stylo: heap write hazard reported in Gecko_CSSFontFaceRule_GetCssText

RESOLVED FIXED in Firefox 55

Status

()

Core
CSS Parsing and Computation
P1
normal
RESOLVED FIXED
a month ago
a month ago

People

(Reporter: sfink, Assigned: manishearth)

Tracking

(Blocks: 1 bug)

unspecified
mozilla55
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox55 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

a month ago
bholley: "I _think_ this function can MOZ_ASSERT(NS_IsMainThread()). xidorn would know for sure."

Hazard report:

[25.50s] #174 Analyzing Gecko_CSSFontFaceRule_GetCssText ...
Error: Variable assignment _ZL21gKeywordTableRefCount$nsCSSKeywords.cpp:int32_t gKeywordTableRefCount
Location: _ZN13nsCSSKeywords12ReleaseTableEv$void nsCSSKeywords::ReleaseTable() @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSKeywords.cpp#47
Stack Trace:
_ZN10nsCSSProps12GetColorNameEiR9nsCString$uint8 nsCSSProps::GetColorName(int32, nsCString*) @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSProps.cpp#2565 ### SafeArguments: aResult
_ZNK10nsCSSValue14AppendToStringE15nsCSSPropertyIDR9nsAStringNS_13SerializationE$void nsCSSValue::AppendToString(int32, nsAString*, uint32) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSValue.cpp#1680 ### SafeArguments: this aResult aSerialization
_ZNK10nsCSSValue14AppendToStringE15nsCSSPropertyIDR9nsAStringNS_13SerializationE$void nsCSSValue::AppendToString(int32, nsAString*, uint32) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSValue.cpp#1755 ### SafeArguments: <arg1> <arg2>
_ZNK12nsMediaQuery14AppendToStringER9nsAString$void nsMediaQuery::AppendToString(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsMediaList.cpp#427 ### SafeArguments: aMediaText
_ZN11nsMediaList7GetTextER9nsAString$void nsMediaList::GetText(nsAString*) @ https://searchfox.org/mozilla-central/source/layout/style/nsMediaList.cpp#510 ### SafeArguments: aOutput
_ZNK7mozilla3css9MediaRule19AppendConditionTextER9nsAString$void mozilla::css::MediaRule::AppendConditionText(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSRules.cpp#523 ### SafeArguments: aCssText
_ZNK7mozilla3css9MediaRule14GetCssTextImplER9nsAString$void mozilla::css::MediaRule::GetCssTextImpl(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSRules.cpp#465 ### SafeArguments: aCssText
_ZNK7mozilla3css4Rule10GetCssTextER9nsAString$void mozilla::css::Rule::GetCssText(nsAString*) const @ https://searchfox.org/mozilla-central/source/obj-analyzed/dist/include/mozilla/css/Rule.h#121 ### SafeArguments: aRule
Gecko_CSSFontFaceRule_GetCssText @ https://searchfox.org/mozilla-central/source/layout/style/ServoBindings.cpp#1744 ### SafeArguments: <arg1>
Yeah, I think it can assert in main thread.
Assignee: nobody → manishearth
Priority: -- → P1
(Reporter)

Updated

a month ago
Blocks: 1294915
(Reporter)

Updated

a month ago
Blocks: 1356458
Comment hidden (mozreview-request)

Comment 3

a month ago
mozreview-review
Comment on attachment 8860159 [details]
Bug 1356276: stylo: Assert that Gecko_CSSFontFaceRule_GetCssText is on the main thread to satisfy heap write analysis;

https://reviewboard.mozilla.org/r/132188/#review135052
Attachment #8860159 - Flags: review?(bobbyholley) → review+

Comment 4

a month ago
Pushed by manishearth@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/09634f2e9343
stylo: Assert that Gecko_CSSFontFaceRule_GetCssText is on the main thread to satisfy heap write analysis; r=bholley

Comment 5

a month ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/09634f2e9343
Status: NEW → RESOLVED
Last Resolved: a month ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.