(Hidden by Administrator)
Bug 1422908 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(Hidden by Administrator)
Testcase found while fuzzing mozilla-central rev 785572419acc. OS|Linux|0.0.0 Linux 4.4.0-98-generic #121-Ubuntu SMP Tue Oct 10 14:24:03 UTC 2017 x86_64 CPU|amd64|family 6 model 78 stepping 3|1 GPU||| Crash|SIGSEGV|0x0|0 0|0|libxul.so|nsDisplayItem::GetClipWithRespectToASR|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|3086|0x0 0|1|libxul.so|nsDisplayList::GetClippedBoundsWithRespectToASR|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|2270|0x16 0|2|libxul.so|nsDisplayWrapList::UpdateBounds|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.h:785572419acc|4709|0x19 0|3|libxul.so|nsDisplayWrapList::nsDisplayWrapList|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:785572419acc|6155|0xb 0|4|libxul.so|nsDisplayTransform::nsDisplayTransform|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.h:785572419acc|5766|0x5 0|5|libxul.so|WrapSeparatorTransform|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|2594|0xe 0|6|libxul.so|nsIFrame::BuildDisplayListForStackingContext|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3242|0x22 0|7|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3680|0x19 0|8|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19 0|9|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38 0|10|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|11|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c 0|12|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|13|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19 0|14|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38 0|15|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|16|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c 0|17|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|18|libxul.so|DisplayLine|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6665|0x19 0|19|libxul.so|nsBlockFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsBlockFrame.cpp:785572419acc|6761|0x38 0|20|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|21|libxul.so|nsColumnSetFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsColumnSetFrame.cpp:785572419acc|1293|0x1c 0|22|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|23|libxul.so|nsCanvasFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsCanvasFrame.cpp:785572419acc|605|0x1c 0|24|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|25|libxul.so|mozilla::ScrollFrameHelper::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/nsGfxScrollFrame.cpp:785572419acc|3583|0x1a 0|26|libxul.so|nsIFrame::BuildDisplayListForChild|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|3746|0x13 0|27|libxul.so|mozilla::ViewportFrame::BuildDisplayList|hg:hg.mozilla.org/mozilla-central:layout/generic/ViewportFrame.cpp:785572419acc|66|0x11 0|28|libxul.so|nsIFrame::BuildDisplayListForStackingContext|hg:hg.mozilla.org/mozilla-central:layout/generic/nsFrame.cpp:785572419acc|2976|0x17 0|29|libxul.so|nsLayoutUtils::PaintFrame|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:785572419acc|3887|0x18 0|30|libxul.so|mozilla::PresShell::Paint|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:785572419acc|6488|0x17 0|31|libxul.so|nsViewManager::ProcessPendingUpdatesPaint|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|480|0x12 0|32|libxul.so|nsViewManager::ProcessPendingUpdatesForView|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|412|0xd 0|33|libxul.so|nsViewManager::ProcessPendingUpdates|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:785572419acc|1102|0x11 0|34|libxul.so|nsRefreshDriver::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|2027|0x8 0|35|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|306|0xf 0|36|libxul.so|mozilla::RefreshDriverTimer::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|328|0x12 0|37|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|769|0x5 0|38|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:785572419acc|583|0xc 0|39|libxul.so|mozilla::layout::VsyncChild::RecvNotify|hg:hg.mozilla.org/mozilla-central:layout/ipc/VsyncChild.cpp:785572419acc|68|0x9 0|40|libxul.so|mozilla::layout::PVsyncChild::OnMessageReceived|s3:gecko-generated-sources:06086093ccb59dd5a99cf8c9f9fb7f4860fd8ddbfd516af5e5b3508be62029679421dcf2abdf6b1c945b6a054050bd403c9574aad49f857cb4a31d3f4cf56b9a/ipc/ipdl/PVsyncChild.cpp:|155|0xf 0|41|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|2110|0x6 0|42|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|2040|0xb 0|43|libxul.so|mozilla::ipc::MessageChannel::RunMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|1886|0xb 0|44|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:785572419acc|1919|0xc 0|45|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:785572419acc|1033|0x15