Closed Bug 1332093 Opened 8 years ago Closed 8 years ago

Assertion: mRawPtr != nullptr (You can't dereference a NULL RefPtr with operator->().)

Categories

(Core :: DOM: Animation, defect)

Product:
Core
Component:
DOM: Animation
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1331704
Tracking Flags:
Tracking Status
firefox53 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])

Attachments

(2 files, 1 obsolete file)

log.txt
16.93 KB, text/plain
Details
test_case.html
1.10 KB, text/html
Details
Attached file log.txt
Found by truber's web animation fuzzer. This assertion is popping up frequently. Assertion failure: mRawPtr != nullptr (You can't dereference a NULL RefPtr with operator->().), at /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:314 ==2292==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f857e31f6f3 bp 0x7ffee1142a70 sp 0x7ffee1142a70 T0) #0 0x7f857e31f6f2 in RefPtr<mozilla::css::Declaration>::operator->() const /home/worker/workspace/build/src/gfx/gl/../../mfbt/RefPtr.h:313:5 #1 0x7f857fd4e596 in nsStyleSet::AssertNoImportantRules(nsRuleNode*, nsRuleNode*) /home/worker/workspace/build/src/layout/style/nsStyleSet.cpp:1069:5 #2 0x7f857fd4f1b7 in nsStyleSet::FileRules(bool (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*, mozilla::dom::Element*, nsRuleWalker*) /home/worker/workspace/build/src/layout/style/nsStyleSet.cpp:1235:5 #3 0x7f857fd4fec6 in nsStyleSet::ResolveStyleForInternal(mozilla::dom::Element*, nsStyleContext*, TreeMatchContext&, nsStyleSet::AnimationFlag) /home/worker/workspace/build/src/layout/style/nsStyleSet.cpp:1367:3 #4 0x7f857fd4fce0 in nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, TreeMatchContext&) /home/worker/workspace/build/src/layout/style/nsStyleSet.cpp:1403:10 #5 0x7f857fd4fbb3 in nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*) /home/worker/workspace/build/src/layout/style/nsStyleSet.cpp:1350:10 #6 0x7f857e87e15d in nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, mozilla::LazyComputeBehavior) /home/worker/workspace/build/src/layout/style/nsStyleSet.h:121:12 #7 0x7f857e87e130 in mozilla::StyleSetHandle::Ptr::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, mozilla::LazyComputeBehavior) /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/StyleSetHandleInlines.h:85:3 #8 0x7f857fc253e5 in (anonymous namespace)::StyleResolver::ResolveWithAnimation(mozilla::StyleSetHandle, mozilla::dom::Element*, mozilla::CSSPseudoElementType, nsStyleContext*, nsComputedDOMStyle::StyleType, bool) /home/worker/workspace/build/src/layout/style/nsComputedDOMStyle.cpp:499:16 #9 0x7f857fc24eff in nsComputedDOMStyle::DoGetStyleContextForElementNoFlush(mozilla::dom::Element*, nsIAtom*, nsIPresShell*, nsComputedDOMStyle::StyleType, nsComputedDOMStyle::AnimationFlag) /home/worker/workspace/build/src/layout/style/nsComputedDOMStyle.cpp:656:12 #10 0x7f857fc24bb0 in nsComputedDOMStyle::GetStyleContextForElementNoFlush(mozilla::dom::Element*, nsIAtom*, nsIPresShell*, nsComputedDOMStyle::StyleType) /home/worker/workspace/build/src/layout/style/nsComputedDOMStyle.cpp:677:10 #11 0x7f857fc24b11 in nsComputedDOMStyle::GetStyleContextForElement(mozilla::dom::Element*, nsIAtom*, nsIPresShell*, nsComputedDOMStyle::StyleType) /home/worker/workspace/build/src/layout/style/nsComputedDOMStyle.cpp:447:10 ... see log.txt
Attached file test_case.html (obsolete) —
Attached file test_case.html
Slightly more reduced version of the test case.
Attachment #8828119 - Attachment is obsolete: true
I think this is a duplicate of bug 1331704.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: