Closed
Bug 1384627
Opened 7 years ago
Closed 7 years ago
Assertion failure: !inner->GetWritingMode().IsOrthogonalTo(aWM), at /home/worker/workspace/build/src/layout/forms/nsFieldSetFrame.cpp:638
Categories
(Core :: Layout: Form Controls, defect, P3)
Core
Layout: Form Controls
Tracking
()
RESOLVED
DUPLICATE
of bug 1383938
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | wontfix |
| firefox57 | --- | wontfix |
| firefox58 | --- | fix-optional |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
479 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 20170726-e8400551c2e3.
Assertion failure: !inner->GetWritingMode().IsOrthogonalTo(aWM), at /home/worker/workspace/build/src/layout/forms/nsFieldSetFrame.cpp:638
ASAN:DEADLYSIGNAL
=================================================================
==1335==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fb6c119c066 bp 0x7fff0b6573b0 sp 0x7fff0b6572c0 T0)
==1335==The signal is caused by a WRITE memory access.
==1335==Hint: address points to the zero page.
#0 0x7fb6c119c065 in nsFieldSetFrame::GetVerticalAlignBaseline(mozilla::WritingMode, int*) const /home/worker/workspace/build/src/layout/forms/nsFieldSetFrame.cpp:639:15
#1 0x7fb6c0f86ef5 in nsBlockFrame::GetNaturalBaselineBOffset(mozilla::WritingMode, mozilla::BaselineSharingGroup, int*) const /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:510:16
#2 0x7fb6c0f86bcd in nsIFrame::BaselineBOffset(mozilla::WritingMode, mozilla::BaselineSharingGroup, mozilla::AlignmentContext) const /home/worker/workspace/build/src/layout/generic/nsIFrameInlines.h:153:7
#3 0x7fb6c0f86a5b in nsBlockFrame::GetLogicalBaseline(mozilla::WritingMode) const /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:492:5
#4 0x7fb6c10e884b in nsLineLayout::PlaceFrame(nsLineLayout::PerFrameData*, mozilla::ReflowOutput&) /home/worker/workspace/build/src/layout/generic/nsLineLayout.cpp:1421:35
#5 0x7fb6c10da413 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /home/worker/workspace/build/src/layout/generic/nsLineLayout.cpp:1102:7
#6 0x7fb6c10d8795 in nsInlineFrame::ReflowInlineFrame(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, nsIFrame*, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsInlineFrame.cpp:798:15
#7 0x7fb6c10d79bb in nsInlineFrame::ReflowFrames(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, mozilla::ReflowOutput&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsInlineFrame.cpp:681:7
#8 0x7fb6c10d7016 in nsInlineFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsInlineFrame.cpp:460:3
#9 0x7fb6c10d96c3 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /home/worker/workspace/build/src/layout/generic/nsLineLayout.cpp:921:13
#10 0x7fb6c112318f in nsRubyBaseContainerFrame::ReflowOneColumn(nsRubyBaseContainerFrame::RubyReflowInput const&, unsigned int, mozilla::RubyColumn const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsRubyBaseContainerFrame.cpp:658:17
#11 0x7fb6c1121e3b in nsRubyBaseContainerFrame::ReflowColumns(nsRubyBaseContainerFrame::RubyReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsRubyBaseContainerFrame.cpp:477:15
#12 0x7fb6c1121216 in nsRubyBaseContainerFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsRubyBaseContainerFrame.cpp:389:11
#13 0x7fb6c10d96c3 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /home/worker/workspace/build/src/layout/generic/nsLineLayout.cpp:921:13
#14 0x7fb6c1126010 in nsRubyFrame::ReflowSegment(nsPresContext*, mozilla::ReflowInput const&, nsRubyBaseContainerFrame*, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsRubyFrame.cpp:222:29
#15 0x7fb6c112587d in nsRubyFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsRubyFrame.cpp:165:5
#16 0x7fb6c10d96c3 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /home/worker/workspace/build/src/layout/generic/nsLineLayout.cpp:921:13
#17 0x7fb6c0fa8787 in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:4220:15
#18 0x7fb6c0fa6fec in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:4016:5
#19 0x7fb6c0f9f719 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:3890:9
#20 0x7fb6c0f99b8b in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:2873:5
#21 0x7fb6c0f90eb2 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:2409:7
#22 0x7fb6c0f8c05c in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsBlockFrame.cpp:1233:3
#23 0x7fb6c0fccbba in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /home/worker/workspace/build/src/layout/generic/nsContainerFrame.cpp:935:14
#24 0x7fb6c0fcbe32 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsCanvasFrame.cpp:752:5
#25 0x7fb6c0fccbba in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /home/worker/workspace/build/src/layout/generic/nsContainerFrame.cpp:935:14
#26 0x7fb6c106b569 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) /home/worker/workspace/build/src/layout/generic/nsGfxScrollFrame.cpp:549:3
#27 0x7fb6c106c7f2 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) /home/worker/workspace/build/src/layout/generic/nsGfxScrollFrame.cpp:661:3
#28 0x7fb6c106eb27 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/nsGfxScrollFrame.cpp:1037:3
#29 0x7fb6c0f7bb6f in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /home/worker/workspace/build/src/layout/generic/nsContainerFrame.cpp:979:14
#30 0x7fb6c0f7b162 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /home/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:329:7
$ ./mach file-info bugzilla-component layout/forms/nsFieldSetFrame.cpp Core :: Layout: Form Controls layout/forms/nsFieldSetFrame.cpp
Component: Layout → Layout: Form Controls
|
Reporter | |
Comment 2•7 years ago
|
||
(In reply to David Baron :dbaron: ⌚️UTC+1 from comment #1) > $ ./mach file-info bugzilla-component layout/forms/nsFieldSetFrame.cpp > Core :: Layout: Form Controls > layout/forms/nsFieldSetFrame.cpp Thanks! I wasn't aware of mach file-info.
|
|
Reporter | |
Comment 3•7 years ago
|
||
This appears to be a duplicate of bug 1383938.
| Comment hidden (Intermittent Failures Robot) |
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Updated•7 years ago
|
status-firefox57:
--- → wontfix
status-firefox58:
--- → fix-optional
|
||
Comment 5•7 years ago
|
||
(In reply to Jason Kratzer [:jkratzer] from comment #3) > This appears to be a duplicate of bug 1383938. Same regression range, so let's go with that.
Status: NEW → RESOLVED
Has Regression Range: --- → yes
Closed: 7 years ago
status-firefox56:
--- → wontfix
status-firefox-esr52:
--- → unaffected
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•