Open Bug 1415011 Opened 2 years ago Updated 2 years ago

Assertion failure: rect->width >= metrics->minSizeWithBorder.width (GetMinimumWidgetSize was ignored), at /builds/worker/workspace/build/src/widget/gtk/gtk3drawing.cpp:398

Categories

(Core :: Widget: Gtk, defect, P3)

defect

Tracking

()

Tracking Status
firefox-esr52 --- wontfix
firefox56 --- wontfix
firefox57 --- wontfix
firefox58 --- wontfix
firefox59 --- ?

People

(Reporter: jkratzer, Assigned: stransky)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

Attached file trigger.html
Testcase found while fuzzing mozilla-central rev dc45ee24c55d.

==31032==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f7a7d3235f7 bp 0x7fff0b95e420 sp 0x7fff0b95e3a0 T0)
==31032==The signal is caused by a WRITE memory access.
==31032==Hint: address points to the zero page.
    #0 0x7f7a7d3235f6 in moz_gtk_toggle_paint(_cairo*, _cairo_rectangle_int*, GtkWidgetState*, int, int, int, GtkTextDirection) /builds/worker/workspace/build/src/widget/gtk/gtk3drawing.cpp:397:5
    #1 0x7f7a7d3225e0 in moz_gtk_widget_paint(WidgetNodeType, _cairo*, _cairo_rectangle_int*, GtkWidgetState*, int, GtkTextDirection) /builds/worker/workspace/build/src/widget/gtk/gtk3drawing.cpp:2793:16
    #2 0x7f7a7d35aacb in DrawThemeWithCairo(gfxContext*, mozilla::gfx::DrawTarget*, GtkWidgetState, WidgetNodeType, int, GtkTextDirection, int, bool, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, _cairo_rectangle_int&, nsITheme::Transparency) /builds/worker/workspace/build/src/widget/gtk/nsNativeThemeGTK.cpp:974:9
    #3 0x7f7a7d359c6a in nsNativeThemeGTK::DrawWidgetBackground(gfxContext*, nsIFrame*, unsigned char, nsRect const&, nsRect const&) /builds/worker/workspace/build/src/widget/gtk/nsNativeThemeGTK.cpp:1202:3
    #4 0x7f7a7d35b67f in non-virtual thunk to nsNativeThemeGTK::DrawWidgetBackground(gfxContext*, nsIFrame*, unsigned char, nsRect const&, nsRect const&) /builds/worker/workspace/build/src/widget/gtk/nsNativeThemeGTK.cpp:1096:19
    #5 0x7f7a7deda5d4 in nsDisplayThemedBackground::PaintInternal(nsDisplayListBuilder*, gfxContext*, nsRect const&, nsRect*) /builds/worker/workspace/build/src/layout/painting/nsDisplayList.cpp:4288:10
    #6 0x7f7a7de79263 in mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float, int) /builds/worker/workspace/build/src/layout/painting/FrameLayerBuilder.cpp:6033:21
    #7 0x7f7a7de7b010 in mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) /builds/worker/workspace/build/src/layout/painting/FrameLayerBuilder.cpp:6200:19
    #8 0x7f7a799b22f5 in mozilla::layers::ClientPaintedLayer::PaintThebes(nsTArray<mozilla::layers::ReadbackProcessor::Update>*) /builds/worker/workspace/build/src/gfx/layers/client/ClientPaintedLayer.cpp:164:5
    #9 0x7f7a799b3a7f in mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) /builds/worker/workspace/build/src/gfx/layers/client/ClientPaintedLayer.cpp:293:3
    #10 0x7f7a799dc570 in mozilla::layers::ClientContainerLayer::RenderLayer() /builds/worker/workspace/build/src/gfx/layers/client/ClientContainerLayer.h:58:29
    #11 0x7f7a799dc570 in mozilla::layers::ClientContainerLayer::RenderLayer() /builds/worker/workspace/build/src/gfx/layers/client/ClientContainerLayer.h:58:29
    #12 0x7f7a799ad860 in mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /builds/worker/workspace/build/src/gfx/layers/client/ClientLayerManager.cpp:384:13
    #13 0x7f7a799ae22d in mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /builds/worker/workspace/build/src/gfx/layers/client/ClientLayerManager.cpp:442:3
    #14 0x7f7a7deccc73 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) /builds/worker/workspace/build/src/layout/painting/nsDisplayList.cpp:2548:17
    #15 0x7f7a7d8f70ff in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/workspace/build/src/layout/base/nsLayoutUtils.cpp:3907:12
    #16 0x7f7a7d8340d2 in mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:6471:5
    #17 0x7f7a7d23b54a in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/workspace/build/src/view/nsViewManager.cpp:480:19
    #18 0x7f7a7d23af05 in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/workspace/build/src/view/nsViewManager.cpp:412:33
    #19 0x7f7a7d23cfc9 in nsViewManager::ProcessPendingUpdates() /builds/worker/workspace/build/src/view/nsViewManager.cpp:1102:5
    #20 0x7f7a7d7b95f5 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:2047:11
    #21 0x7f7a7d7c1dae in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:306:7
    #22 0x7f7a7d7c1b96 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:328:5
    #23 0x7f7a7d7c5065 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:769:5
    #24 0x7f7a7d7c4106 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:682:35
    #25 0x7f7a7d7c0287 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:528:20
    #26 0x7f7a77b08cff in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1037:14
    #27 0x7f7a77b29910 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:513:10
    #28 0x7f7a786c6025 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
    #29 0x7f7a78618177 in MessageLoop::RunInternal() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
    #30 0x7f7a78618009 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299:3
    #31 0x7f7a7d2aae1a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27
    #32 0x7f7a804cefe1 in nsAppStartup::Run() /builds/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:288:30
    #33 0x7f7a80643b68 in XREMain::XRE_mainRun() /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4675:22
    #34 0x7f7a8064578a in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4837:8
    #35 0x7f7a806466b9 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4932:21
    #36 0x4ed558 in do_main(int, char**, char**) /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:231:22
    #37 0x4ece7b in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:304:16
    #38 0x7f7a96d6082f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
Flags: in-testsuite?
The testcase reproduces in debug builds further back than a year. Looks like the assertion itself has roots as far back as bug 402940. Martin, is this something you might be interested in looking at?
Has Regression Range: --- → no
Flags: needinfo?(stransky)
Version: 52 Branch → unspecified
I'll look at it, Thanks.
Assignee: nobody → stransky
Flags: needinfo?(stransky)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.