Closed Bug 1401692 Opened 8 years ago Closed 8 years ago

stylo: thread '<unnamed>' panicked at 'assertion failed: n == 0', /builds/worker/workspace/build/src/servo/components/malloc_size_of/lib.rs:397

Categories

(Core :: CSS Parsing and Computation, defect, P2)

defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- unaffected
firefox56 --- unaffected
firefox57 --- fixed

People

(Reporter: jkratzer, Assigned: n.nethercote)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])

Attachments

(3 files)

Attached file Testcase
Testcase found while fuzzing mozilla-central rev 20170920-a20de99fa3c1.
Flags: in-testsuite?
Attached file log_minidump.txt
Stacktrace minidump.
Assignee: nobody → n.nethercote
Flags: needinfo?(n.nethercote)
Priority: -- → P2
Whiteboard: [fuzzblocker]
Flags: needinfo?(n.nethercote)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
NI Nick to land the crashtest.
Flags: needinfo?(n.nethercote)
I can't get this to crash just by loading the test case. I also have to open about:memory and click "measure". So it seems like this line: > try { fuzzPriv.getMemoryReports(true) } catch(e) { } isn't doing anything. I tried moving that line after the `insertRule` line but it didn't help. jkratzer, any suggestions?
Flags: needinfo?(n.nethercote) → needinfo?(jkratzer)
(In reply to Nicholas Nethercote [:njn] from comment #5) > I can't get this to crash just by loading the test case. I also have to open > about:memory and click "measure". So it seems like this line: > > > try { fuzzPriv.getMemoryReports(true) } catch(e) { } > > isn't doing anything. I tried moving that line after the `insertRule` line > but it didn't help. > > jkratzer, any suggestions? You'll need the fuzzPriv extension which you can find here: https://github.com/MozillaSecurity/domfuzz/tree/master/dom/extension You may also need the following prefs enabled: user_pref("extensions.legacy.enabled", true); user_pref("extensions.allow-non-mpc-extensions", true);
Flags: needinfo?(jkratzer)
The fuzzprivs extension isn't going to help for a crashtest. You'll want to add something to SpecialPowers, which is available in crashtests.
Flags: needinfo?(n.nethercote)
I don't really want to add stuff to SpecialPowers for this very small crashtest. So I tried adding the code to toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I couldn't get it to work, presumably due to differences between HTML and XUL. So now I'm stuck and I don't think it's worth more effort to get this test working in some other way.
Flags: needinfo?(n.nethercote)
(In reply to Nicholas Nethercote [:njn] from comment #8) > I don't really want to add stuff to SpecialPowers for this very small > crashtest. Why not? It'd just be a few lines of code, similar to what we do for forceGC: http://searchfox.org/mozilla-central/rev/15ce5cb2db0c85abbabe39a962b0e697c9ef098f/testing/specialpowers/content/specialpowersAPI.js#1491 > So I tried adding the code to > toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I > couldn't get it to work, presumably due to differences between HTML and XUL. > So now I'm stuck and I don't think it's worth more effort to get this test > working in some other way. I agree that we could probably live without the crashtest, but I would like to make sure we're on the same page in terms of adding something like this to SpecialPowers being a low bar.
Flags: needinfo?(n.nethercote)
Attached patch Add crashtestSplinter Review
This required adding getMemoryReports() to SpecialPowers.
Attachment #8912096 - Flags: review?(bobbyholley)
Flags: needinfo?(n.nethercote)
Comment on attachment 8912096 [details] [diff] [review] Add crashtest Review of attachment 8912096 [details] [diff] [review]: ----------------------------------------------------------------- Thanks.
Attachment #8912096 - Flags: review?(bobbyholley) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: