stylo: thread '<unnamed>' panicked at 'assertion failed: n == 0', /builds/worker/workspace/build/src/servo/components/malloc_size_of/lib.rs:397

RESOLVED FIXED

Status

()

defect
P2
normal
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: jkratzer, Assigned: njn)

Tracking

(Blocks 2 bugs, {assertion, testcase})

unspecified
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox55 unaffected, firefox56 unaffected, firefox57 fixed)

Details

(Whiteboard: [fuzzblocker])

Attachments

(3 attachments)

Posted file Testcase
Testcase found while fuzzing mozilla-central rev 20170920-a20de99fa3c1.
Flags: in-testsuite?
Posted file log_minidump.txt
Stacktrace minidump.
Assignee: nobody → n.nethercote
Flags: needinfo?(n.nethercote)
Priority: -- → P2
Whiteboard: [fuzzblocker]
https://github.com/servo/servo/pull/18583 has the fix.
Flags: needinfo?(n.nethercote)
https://hg.mozilla.org/integration/autoland/rev/1bf51e25a57b
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
NI Nick to land the crashtest.
Flags: needinfo?(n.nethercote)
I can't get this to crash just by loading the test case. I also have to open about:memory and click "measure". So it seems like this line:

>       try { fuzzPriv.getMemoryReports(true) } catch(e) { }

isn't doing anything. I tried moving that line after the `insertRule` line but it didn't help.

jkratzer, any suggestions?
Flags: needinfo?(n.nethercote) → needinfo?(jkratzer)
(In reply to Nicholas Nethercote [:njn] from comment #5)
> I can't get this to crash just by loading the test case. I also have to open
> about:memory and click "measure". So it seems like this line:
> 
> >       try { fuzzPriv.getMemoryReports(true) } catch(e) { }
> 
> isn't doing anything. I tried moving that line after the `insertRule` line
> but it didn't help.
> 
> jkratzer, any suggestions?

You'll need the fuzzPriv extension which you can find here:
https://github.com/MozillaSecurity/domfuzz/tree/master/dom/extension

You may also need the following prefs enabled:
user_pref("extensions.legacy.enabled", true);
user_pref("extensions.allow-non-mpc-extensions", true);
Flags: needinfo?(jkratzer)
The fuzzprivs extension isn't going to help for a crashtest. You'll want to add something to SpecialPowers, which is available in crashtests.
Flags: needinfo?(n.nethercote)
I don't really want to add stuff to SpecialPowers for this very small crashtest. So I tried adding the code to toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I couldn't get it to work, presumably due to differences between HTML and XUL. So now I'm stuck and I don't think it's worth more effort to get this test working in some other way.
Flags: needinfo?(n.nethercote)
(In reply to Nicholas Nethercote [:njn] from comment #8)
> I don't really want to add stuff to SpecialPowers for this very small
> crashtest.

Why not? It'd just be a few lines of code, similar to what we do for forceGC:

http://searchfox.org/mozilla-central/rev/15ce5cb2db0c85abbabe39a962b0e697c9ef098f/testing/specialpowers/content/specialpowersAPI.js#1491

> So I tried adding the code to
> toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I
> couldn't get it to work, presumably due to differences between HTML and XUL.
> So now I'm stuck and I don't think it's worth more effort to get this test
> working in some other way.

I agree that we could probably live without the crashtest, but I would like to make sure we're on the same page in terms of adding something like this to SpecialPowers being a low bar.
Flags: needinfo?(n.nethercote)
Posted patch Add crashtestSplinter Review
This required adding getMemoryReports() to SpecialPowers.
Attachment #8912096 - Flags: review?(bobbyholley)
Flags: needinfo?(n.nethercote)
Comment on attachment 8912096 [details] [diff] [review]
Add crashtest

Review of attachment 8912096 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks.
Attachment #8912096 - Flags: review?(bobbyholley) → review+
You need to log in before you can comment on or make changes to this bug.