f in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:906:20
    #58 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #59 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #60 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #61 0x7fce5e43f9ef in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:34
    #62 0x55a563ea020d in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #63 0x55a563ea0631 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309:18
    #64 0x7fce71a140b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
```

Revision 1 by

Jason Kratzer [:jkratzer]

on 2021-04-21 15:04:40 PDT

Testcase found while fuzzing mozilla-central rev 6531d095b2a7 (built with --enable-address-sanitizer --enable-fuzzing).

Testcase can be reproduced using the following commands:
```
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 6531d095b2a7 -a --fuzzing -n build
$ python -m grizzly.replay --xvfb ./build/firefox ./testcase.html
```

```
    #0 0x7fce52e62f0f in NS_ABORT_OOM(unsigned long) /builds/worker/checkouts/gecko/xpcom/base/nsDebugImpl.cpp:618:3
    #1 0x7fce52e11304 in nsTArrayInfallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:154:5
    #2 0x7fce5b6b7273 in mozilla::ColorStop* nsTArray_Impl<mozilla::ColorStop, nsTArrayInfallibleAllocator>::InsertElementAtInternal<nsTArrayInfallibleAllocator, mozilla::ColorStop&>(unsigned long, mozilla::ColorStop&) /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2600:47
    #3 0x7fce5b63d3b7 in InsertElementAt<mozilla::ColorStop &> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2873:24
    #4 0x7fce5b63d3b7 in ResolvePremultipliedAlpha /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:471:16
    #5 0x7fce5b63d3b7 in mozilla::nsCSSGradientRenderer::Paint(gfxContext&, nsRect const&, nsRect const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, nsRect const&, float) /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:992:3
    #6 0x7fce5b6e72fe in mozilla::nsImageRenderer::Draw(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:495:16
    #7 0x7fce5b6ea691 in mozilla::nsImageRenderer::DrawLayer(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsSize const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:740:10
    #8 0x7fce5b6088ef in nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const&, gfxContext&, mozilla::ComputedStyle*, nsStyleBorder const&) /builds/worker/checkouts/gecko/layout/painting/nsCSSRendering.cpp:2584:38
    #9 0x7fce5b3fde6b in mozilla::PaintMaskSurface(mozilla::SVGIntegrationUtils::PaintFramesParams const&, mozilla::gfx::DrawTarget*, float, mozilla::ComputedStyle*, nsTArray<mozilla::SVGMaskFrame*> const&, mozilla::gfx::BaseMatrix<float> const&, nsPoint const&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:503:35
    #10 0x7fce5b3fc0da in mozilla::SVGIntegrationUtils::PaintMask(mozilla::SVGIntegrationUtils::PaintFramesParams const&, bool&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:831:26
    #11 0x7fce5b5c98fa in nsDisplayMasksAndClipPaths::PaintMask(nsDisplayListBuilder*, gfxContext*, bool*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9285:18
    #12 0x7fce558a0ebe in mozilla::layers::WebRenderCommandBuilder::BuildWrMaskImage(nsDisplayMasksAndClipPaths*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2559:20
    #13 0x7fce5b6959a1 in CreateWRClipPathAndMasks /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9563:58
    #14 0x7fce5b6959a1 in nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9593:30
    #15 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #16 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #17 0x7fce5b673cd3 in nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5601:30
    #18 0x7fce5b67a403 in nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6355:22
    #19 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #20 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #21 0x7fce55892280 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1593:5
    #22 0x7fce558acc3b in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderLayerManager.cpp:372:30
    #23 0x7fce5b652ae2 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2464:18
    #24 0x7fce5af6a9a6 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3490:45
    #25 0x7fce5ae7fff1 in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6392:5
    #26 0x7fce5a870d35 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:459:18
    #27 0x7fce5a87044f in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:394:22
    #28 0x7fce5a87234c in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:972:5
    #29 0x7fce5adffa32 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2364:11
    #30 0x7fce5ae0a3c5 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:346:13
    #31 0x7fce5ae0a3c5 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:324:7
    #32 0x7fce5ae0a12d in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:340:5
    #33 0x7fce5ae09631 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:773:5
    #34 0x7fce5ae09631 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:702:16
    #35 0x7fce5ae08bed in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:615:7
    #36 0x7fce5ae08371 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:536:9
    #37 0x7fce5a0686d7 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncChild.cpp:68:15
    #38 0x7fce54b9878c in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
    #39 0x7fce54825122 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6008:32
    #40 0x7fce542bdeba in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2154:25
    #41 0x7fce542ba56e in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2078:9
    #42 0x7fce542bbf28 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1926:3
    #43 0x7fce542bca8b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1957:13
    #44 0x7fce530a38ca in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:473:16
    #45 0x7fce5306fe30 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:757:26
    #46 0x7fce5306d967 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:612:15
    #47 0x7fce5306ddbd in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:396:36
    #48 0x7fce530accc1 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:135:37
    #49 0x7fce530accc1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:534:5
    #50 0x7fce5308aaa3 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16
    #51 0x7fce53095a2c in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #52 0x7fce542c57ef in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #53 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #54 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #55 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #56 0x7fce5a92e5f7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #57 0x7fce5e44015f in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:906:20
    #58 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #59 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #60 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #61 0x7fce5e43f9ef in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:34
    #62 0x55a563ea020d in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #63 0x55a563ea0631 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309:18
    #64 0x7fce71a140b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
```

Revision 2 by

Jason Kratzer [:jkratzer]

on 2021-04-21 15:05:16 PDT

Testcase found while fuzzing mozilla-central rev 6531d095b2a7 (built with --enable-address-sanitizer --enable-fuzzing).

Testcase can be reproduced using the following commands:
```
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 6531d095b2a7 --asan --fuzzing -n build
$ python -m grizzly.replay --xvfb ./build/firefox ./testcase.html
```

```
    #0 0x7fce52e62f0f in NS_ABORT_OOM(unsigned long) /builds/worker/checkouts/gecko/xpcom/base/nsDebugImpl.cpp:618:3
    #1 0x7fce52e11304 in nsTArrayInfallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:154:5
    #2 0x7fce5b6b7273 in mozilla::ColorStop* nsTArray_Impl<mozilla::ColorStop, nsTArrayInfallibleAllocator>::InsertElementAtInternal<nsTArrayInfallibleAllocator, mozilla::ColorStop&>(unsigned long, mozilla::ColorStop&) /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2600:47
    #3 0x7fce5b63d3b7 in InsertElementAt<mozilla::ColorStop &> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2873:24
    #4 0x7fce5b63d3b7 in ResolvePremultipliedAlpha /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:471:16
    #5 0x7fce5b63d3b7 in mozilla::nsCSSGradientRenderer::Paint(gfxContext&, nsRect const&, nsRect const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, nsRect const&, float) /builds/worker/checkouts/gecko/layout/painting/nsCSSRenderingGradients.cpp:992:3
    #6 0x7fce5b6e72fe in mozilla::nsImageRenderer::Draw(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:495:16
    #7 0x7fce5b6ea691 in mozilla::nsImageRenderer::DrawLayer(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsSize const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:740:10
    #8 0x7fce5b6088ef in nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const&, gfxContext&, mozilla::ComputedStyle*, nsStyleBorder const&) /builds/worker/checkouts/gecko/layout/painting/nsCSSRendering.cpp:2584:38
    #9 0x7fce5b3fde6b in mozilla::PaintMaskSurface(mozilla::SVGIntegrationUtils::PaintFramesParams const&, mozilla::gfx::DrawTarget*, float, mozilla::ComputedStyle*, nsTArray<mozilla::SVGMaskFrame*> const&, mozilla::gfx::BaseMatrix<float> const&, nsPoint const&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:503:35
    #10 0x7fce5b3fc0da in mozilla::SVGIntegrationUtils::PaintMask(mozilla::SVGIntegrationUtils::PaintFramesParams const&, bool&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:831:26
    #11 0x7fce5b5c98fa in nsDisplayMasksAndClipPaths::PaintMask(nsDisplayListBuilder*, gfxContext*, bool*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9285:18
    #12 0x7fce558a0ebe in mozilla::layers::WebRenderCommandBuilder::BuildWrMaskImage(nsDisplayMasksAndClipPaths*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2559:20
    #13 0x7fce5b6959a1 in CreateWRClipPathAndMasks /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9563:58
    #14 0x7fce5b6959a1 in nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:9593:30
    #15 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #16 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #17 0x7fce5b673cd3 in nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5601:30
    #18 0x7fce5b67a403 in nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6355:22
    #19 0x7fce5589581b in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1673:41
    #20 0x7fce55893ad1 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1796:7
    #21 0x7fce55892280 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1593:5
    #22 0x7fce558acc3b in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderLayerManager.cpp:372:30
    #23 0x7fce5b652ae2 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2464:18
    #24 0x7fce5af6a9a6 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3490:45
    #25 0x7fce5ae7fff1 in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6392:5
    #26 0x7fce5a870d35 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:459:18
    #27 0x7fce5a87044f in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:394:22
    #28 0x7fce5a87234c in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:972:5
    #29 0x7fce5adffa32 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2364:11
    #30 0x7fce5ae0a3c5 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:346:13
    #31 0x7fce5ae0a3c5 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:324:7
    #32 0x7fce5ae0a12d in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:340:5
    #33 0x7fce5ae09631 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:773:5
    #34 0x7fce5ae09631 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:702:16
    #35 0x7fce5ae08bed in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:615:7
    #36 0x7fce5ae08371 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:536:9
    #37 0x7fce5a0686d7 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncChild.cpp:68:15
    #38 0x7fce54b9878c in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
    #39 0x7fce54825122 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6008:32
    #40 0x7fce542bdeba in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2154:25
    #41 0x7fce542ba56e in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2078:9
    #42 0x7fce542bbf28 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1926:3
    #43 0x7fce542bca8b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1957:13
    #44 0x7fce530a38ca in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:473:16
    #45 0x7fce5306fe30 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:757:26
    #46 0x7fce5306d967 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:612:15
    #47 0x7fce5306ddbd in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:396:36
    #48 0x7fce530accc1 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:135:37
    #49 0x7fce530accc1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:534:5
    #50 0x7fce5308aaa3 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16
    #51 0x7fce53095a2c in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #52 0x7fce542c57ef in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #53 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #54 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #55 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #56 0x7fce5a92e5f7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #57 0x7fce5e44015f in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:906:20
    #58 0x7fce541d0041 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #59 0x7fce541d0041 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #60 0x7fce541d0041 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #61 0x7fce5e43f9ef in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:34
    #62 0x55a563ea020d in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #63 0x55a563ea0631 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309:18
    #64 0x7fce71a140b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
```

Back to Bug 1706792 Comment 0