Closed Bug 1334582 Opened 8 years ago Closed 8 years ago

WebAnimation crash: Assertion failure: result.mCurrentIteration != 0 (Should not have zero current iteration) [@mozilla::dom::AnimationEffectReadOnly::GetComputedTimingAt]

Categories

(Core :: DOM: Animation, defect, P2)

Product:
Core
Component:
DOM: Animation
Platform:
x86_64
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox54 --- wontfix
firefox55 --- wontfix
firefox56 --- fixed
firefox57 --- fixed

People

(Reporter: posidron, Assigned: hiro)

References

Details

(Keywords: crash, testcase)

Attachments

(4 files)

testcase-webanimations-2.html
1.31 KB, text/html
Details
Simplified test case from bug 1343344
224 bytes, text/html
Details
Bug 1334582 - Use UINT64_MAX instead of IsInfinite() for checking whether TimingParans.mIterations is infinite or not.
59 bytes, text/x-review-board-request
boris
: review+
lizzard
: approval-mozilla-beta+
Details
Bug 1334582 - Check whether overall progress exceeds UINT64_MAX.
59 bytes, text/x-review-board-request
boris
: review+
Details
Tested with https://hg.mozilla.org/integration/mozilla-inbound/rev/54cecb685bca Assertion failure: result.mCurrentIteration != 0 (Should not have zero current iteration), at /srv/mozilla/mozilla-inbound/dom/animation/AnimationEffectReadOnly.cpp:214 #0 0x116a0f644 in mozilla::dom::AnimationEffectReadOnly::GetComputedTimingAt(mozilla::dom::Nullable<mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator> > const&, mozilla::TimingParams const&, double) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x30b1644) #1 0x1169fbea1 in mozilla::dom::AnimationEffectReadOnly::GetComputedTiming(mozilla::TimingParams const*) const (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x309dea1) #2 0x1169fb9f7 in mozilla::dom::Animation::UpdateRelevance() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x309d9f7) #3 0x116a099d2 in mozilla::dom::Animation::UpdateTiming(mozilla::dom::Animation::SeekFlag, mozilla::dom::Animation::SyncNotifyFlag) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x30ab9d2) #4 0x116a037bc in mozilla::dom::Animation::Tick() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x30a57bc) #5 0x116a1a259 in mozilla::dom::DocumentTimeline::WillRefresh(mozilla::TimeStamp) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x30bc259) #6 0x11bf7c658 in nsRefreshDriver::Tick(long long, mozilla::TimeStamp) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x861e658) #7 0x11bf86710 in nsRefreshDriver::FinishedWaitingForTransaction() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x8628710) #8 0x116449a85 in mozilla::layers::ClientLayerManager::DidComposite(unsigned long long, mozilla::TimeStamp const&, mozilla::TimeStamp const&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x2aeba85) #9 0x11ae51354 in mozilla::dom::TabChild::DidComposite(unsigned long long, mozilla::TimeStamp const&, mozilla::TimeStamp const&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x74f3354) #10 0x11654c907 in mozilla::layers::CompositorBridgeChild::RecvDidComposite(unsigned long long const&, unsigned long long const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x2bee907) #11 0x11558b75d in mozilla::layers::PCompositorBridgeChild::OnMessageReceived(IPC::Message const&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x1c2d75d) #12 0x114c2ad05 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x12ccd05) #13 0x114c22e3c in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x12c4e3c) #14 0x114c276a7 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x12c96a7) #15 0x114c28d2e in mozilla::ipc::MessageChannel::MessageTask::Run() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x12cad2e) #16 0x113c54540 in nsThread::ProcessNextEvent(bool, bool*) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x2f6540) #17 0x113c4c810 in NS_ProcessPendingEvents(nsIThread*, unsigned int) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x2ee810) #18 0x11b6c7d0f in nsBaseAppShell::NativeEventCallback() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x7d69d0f) #19 0x11b7d7bb4 in nsAppShell::ProcessGeckoEvents(void*) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x7e79bb4) #20 0x7fffcd058980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980) #21 0x7fffcd039a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c) #22 0x7fffcd038f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75) #23 0x7fffcd038973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973) #24 0x7fffcc5c4acb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30acb) #25 0x7fffcc5c4900 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30900) #26 0x7fffcc5c4735 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30735) #27 0x7fffcab6aae3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x46ae3) #28 0x7fffcb2e521e in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c121e) #29 0x11b7d610c in -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x7e7810c) #30 0x7fffcab5f464 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3b464) #31 0x11b7d9017 in nsAppShell::Run() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x7e7b017) #32 0x11de47628 in XRE_RunAppShell() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0xa4e9628) #33 0x114c34fba in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x12d6fba) #34 0x114b6c207 in MessageLoop::RunInternal() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x120e207) #35 0x114b6becc in MessageLoop::Run() (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x120decc) #36 0x11de468f0 in XRE_InitChildProcess(int, char**, XREChildData const*) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0xa4e88f0) #37 0x1098d4675 in content_process_main(mozilla::Bootstrap*, int, char**) (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container+0x100002675) #38 0x1098d4945 in main (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container+0x100002945) #39 0x1098d3343 in start (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container+0x100001343) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/XUL+0x30b1644) in mozilla::dom::AnimationEffectReadOnly::GetComputedTimingAt(mozilla::dom::Nullable<mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator> > const&, mozilla::TimingParams const&, double) Command: /srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -appdir /srv/mozilla/mozilla-inbound/ff-x86_64-apple-darwin16.3.0-asan-debug/dist/NightlyDebug.app/Contents/Resources/browser -profile /var/folders/ph/3q0jpmfd0j55k72jc86s9x0c0000gn/T/tmp3hdhp0n5 54939 org.mozilla.machname.1502426924 tab ==55157==ABORTING
This is another variant of bug 1271788. In this case, mDelay is 9223372036854775807, active duration is -9223372036854775808 and mEndDelay is 0. Then calculating EndTime() in TimingParams.h causes this assertion.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Gosh! Sorry. I was going to duplicate bug 1334575.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
The iteration value, 6.380285785266684e+307, becomes 0 after casting to uint64_t. [1] https://hg.mozilla.org/mozilla-central/file/71224049c0b5/dom/animation/AnimationEffectReadOnly.cpp#l190 I guess infinite check [2] should be done against uint64_t. [2] https://hg.mozilla.org/mozilla-central/file/71224049c0b5/dom/animation/AnimationEffectReadOnly.cpp#l186
Priority: -- → P2
Thank you Jesse. I'd love to use this simplified test case for our automation test.
Assignee: nobody → hikezoe
Status: REOPENED → ASSIGNED
Comment on attachment 8906838 [details] Bug 1334582 - Use UINT64_MAX instead of IsInfinite() for checking whether TimingParans.mIterations is infinite or not. https://reviewboard.mozilla.org/r/178570/#review183604
Attachment #8906838 - Flags: review?(boris.chiou) → review+
Comment on attachment 8906839 [details] Bug 1334582 - Check whether overall progress exceeds UINT64_MAX. https://reviewboard.mozilla.org/r/178572/#review183606
Attachment #8906839 - Flags: review?(boris.chiou) → review+
Pushed by hikezoe@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1daf0a6213e6 Use UINT64_MAX instead of IsInfinite() for checking whether TimingParans.mIterations is infinite or not. r=boris https://hg.mozilla.org/integration/autoland/rev/ad12f05d2416 Check whether overall progress exceeds UINT64_MAX. r=boris
https://hg.mozilla.org/mozilla-central/rev/1daf0a6213e6 https://hg.mozilla.org/mozilla-central/rev/ad12f05d2416
Status: ASSIGNED → RESOLVED
Closed: 8 years ago8 years ago
status-firefox57: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Can this ride the 57 train or should we consider it for Beta uplift?
status-firefox54: affectedwontfix
status-firefox55: --- → wontfix
status-firefox56: --- → affected
status-firefox-esr52: --- → unaffected
Flags: needinfo?(hikezoe)
Flags: in-testsuite+
Comment on attachment 8906838 [details] Bug 1334582 - Use UINT64_MAX instead of IsInfinite() for checking whether TimingParans.mIterations is infinite or not. Approval Request Comment [Feature/Bug causing the regression]: None [User impact if declined]: User might see weird animations if too big animation iteration count is specified [Is this code covered by automated tests?]: Yes [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: [List of other uplifts needed for the feature/fix]: Another patch in this bug (attachment 8906839 [details]) [Is the change risky?]: Very low risk [Why is the change risky/not risky?]: This patch does just change the value which is used for boundary check for animation iteration count in conversion from double to integer, before this patch the value was a kind of max double, after this patch it's now a kind of max integer, it became sane. [String changes made/needed]: None
Flags: needinfo?(hikezoe)
Attachment #8906838 - Flags: approval-mozilla-beta?
Comment on attachment 8906838 [details] Bug 1334582 - Use UINT64_MAX instead of IsInfinite() for checking whether TimingParans.mIterations is infinite or not. Crash fix, seems sensible, let's take this for beta 12.
Attachment #8906838 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: