1254276 - Too-much-recursion crash with filter, sticky pos

Status: RESOLVED WORKSFORME

(Core :: Layout, defect)

Description

[Jesse Ruderman]

Attachment: testcase (crashes Firefox)

Stack and testcase is somewhat similar to bug 866767, but this testcase doesn't use "filter: url()", which Mats identified as important in bug 866767 comment 3.

ASan Opt
  Reports "stack-overflow". Fails to produce a stack trace, showing only a top frame unlucky enough to the stack barrier.

Release opt
  Reports what looks like a stack overflow. Similarly fails to produce a stack trace. bp-884771c5-236a-4242-ba82-784e02160307

Debug
  Hangs due to hitting too many non-fatal assertions. The assertion failures have a repeating stack portion, so I assume this is the same repeating portion that eventually leads to a crash in non-debug builds.

The repeating portion of the stack is:

> #122: PresShell::ProcessReflowCommands(bool) [layout/base/nsPresShell.cpp:9125]
> #123: PresShell::FlushPendingNotifications(mozilla::ChangesToFlush) [layout/base/nsPresShell.cpp:4069]
> #124: PresShell::DidDoReflow(bool) [mfbt/RefPtr.h:296]
> #125: PresShell::ProcessReflowCommands(bool) [layout/base/nsPresShell.cpp:9125]

Comment 1

[Jesse Ruderman]

Attachment: debug assertion stack showing deep recursion

Comment 2

[Jesse Ruderman]

Attachment: simpler testcase

This one doesn't use filters at all.

Comment 3

[Andrei Purice]

Following the reporter's steps I am able to confirm that the issues doesn't happen anymore on Windows 10 and MacOs 10.15 on any of the current versions of Firefox Nightly 87.0a1 (2021-02-16), beta 86.0 and release 85.0.2. The example test cases don't crash/hang Firefox anymore.

Closing this issue as Resolved > Worksforme.
Feel free to re-open or file a new bug if this issue reoccurs again.