Closed Bug 1340344 Opened 3 years ago Closed 3 years ago

Assertion failure: SpecifiedKeyframeArraysAreEqual(mKeyframes, keyframesCopy)

Categories

(Core :: DOM: Animation, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla54
Tracking Status
firefox51 --- unaffected
firefox52 --- wontfix
firefox-esr52 --- wontfix
firefox53 --- wontfix
firefox54 --- fixed

People

(Reporter: truber, Assigned: hiro)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file testcase.html
The attached testcase causes an assertion in mozilla-central rev 20170216-25929185c467

Assertion failure: SpecifiedKeyframeArraysAreEqual(mKeyframes, keyframesCopy) (Apart from the computed offset members, the keyframes array should not be modified), at /home/worker/workspace/build    /src/dom/animation/KeyframeEffectReadOnly.cpp:899
    #0 0x7f017e687dfa in mozilla::dom::KeyframeEffectReadOnly::BuildProperties(nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:897:3
    #1 0x7f017e67e46c in mozilla::dom::KeyframeEffectReadOnly::UpdateProperties(nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:287:44
    #2 0x7f017e687647 in mozilla::dom::KeyframeEffectReadOnly::SetKeyframes(nsTArray<mozilla::Keyframe>&&, nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:209:5
    #3 0x7f017e68755d in mozilla::dom::KeyframeEffectReadOnly::SetKeyframes(JSContext*, JS::Handle<JSObject*>, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:186:3
    #4 0x7f017e683c81 in already_AddRefed<mozilla::dom::KeyframeEffect> mozilla::dom::KeyframeEffectReadOnly::ConstructKeyframeEffect<mozilla::dom::KeyframeEffect, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions>(mozilla::dom::GlobalObject const&, mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:812:3
    #5 0x7f017e68391d in mozilla::dom::KeyframeEffect::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffect.cpp:65:10
    #6 0x7f017e85c2d0 in mozilla::dom::Element::Animate(mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/base/Element.cpp:3389:5
    #7 0x7f017e85bc70 in mozilla::dom::Element::Animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/base/Element.cpp:3346:10
    #8 0x7f017fc4eee5 in mozilla::dom::ElementBinding::animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Element*, JSJitMethodCallArgs const&) /home/worker/workspace/build/src/obj-firefox/dom/bindings/ElementBinding.cpp:3295:55
Flags: in-testsuite?
Attached file log.txt
Flags: needinfo?(hikezoe)
A problem is here in CSSParserImpl::ParseHSLColor().  We calculate Inf - Inf there.

https://hg.mozilla.org/mozilla-central/file/6cefe01ca774/layout/style/nsCSSParser.cpp#l6966
Flags: needinfo?(hikezoe)
Hi Daniel,
I am not sure how we should handle infinity values in hue component, but I think we should clamp it in finite range just like we do for transform function values [1].  What do you think?

[1] https://hg.mozilla.org/mozilla-central/file/6cefe01ca774/layout/style/nsCSSParser.cpp#l16736
Flags: needinfo?(dholbert)
That sounds reasonable to me.  (We do the same thing in one other spot in that file, too -- in CSSParserImpl::ParseFunctionInternals.)
Flags: needinfo?(dholbert)
Assignee: nobody → hikezoe
Status: NEW → ASSIGNED
Pushed by hikezoe@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fe06b3adf47e
Calmp hue value in finite float range. r=dholbert
https://hg.mozilla.org/mozilla-central/rev/fe06b3adf47e
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Is this worth backporting to Beta53/ESR52?
Flags: needinfo?(hikezoe)
Flags: in-testsuite?
Flags: in-testsuite+
Hmm, I don't think so.  This bug does not cause any crashes (I believe) and is not a recent regression (The assertion was introduce in bug 1279819, the calculation was introduce long time ago).
Flags: needinfo?(hikezoe)
Blocks: 1334591
See Also: → 1373712
You need to log in before you can comment on or make changes to this bug.