1401692 - stylo: thread '<unnamed>' panicked at 'assertion failed: n == 0', /builds/worker/workspace/build/src/servo/components/malloc_size_of/lib.rs:397

Status: RESOLVED FIXED

Description

[Jason Kratzer [:jkratzer]]

Attachment: Testcase

Testcase found while fuzzing mozilla-central rev 20170920-a20de99fa3c1.

Comment 1

[Jason Kratzer [:jkratzer]]

Attachment: log_minidump.txt

Stacktrace minidump.

Comment 2

[Nicholas Nethercote [:njn]]

https://github.com/servo/servo/pull/18583 has the fix.

Comment 3

[Bobby Holley (:bholley)]

https://hg.mozilla.org/integration/autoland/rev/1bf51e25a57b

Comment 4

[Bobby Holley (:bholley)]

NI Nick to land the crashtest.

Comment 5

[Nicholas Nethercote [:njn]]

I can't get this to crash just by loading the test case. I also have to open about:memory and click "measure". So it seems like this line:

>       try { fuzzPriv.getMemoryReports(true) } catch(e) { }

isn't doing anything. I tried moving that line after the `insertRule` line but it didn't help.

jkratzer, any suggestions?

Comment 6

[Jason Kratzer [:jkratzer]]

(In reply to Nicholas Nethercote [:njn] from comment #5)
> I can't get this to crash just by loading the test case. I also have to open
> about:memory and click "measure". So it seems like this line:
> 
> >       try { fuzzPriv.getMemoryReports(true) } catch(e) { }
> 
> isn't doing anything. I tried moving that line after the `insertRule` line
> but it didn't help.
> 
> jkratzer, any suggestions?

You'll need the fuzzPriv extension which you can find here:
https://github.com/MozillaSecurity/domfuzz/tree/master/dom/extension

You may also need the following prefs enabled:
user_pref("extensions.legacy.enabled", true);
user_pref("extensions.allow-non-mpc-extensions", true);

Comment 7

[Bobby Holley (:bholley)]

The fuzzprivs extension isn't going to help for a crashtest. You'll want to add something to SpecialPowers, which is available in crashtests.

Comment 8

[Nicholas Nethercote [:njn]]

I don't really want to add stuff to SpecialPowers for this very small crashtest. So I tried adding the code to toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I couldn't get it to work, presumably due to differences between HTML and XUL. So now I'm stuck and I don't think it's worth more effort to get this test working in some other way.

Comment 9

[Bobby Holley (:bholley)]

(In reply to Nicholas Nethercote [:njn] from comment #8)
> I don't really want to add stuff to SpecialPowers for this very small
> crashtest.

Why not? It'd just be a few lines of code, similar to what we do for forceGC:

http://searchfox.org/mozilla-central/rev/15ce5cb2db0c85abbabe39a962b0e697c9ef098f/testing/specialpowers/content/specialpowersAPI.js#1491

> So I tried adding the code to
> toolkit/components/aboutmemory/tests/test_memoryReporters.xul, but I
> couldn't get it to work, presumably due to differences between HTML and XUL.
> So now I'm stuck and I don't think it's worth more effort to get this test
> working in some other way.

I agree that we could probably live without the crashtest, but I would like to make sure we're on the same page in terms of adding something like this to SpecialPowers being a low bar.

Comment 10

[Nicholas Nethercote [:njn]]

Attachment: Add crashtest

This required adding getMemoryReports() to SpecialPowers.

Comment 11

[Bobby Holley (:bholley)]

Comment on attachment 8912096 [details] [diff] [review]
Add crashtest

Review of attachment 8912096 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks.

Comment 12

[Nicholas Nethercote [:njn]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/060e7ed8536c184a4b8da50c1fe10f81feac29ff
Bug 1401692 - Add crashtest. r=bholley.

Comment 13

[Wes Kocher (:KWierso)]

https://hg.mozilla.org/mozilla-central/rev/060e7ed8536c