Too-much-recursion crash with filter, sticky pos

NEW
Unassigned

Status

()

Product:
Core
Component:
Layout
--
critical
Reported:
2 years ago
Modified:
2 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

(Blocks: 1 bug, {crash, hang, testcase})

Version:
Trunk
Keywords:
crash, hang, testcase
Points:
---

Firefox Tracking Flags

(firefox47 affected)

Details

Attachments

(3 attachments)

testcase (crashes Firefox)
279 bytes, text/html
Details
debug assertion stack showing deep recursion
37.17 KB, text/plain
Details
simpler testcase
185 bytes, text/html
Details
(Reporter)

Description

2 years ago 
Created attachment 8727577 [details]
testcase (crashes Firefox)

Stack and testcase is somewhat similar to bug 866767, but this testcase doesn't use "filter: url()", which Mats identified as important in bug 866767 comment 3.

ASan Opt
  Reports "stack-overflow". Fails to produce a stack trace, showing only a top frame unlucky enough to the stack barrier.

Release opt
  Reports what looks like a stack overflow. Similarly fails to produce a stack trace. bp-884771c5-236a-4242-ba82-784e02160307

Debug
  Hangs due to hitting too many non-fatal assertions. The assertion failures have a repeating stack portion, so I assume this is the same repeating portion that eventually leads to a crash in non-debug builds.

The repeating portion of the stack is:

> #122: PresShell::ProcessReflowCommands(bool) [layout/base/nsPresShell.cpp:9125]
> #123: PresShell::FlushPendingNotifications(mozilla::ChangesToFlush) [layout/base/nsPresShell.cpp:4069]
> #124: PresShell::DidDoReflow(bool) [mfbt/RefPtr.h:296]
> #125: PresShell::ProcessReflowCommands(bool) [layout/base/nsPresShell.cpp:9125]
(Reporter)

Comment 1

2 years ago 
Created attachment 8727578 [details]
debug assertion stack showing deep recursion
 (Reporter)

Comment 2

2 years ago 
Created attachment 8746168 [details]
simpler testcase

This one doesn't use filters at all.
You need to log in before you can comment on or make changes to this bug.