Closed
Bug 1275026
Opened 8 years ago
Closed 8 years ago
Too-much-recursion crash with background-clip:text and gradient background on root element
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla49
People
(Reporter: jruderman, Assigned: u459114)
References
Details
(Keywords: crash, testcase)
Attachments
(7 files)
126 bytes,
text/html
|
Details | |
54.12 KB,
text/plain
|
Details | |
85.66 KB,
text/plain
|
Details | |
58 bytes,
text/x-review-board-request
|
jfkthame
:
review+
|
Details |
58 bytes,
text/x-review-board-request
|
jfkthame
:
review+
|
Details |
6.02 KB,
patch
|
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
1.30 KB,
patch
|
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Repeating portion of the stack:
> nsDisplayCanvasBackgroundImage::Paint
> mozilla::FrameLayerBuilder::PaintItems
> mozilla::FrameLayerBuilder::DrawPaintedLayer
> mozilla::layers::BasicPaintedLayer::PaintThebes
> mozilla::layers::BasicLayerManager::PaintSelfOrChildren
> mozilla::layers::BasicLayerManager::PaintLayer
> mozilla::layers::BasicLayerManager::PaintSelfOrChildren
> mozilla::layers::BasicLayerManager::PaintLayer
> mozilla::layers::BasicLayerManager::EndTransactionInternal
> mozilla::layers::BasicLayerManager::EndTransaction
> nsDisplayList::PaintRoot
> nsLayoutUtils::PaintFrame
> GenerateAndPushTextMask
> nsDisplayBackgroundImage::PaintInternal
> nsDisplayCanvasBackgroundImage::Paint
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Comment 2•8 years ago
|
||
[Tracking Requested - why for this release]: We should avoid shipping this regression in 49.
Summary: Too-much-recursion crash with background-clip → Too-much-recursion crash with background-clip:text and gradient background on root element
Comment hidden (spam) |
(In reply to C.J. Ku[:cjku] from comment #4) > nsDisplayCanvasBackgroundImage, inherited from nsDisplayBackgroundImage, is > not created in > nsDisplayBackgroundImage::AppendBackgroundItemsToTop > So code at [1] does not creation of it. does not prevent creation of it > [1] > https://dxr.mozilla.org/mozilla-central/source/layout/base/nsDisplayList. > cpp#2454
Comment hidden (spam) |
Comment on attachment 8755703 [details] MozReview Request: Bug 1275026: Part 1. Prevent infinit recursion in GenerateAndPushTextMask Review request updated; see interdiff: https://reviewboard.mozilla.org/r/54752/diff/1-2/
Attachment #8755703 -
Flags: review?(jfkthame)
Comment 8•8 years ago
|
||
Comment on attachment 8755703 [details] MozReview Request: Bug 1275026: Part 1. Prevent infinit recursion in GenerateAndPushTextMask https://reviewboard.mozilla.org/r/54752/#review51446 Patch looks OK. We should also add the example as a crashtest.
Attachment #8755703 -
Flags: review?(jfkthame) → review+
Comment hidden (spam) |
Attachment #8755782 -
Flags: review?(cku) → review?(jfkthame)
Comment 10•8 years ago
|
||
Comment on attachment 8755782 [details] MozReview Request: Bug 1275026: Part 2. Crash test https://reviewboard.mozilla.org/r/54808/#review51468
Attachment #8755782 -
Flags: review?(jfkthame) → review+
Comment hidden (spam) |
Comment hidden (spam) |
Comment 13•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/ae1d5238d993 https://hg.mozilla.org/integration/mozilla-inbound/rev/dfb1d098cda6
Assignee | ||
Comment 14•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=62e87a96ba2b
Assignee | ||
Comment 15•8 years ago
|
||
Assignee | ||
Comment 16•8 years ago
|
||
Assignee | ||
Comment 17•8 years ago
|
||
Comment on attachment 8755889 [details] [diff] [review] (aurora) Part 1 Approval Request Comment [Feature/regressing bug #]: Bug 759568 [User impact if declined]: Stack overflow then crash while visiting a webpage with background-clip:text css prop on html element. [Describe test coverage new/current, TreeHerder]: manual test + try [Risks and why]: Low risk. Fix a crash on both FF 48 and 49. [String/UUID change made/needed]: None Please uplift (aurora) Part 1 + (aurora) Part 2
Attachment #8755889 -
Flags: approval-mozilla-aurora?
Comment 18•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ae1d5238d993 https://hg.mozilla.org/mozilla-central/rev/dfb1d098cda6
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Updated•8 years ago
|
status-firefox48:
--- → affected
Comment 20•8 years ago
|
||
Comment on attachment 8755889 [details] [diff] [review] (aurora) Part 1 Fix a crash, taking it.
Attachment #8755889 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•8 years ago
|
Attachment #8755890 -
Flags: approval-mozilla-aurora+
Comment 21•8 years ago
|
||
remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/9f9dc77cc9e9 remote: https://hg.mozilla.org/releases/mozilla-aurora/rev/bdadf0cd4efb
You need to log in
before you can comment on or make changes to this bug.
Description
•