Open Bug 1415166 Opened 2 years ago Updated 3 months ago

Assertion failure: !elem->GetParent()->IsHTMLElement() (HTML element should always be out-of-flow if in the top layer), at /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:166

Categories

(Core :: Layout, defect, P3)

52 Branch
defect

Tracking

()

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

Attached file trigger.html
Testcase found while fuzzing mozilla-central rev 923836aebbc3.

==26885==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f0a6fda80a0 bp 0x7ffc2c939650 sp 0x7ffc2c939540 T0)
==26885==The signal is caused by a WRITE memory access.
==26885==Hint: address points to the zero page.
    #0 0x7f0a6fda809f in mozilla::ViewportFrame::BuildDisplayListForTopLayer(nsDisplayListBuilder*, nsDisplayList*) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:174:9
    #1 0x7f0a6fda643d in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:70:3
    #2 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
    #3 0x7f0a6ff6dbe0 in nsSubDocumentFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/nsSubDocumentFrame.cpp:510:9
    #4 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
    #5 0x7f0a6fda731a in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3608:12
    #6 0x7f0a701610a6 in nsStackFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsStackFrame.cpp:59:5
    #7 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #8 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #9 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #10 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #11 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #12 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #13 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #14 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #15 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #16 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #17 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #18 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
    #19 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #20 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #21 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #22 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #23 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #24 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #25 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #26 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #27 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #28 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #29 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #30 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #31 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #32 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #33 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
    #34 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #35 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #36 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #37 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #38 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #39 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
    #40 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #41 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #42 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #43 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
    #44 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #45 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
    #46 0x7f0a70141579 in nsRootBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsRootBoxFrame.cpp:190:3
    #47 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
    #48 0x7f0a6fda641f in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:66:5
    #49 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
    #50 0x7f0a6fceab1a in nsLayoutUtils::GetFramesForArea(nsIFrame*, nsRect const&, nsTArray<nsIFrame*>&, unsigned int) /builds/worker/workspace/build/src/layout/base/nsLayoutUtils.cpp:3298:11
    #51 0x7f0a6fcea763 in nsLayoutUtils::GetFrameForPoint(nsIFrame*, nsPoint, unsigned int) /builds/worker/workspace/build/src/layout/base/nsLayoutUtils.cpp:3258:8
    #52 0x7f0a6fc02c07 in mozilla::FindFrameTargetedByInputEvent(mozilla::WidgetGUIEvent*, nsIFrame*, nsPoint const&, unsigned int) /builds/worker/workspace/build/src/layout/base/PositionedEventTargeting.cpp:544:5
    #53 0x7f0a6fc3227c in mozilla::PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:7212:9
    #54 0x7f0a6f631b8d in nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) /builds/worker/workspace/build/src/view/nsViewManager.cpp:812:14
    #55 0x7f0a6fc1c27c in mozilla::PresShell::DispatchSynthMouseMove(mozilla::WidgetGUIEvent*, bool) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:3760:33
    #56 0x7f0a6fc29999 in mozilla::PresShell::ProcessSynthMouseMoveEvent(bool) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:5713:12
    #57 0x7f0a6fc6240b in mozilla::PresShell::nsSynthMouseMoveEvent::WillRefresh(mozilla::TimeStamp) /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/PresShell.h:655:16
    #58 0x7f0a6fbb1bfb in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:1843:12
    #59 0x7f0a6fbbb2fe in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:306:7
    #60 0x7f0a6fbbb0e6 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:328:5
    #61 0x7f0a6fbbe5b5 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:769:5
    #62 0x7f0a6fbbd656 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:682:35
    #63 0x7f0a6fbb97d7 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:528:20
    #64 0x7f0a69f00e8f in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1037:14
    #65 0x7f0a69f21aa0 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:513:10
    #66 0x7f0a6aabdfe5 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
    #67 0x7f0a6aa10137 in MessageLoop::RunInternal() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
    #68 0x7f0a6aa0ffc9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299:3
    #69 0x7f0a6f6a3eda in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27
    #70 0x7f0a728c3e21 in nsAppStartup::Run() /builds/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:288:30
    #71 0x7f0a72a389a8 in XREMain::XRE_mainRun() /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4675:22
    #72 0x7f0a72a3a5ca in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4837:8
    #73 0x7f0a72a3b4f9 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4932:21
Flags: in-testsuite?
Priority: -- → P3
Requesting fullscreen on <frame>... which should be denied I suppose.
Flags: needinfo?(xidorn+moz)
OK, so I guess the reason here is that <frame> cannot be out-of-flow, and thus this assertion.

The solution, I guess, is probably to forbid <frame> to enter fullscreen at all.

Filed spec issue whatwg/fullscreen#112 for this.
Flags: needinfo?(xidorn+moz)
Blocking bug 746437 since it potentially needs a change to the spec and we can track it from there.
Blocks: 746437
You need to log in before you can comment on or make changes to this bug.