bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

stylo: Crash while parsing a media query expression in core::str::slice_error_fail

VERIFIED FIXED in Firefox 56

Status

()

Core
CSS Parsing and Computation
P1
critical
VERIFIED FIXED
a year ago
a year ago

People

(Reporter: past, Assigned: emilio)

Tracking

(Blocks: 1 bug, {crash})

unspecified
mozilla56
x86_64
Windows 10
crash
Points:
---

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox54 unaffected, firefox55 unaffected, firefox56 fixed)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-2abff06f-d969-4ba5-845b-a98410170708.
=============================================================

I get this crash consistently when visiting the Paypal checkout page from my local supermarket website (http://e-fresh.gr/). The page loads fine without stylo enabled.
Panos, are you able to get the style sheet URL that we crash on?  In a debug build, when we crash, up on the mozilla::ServoStyleSheet::ParseSheet stack frame, aSheetURI is the sheet URL.  If the sheet can't be downloaded outside of the checkout process for some reason, could you dump out the contents of aInput (which is the style sheet text)?  Thanks!
Flags: needinfo?(past)
(Assignee)

Comment 2

a year ago
I can repro with https://demo.paypal.com. will investigate.
Assignee: nobody → emilio+bugs
(Assignee)

Comment 3

a year ago
so the media query string we're testing looks like:

"screen�\345\345\345\345\345\345\345self-hosted\000"

so in starts_with_ignore_ascii_case(feature_name, "-webkit-"), we index that from 0 to 8 bytes, and that happens to be in the middle of a unicode code-point, so rust panics because the resulting string is not utf-8.
(Assignee)

Comment 4

a year ago
Minimal test-case:

<style>
@media (aaaaa
(Assignee)

Comment 5

a year ago
Oh, bugzilla... Anyway, will add a crashtest along the patch.
(Assignee)

Comment 6

a year ago
I ended up just adding an unit test: https://github.com/servo/servo/pull/17640
(In reply to Emilio Cobos Álvarez [:emilio] from comment #5)
> Oh, bugzilla... Anyway, will add a crashtest along the patch.

Sounds like bugzilla have some issue with your example :)

Consider filing a bug to bugzilla?
Flags: needinfo?(past)
(Assignee)

Comment 8

a year ago
I can do the whole checkout process in a build with https://hg.mozilla.org/integration/autoland/rev/2ed937c5e72c, so marking this as fixed. Please verify it in the next nightly if possible, thanks!

(In reply to Xidorn Quan [:xidorn] UTC+10 from comment #7)
> (In reply to Emilio Cobos Álvarez [:emilio] from comment #5)
> > Oh, bugzilla... Anyway, will add a crashtest along the patch.
> 
> Sounds like bugzilla have some issue with your example :)
> 
> Consider filing a bug to bugzilla?

Filed, bug 1379423.
(Assignee)

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
Crash Signature: [@ core::str::slice_error_fail] → [@ core::str::slice_error_fail] [@ mozalloc_abort | abort | core::str::slice_error_fail]
Priority: -- → P1
Summary: Crash while parsing a media query expression in core::str::slice_error_fail → stylo: Crash while parsing a media query expression in core::str::slice_error_fail
status-firefox54: --- → unaffected
status-firefox55: --- → unaffected
status-firefox56: --- → fixed
status-firefox-esr52: --- → unaffected
Target Milestone: --- → mozilla56
(Reporter)

Comment 9

a year ago
Confirmed on the same website that the crash no longer occurs.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.