Closed
Bug 1344312
Opened 7 years ago
Closed 7 years ago
MOZ_CrashPrintf in [@ nsCellMap::ShrinkWithoutRows]
Categories
(Core :: Layout: Tables, defect)
Core
Layout: Tables
Tracking
()
RESOLVED
DUPLICATE
of bug 1344628
Tracking | Status | |
---|---|---|
firefox54 | --- | affected |
People
(Reporter: tsmith, Assigned: neerja)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
435 bytes,
text/html
|
Details |
==31566==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000050dcb6 bp 0x7ffc98495c00 sp 0x7ffc98495aa0 T0) #0 0x50dcb5 in MOZ_CrashPrintf /home/worker/workspace/build/src/mfbt/Assertions.cpp:63:3 #1 0x7f3b7bac9a5f in InvalidArrayIndex_CRASH(unsigned long, unsigned long) /home/worker/workspace/build/src/xpcom/ds/nsTArray.cpp:26:3 #2 0x7f3b82a68620 in ElementAt /home/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1042:7 #3 0x7f3b82a68620 in operator[] /home/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1080 #4 0x7f3b82a68620 in nsCellMap::ShrinkWithoutRows(nsTableCellMap&, int, int, int, mozilla::TableArea&) /home/worker/workspace/build/src/layout/tables/nsCellMap.cpp:1884 #5 0x7f3b82a5e2f3 in nsTableCellMap::RemoveRows(int, int, bool, mozilla::TableArea&) /home/worker/workspace/build/src/layout/tables/nsCellMap.cpp:522:7 #6 0x7f3b82a88ccc in nsTableFrame::RemoveRows(nsTableRowFrame&, int, bool) /home/worker/workspace/build/src/layout/tables/nsTableFrame.cpp:1087:5 #7 0x7f3b82af3557 in nsTableRowGroupFrame::RemoveFrame(mozilla::layout::FrameChildListID, nsIFrame*) /home/worker/workspace/build/src/layout/tables/nsTableRowGroupFrame.cpp:1616:5 #8 0x7f3b825c34c5 in RemoveFrame /home/worker/workspace/build/src/layout/base/nsFrameManager.cpp:525:5 #9 0x7f3b825c34c5 in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags, bool*, nsIContent**) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:8570 #10 0x7f3b825afc43 in nsCSSFrameConstructor::RecreateFramesForContent(nsIContent*, bool, nsCSSFrameConstructor::RemoveFlags, nsIContent**) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:9759:10 #11 0x7f3b825c1165 in nsCSSFrameConstructor::WipeContainingBlock(nsFrameConstructorState&, nsIFrame*, nsIFrame*, nsCSSFrameConstructor::FrameConstructionItemList&, bool, nsIFrame*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:12611:7 #12 0x7f3b825bcf05 in nsCSSFrameConstructor::ContentAppended(nsIContent*, nsIContent*, bool) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7540:7 #13 0x7f3b825b7d88 in nsCSSFrameConstructor::CreateNeededFrames(nsIContent*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7183:5 #14 0x7f3b825b7e35 in nsCSSFrameConstructor::CreateNeededFrames(nsIContent*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7190:7 #15 0x7f3b825b7e35 in nsCSSFrameConstructor::CreateNeededFrames(nsIContent*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7190:7 #16 0x7f3b825b7e35 in nsCSSFrameConstructor::CreateNeededFrames(nsIContent*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7190:7 #17 0x7f3b825b7e35 in nsCSSFrameConstructor::CreateNeededFrames(nsIContent*) /home/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7190:7 #18 0x7f3b824c9632 in mozilla::GeckoRestyleManager::ProcessPendingRestyles() /home/worker/workspace/build/src/layout/base/GeckoRestyleManager.cpp:464:3 #19 0x7f3b82515e20 in ProcessPendingRestyles /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RestyleManagerInlines.h:44:3 #20 0x7f3b82515e20 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /home/worker/workspace/build/src/layout/base/PresShell.cpp:4184 #21 0x7f3b7e5b8b6e in FlushPendingNotifications /home/worker/workspace/build/src/obj-firefox/dist/include/nsIPresShell.h:599:5 #22 0x7f3b7e5b8b6e in nsDocument::FlushPendingNotifications(mozilla::FlushType) /home/worker/workspace/build/src/dom/base/nsDocument.cpp:7984 #23 0x7f3b7d55f1b1 in nsDocLoader::DocLoaderIsEmpty(bool) /home/worker/workspace/build/src/uriloader/base/nsDocLoader.cpp:685:9 #24 0x7f3b7d561714 in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) /home/worker/workspace/build/src/uriloader/base/nsDocLoader.cpp:614:5 #25 0x7f3b7d5622cc in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) /home/worker/workspace/build/src/uriloader/base/nsDocLoader.cpp:470:14 #26 0x7f3b7bd5997b in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /home/worker/workspace/build/src/netwerk/base/nsLoadGroup.cpp:634:18 #27 0x7f3b7e5bfdbb in nsDocument::DoUnblockOnload() /home/worker/workspace/build/src/dom/base/nsDocument.cpp:8840:7 #28 0x7f3b7e5bf95b in nsDocument::UnblockOnload(bool) /home/worker/workspace/build/src/dom/base/nsDocument.cpp:8766:9 #29 0x7f3b7e595b8c in nsDocument::DispatchContentLoadedEvents() /home/worker/workspace/build/src/dom/base/nsDocument.cpp:5293:3 #30 0x7f3b7e66fa02 in applyImpl<nsDocument, void (nsDocument::*)()> /home/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:855:12 #31 0x7f3b7e66fa02 in apply<nsDocument, void (nsDocument::*)()> /home/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:861 #32 0x7f3b7e66fa02 in mozilla::detail::RunnableMethodImpl<nsDocument*, void (nsDocument::*)(), true, false>::Run() /home/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:890 #33 0x7f3b7bb9f9a2 in nsThread::ProcessNextEvent(bool, bool*) /home/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1264:7 #34 0x7f3b7bb9c250 in NS_ProcessNextEvent(nsIThread*, bool) /home/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:389:10 #35 0x7f3b7c9a0e5f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/worker/workspace/build/src/ipc/glue/MessagePump.cpp:96:21 #36 0x7f3b7c9121f8 in RunInternal /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:238:3 #37 0x7f3b7c9121f8 in RunHandler /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:231 #38 0x7f3b7c9121f8 in MessageLoop::Run() /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:211 #39 0x7f3b81d7939f in nsBaseAppShell::Run() /home/worker/workspace/build/src/widget/nsBaseAppShell.cpp:156:3 #40 0x7f3b8540a911 in nsAppStartup::Run() /home/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:283:19 #41 0x7f3b855d669c in XREMain::XRE_mainRun() /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4476:10 #42 0x7f3b855d8198 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4654:8 #43 0x7f3b855d945c in XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4745:16 #44 0x4dffaf in do_main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:236:10 #45 0x4dffaf in main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:307 #46 0x7f3b96fc682f in __libc_start_main /build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291 #47 0x41c3d8 in _start (/home/user/workspace/browsers/firefox_cnt/firefox+0x41c3d8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/worker/workspace/build/src/mfbt/Assertions.cpp:63:3 in MOZ_CrashPrintf ==31566==ABORTING
Reporter | ||
Updated•7 years ago
|
Flags: in-testsuite?
Comment 1•7 years ago
|
||
I'm guessing this might be the same issue as in bug 1344542? This bug has a testcase though.
Flags: needinfo?(npancholi)
Assignee | ||
Comment 2•7 years ago
|
||
(In reply to Mats Palmgren (:mats) from comment #1) > I'm guessing this might be the same issue as in bug 1344542? > This bug has a testcase though. I'll take a look and mark as duplicate if needed. Thanks.
Assignee: nobody → npancholi
Flags: needinfo?(npancholi)
Assignee | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•4 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•