Closed Bug 1340344 Opened 7 years ago Closed 7 years ago

Assertion failure: SpecifiedKeyframeArraysAreEqual(mKeyframes, keyframesCopy)

Categories

(Core :: DOM: Animation, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla54
Tracking Status
firefox51 --- unaffected
firefox52 --- wontfix
firefox-esr52 --- wontfix
firefox53 --- wontfix
firefox54 --- fixed

People

(Reporter: truber, Assigned: hiro)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file testcase.html
The attached testcase causes an assertion in mozilla-central rev 20170216-25929185c467

Assertion failure: SpecifiedKeyframeArraysAreEqual(mKeyframes, keyframesCopy) (Apart from the computed offset members, the keyframes array should not be modified), at /home/worker/workspace/build    /src/dom/animation/KeyframeEffectReadOnly.cpp:899
    #0 0x7f017e687dfa in mozilla::dom::KeyframeEffectReadOnly::BuildProperties(nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:897:3
    #1 0x7f017e67e46c in mozilla::dom::KeyframeEffectReadOnly::UpdateProperties(nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:287:44
    #2 0x7f017e687647 in mozilla::dom::KeyframeEffectReadOnly::SetKeyframes(nsTArray<mozilla::Keyframe>&&, nsStyleContext*) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:209:5
    #3 0x7f017e68755d in mozilla::dom::KeyframeEffectReadOnly::SetKeyframes(JSContext*, JS::Handle<JSObject*>, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:186:3
    #4 0x7f017e683c81 in already_AddRefed<mozilla::dom::KeyframeEffect> mozilla::dom::KeyframeEffectReadOnly::ConstructKeyframeEffect<mozilla::dom::KeyframeEffect, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions>(mozilla::dom::GlobalObject const&, mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffectReadOnly.cpp:812:3
    #5 0x7f017e68391d in mozilla::dom::KeyframeEffect::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/animation/KeyframeEffect.cpp:65:10
    #6 0x7f017e85c2d0 in mozilla::dom::Element::Animate(mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/base/Element.cpp:3389:5
    #7 0x7f017e85bc70 in mozilla::dom::Element::Animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/base/Element.cpp:3346:10
    #8 0x7f017fc4eee5 in mozilla::dom::ElementBinding::animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Element*, JSJitMethodCallArgs const&) /home/worker/workspace/build/src/obj-firefox/dom/bindings/ElementBinding.cpp:3295:55
Flags: in-testsuite?
Attached file log.txt
Flags: needinfo?(hikezoe)
A problem is here in CSSParserImpl::ParseHSLColor().  We calculate Inf - Inf there.

https://hg.mozilla.org/mozilla-central/file/6cefe01ca774/layout/style/nsCSSParser.cpp#l6966
Flags: needinfo?(hikezoe)
Hi Daniel,
I am not sure how we should handle infinity values in hue component, but I think we should clamp it in finite range just like we do for transform function values [1].  What do you think?

[1] https://hg.mozilla.org/mozilla-central/file/6cefe01ca774/layout/style/nsCSSParser.cpp#l16736
Flags: needinfo?(dholbert)
That sounds reasonable to me.  (We do the same thing in one other spot in that file, too -- in CSSParserImpl::ParseFunctionInternals.)
Flags: needinfo?(dholbert)
Assignee: nobody → hikezoe
Status: NEW → ASSIGNED
Comment on attachment 8838833 [details]
Bug 1340344 - Calmp hue value in finite float range.

https://reviewboard.mozilla.org/r/113654/#review115632

r=me
Attachment #8838833 - Flags: review?(dholbert) → review+
Pushed by hikezoe@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fe06b3adf47e
Calmp hue value in finite float range. r=dholbert
https://hg.mozilla.org/mozilla-central/rev/fe06b3adf47e
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Is this worth backporting to Beta53/ESR52?
Flags: needinfo?(hikezoe)
Flags: in-testsuite?
Flags: in-testsuite+
Hmm, I don't think so.  This bug does not cause any crashes (I believe) and is not a recent regression (The assertion was introduce in bug 1279819, the calculation was introduce long time ago).
Flags: needinfo?(hikezoe)
See Also: → 1373712
You need to log in before you can comment on or make changes to this bug.