Closed
Bug 1383975
Opened 6 years ago
Closed 6 years ago
stylo: panicked at 'byte index 15 is not a char boundary; it is inside '...
Categories
(Core :: CSS Parsing and Computation, defect, P1)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla56
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | unaffected |
| firefox56 | --- | fixed |
People
(Reporter: truber, Assigned: SimonSapin)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
The attached testcase causes a panic in m-c rev dcfb58fcb6dd with stylo enabled by pref.
thread '<unnamed>' panicked at 'byte index 15 is not a char boundary; it is inside '۰' (bytes 14..16) of `
color: url(9
۰
`', /checkout/src/libcore/str/mod.rs:2179
stack backtrace:
0: std::sys::imp::backtrace::tracing::imp::unwind_backtrace
1: std::sys_common::backtrace::_print
2: std::panicking::default_hook::{{closure}}
3: std::panicking::default_hook
4: std::panicking::rust_panic_with_hook
5: std::panicking::begin_panic
6: std::panicking::begin_panic_fmt
7: rust_begin_unwind
8: core::panicking::panic_fmt
9: core::str::slice_error_fail
10: core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::Range<usize>>::index::{{closure}}
11: <core::option::Option<T>>::unwrap_or_else
12: core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::Range<usize>>::index
13: core::str::traits::<impl core::ops::Index<core::ops::Range<usize>> for str>::index
14: cssparser::tokenizer::Tokenizer::slice_from
15: cssparser::tokenizer::consume_unquoted_url::consume_bad_url
16: cssparser::tokenizer::consume_unquoted_url::consume_url_end
17: cssparser::tokenizer::consume_unquoted_url::consume_unquoted_url_internal
18: cssparser::tokenizer::consume_unquoted_url
19: cssparser::tokenizer::consume_ident_like
20: cssparser::tokenizer::next_token
21: cssparser::tokenizer::Tokenizer::next
22: cssparser::parser::parse_until_before
23: cssparser::parser::Parser::parse_until_before
24: cssparser::parser::Parser::parse_comma_separated
25: <selectors::parser::SelectorList<Impl>>::parse
26: <style::stylesheets::rule_parser::NestedRuleParser<'a, 'b> as cssparser::rules_and_declarations::QualifiedRuleParser<'i>>::parse_prelude
27: <style::stylesheets::rule_parser::TopLevelRuleParser<'a> as cssparser::rules_and_declarations::QualifiedRuleParser<'i>>::parse_prelude
28: cssparser::rules_and_declarations::parse_qualified_rule::{{closure}}
29: cssparser::parser::Parser::parse_entirely
30: cssparser::parser::parse_until_before
31: cssparser::rules_and_declarations::parse_qualified_rule
32: <cssparser::rules_and_declarations::RuleListParser<'i, 't, 'a, P> as core::iter::iterator::Iterator>::next
33: style::stylesheets::stylesheet::Stylesheet::parse_rules
34: style::stylesheets::stylesheet::StylesheetContents::from_str
35: Servo_StyleSheet_FromUTF8BytesFlags: in-testsuite?
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Comment 2•6 years ago
|
||
This is https://github.com/servo/rust-cssparser/issues/174, which is fixed in https://github.com/servo/rust-cssparser/pull/175. Now we need to pull that in m-c, thanks for the catch Jesse!
|
|
||
Comment 3•6 years ago
|
||
Hmm... Maybe it's not the same issue, hold on :)
|
|
||
Comment 4•6 years ago
|
||
Yeah, it is, never mind me.
|
Assignee | |
Comment 5•6 years ago
|
||
Right, it’s similar but not exactly the same (and not fixed by cssparser#175). I’m working on a fix.
| Comment hidden (mozreview-request) |
|
|
||
Comment 7•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8889878 [details] Bug 1383975 - Update cssparser, fix a panic in bad-url token parsing. https://reviewboard.mozilla.org/r/160944/#review166250
Attachment #8889878 -
Flags: review?(emilio+bugs) → review+
Pushed by simon.sapin@exyr.org: https://hg.mozilla.org/integration/autoland/rev/3fa44b134c34 Update cssparser, fix a panic in bad-url token parsing. r=emilio
|
||
Updated•6 years ago
|
Priority: -- → P1
|
||
Comment 9•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/3fa44b134c34
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
|
||
Comment 10•6 years ago
|
||
Are the tests.rs changes in this patch sufficient testing for this issue or should we land the attached testcase as a crashtest as well?
Assignee: nobody → simon.sapin
status-firefox54:
--- → unaffected
status-firefox55:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Flags: needinfo?(simon.sapin)
|
||
Comment 11•6 years ago
|
||
We should land the crashtest.
|
||
Comment 12•6 years ago
|
||
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5697f69b1426 Add crashtest.
|
|
||
Updated•6 years ago
|
Flags: in-testsuite? → in-testsuite+
|
||
Comment 14•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/5697f69b1426
You need to log in
before you can comment on or make changes to this bug.
Description
•