Open
Bug 1423355
Opened 7 years ago
Updated 1 year ago
Assertion failure: value >= minimum && value <= maximum (Unsanitized value), at layout/forms/nsRangeFrame.cpp:507
Categories
(Core :: Layout: Form Controls, defect, P3)
Core
Layout: Form Controls
Tracking
()
People
(Reporter: rforbes, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file, 1 obsolete file)
|
223 bytes,
text/html
|
Details |
testcase found by fuzzing on mozilla-central rev b4cef8d1dff0
=================================================================
==11926==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6968fd1858 bp 0x7ffc30819210 sp 0x7ffc30818fe0 T0)
==11926==The signal is caused by a WRITE memory access.
==11926==Hint: address points to the zero page.
#0 0x7f6968fd1857 in nsRangeFrame::GetValueAsFractionOfRange() /builds/worker/workspace/build/src/layout/forms/nsRangeFrame.cpp:493:3
#1 0x7f6968fd1095 in nsRangeFrame::DoUpdateRangeProgressFrame(nsIFrame*, nsSize const&) /builds/worker/workspace/build/src/layout/forms/nsRangeFrame.cpp:711:21
#2 0x7f6968fd2ebe in nsRangeFrame::UpdateForValueChange() /builds/worker/workspace/build/src/layout/forms/nsRangeFrame.cpp:619:5
#3 0x7f6967196234 in mozilla::dom::HTMLInputElement::SetValueInternal(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const*, unsigned int) /builds/worker/workspace/build/src/dom/html/HTMLInputElement.cpp:3054:20
#4 0x7f696718897e in mozilla::dom::HTMLInputElement::SetValue(nsTSubstring<char16_t> const&, mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/html/HTMLInputElement.cpp:1838:9
#5 0x7f6967196bf8 in mozilla::dom::HTMLInputElement::SetValue(blink::Decimal, mozilla::dom::CallerType) /builds/worker/workspace/build/src/dom/html/HTMLInputElement.cpp:1917:3
#6 0x7f6967198acc in mozilla::dom::HTMLInputElement::SetValueAsNumber(double, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/html/HTMLInputElement.cpp:2055:3
#7 0x7f6966a40498 in mozilla::dom::HTMLInputElementBinding::set_valueAsNumber(JSContext*, JS::Handle<JSObject*>, mozilla::dom::HTMLInputElement*, JSJitSetterCallArgs) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/HTMLInputElementBinding.cpp:2754:9
#8 0x7f6966c6a2ef in mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3003:8
#9 0x7f696bd6846f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) /builds/worker/workspace/build/src/js/src/jscntxtinlines.h:291:15
#10 0x7f696bd67e09 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:473:16
#11 0x7f696bd691bd in InternalCall(JSContext*, js::AnyInvokeArgs const&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#12 0x7f696bd693c5 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:541:10
#13 0x7f696bd6aa2d in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:670:12
#14 0x7f696cb8584d in SetExistingProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&) /builds/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2731:10
#15 0x7f696cb85001 in bool js::NativeSetProperty<(js::QualifiedBool)1>(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/workspace/build/src/js/src/vm/NativeObject.cpp:2759:20
#16 0x7f696bd0d0b3 in js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /builds/worker/workspace/build/src/js/src/vm/NativeObject.h:1633:12
#17 0x7f696bd9023a in SetPropertyOperation(JSContext*, JSOp, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:270:12
#18 0x7f696bd4e58f in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2893:10
#19 0x7f696bd4923b in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:423:12
#20 0x7f696bd6afb0 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:706:15
#21 0x7f696bd6bac9 in js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:738:12
#22 0x7f696c694c8e in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Value*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:4702:12
#23 0x7f696c695570 in ExecuteScript(JSContext*, JS::AutoObjectVector&, JS::Handle<JSScript*>, JS::Value*) /builds/worker/workspace/build/src/js/src/jsapi.cpp:4721:12
#24 0x7f696c695110 in JS_ExecuteScript(JSContext*, JS::AutoObjectVector&, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:4742:12
#25 0x7f696538a99c in nsJSUtils::ExecutionContext::CompileAndExec(JS::CompileOptions&, JS::SourceBufferHolder&, JS::MutableHandle<JSScript*>) /builds/worker/workspace/build/src/dom/base/nsJSUtils.cpp:266:8
#26 0x7f69684c670a in mozilla::dom::ScriptLoader::EvaluateScript(mozilla::dom::ScriptLoadRequest*) /builds/worker/workspace/build/src/dom/script/ScriptLoader.cpp:2285:25
#27 0x7f69684c326b in mozilla::dom::ScriptLoader::ProcessRequest(mozilla::dom::ScriptLoadRequest*) /builds/worker/workspace/build/src/dom/script/ScriptLoader.cpp:1927:10
#28 0x7f69684b0093 in mozilla::dom::ScriptLoader::ProcessScriptElement(nsIScriptElement*) /builds/worker/workspace/build/src/dom/script/ScriptLoader.cpp:1625:10
#29 0x7f69684ae9bc in mozilla::dom::ScriptElement::MaybeProcessScript() /builds/worker/workspace/build/src/dom/script/ScriptElement.cpp:147:18
#30 0x7f69644c123e in nsIScriptElement::AttemptToExecute() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsIScriptElement.h:226:18
#31 0x7f69644c0238 in nsHtml5TreeOpExecutor::RunScript(nsIContent*) /builds/worker/workspace/build/src/parser/html/nsHtml5TreeOpExecutor.cpp:735:22
#32 0x7f69644bc93e in nsHtml5TreeOpExecutor::RunFlushLoop() /builds/worker/workspace/build/src/parser/html/nsHtml5TreeOpExecutor.cpp:539:7
#33 0x7f69644c67e4 in nsHtml5ExecutorFlusher::Run() /builds/worker/workspace/build/src/parser/html/nsHtml5StreamParser.cpp:130:20
#34 0x7f6962a07fb9 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:396:25
#35 0x7f6962a3f1bc in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1033:14
#36 0x7f6962a61938 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:508:10
#37 0x7f69636648b3 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
#38 0x7f69635aa7a8 in MessageLoop::RunInternal() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
#39 0x7f69635aa62c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299:3
#40 0x7f6968619c8a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27
#41 0x7f696bb0ef80 in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:865:22
#42 0x7f6963665515 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:269:9
#43 0x7f69635aa7a8 in MessageLoop::RunInternal() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
#44 0x7f69635aa62c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299:3
#45 0x7f696bb0e6de in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:691:34
#46 0x4ef336 in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:63:30
#47 0x4ef5be in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280:18
#48 0x7f6981f2a82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
#49 0x41f114 in _start (/home/rforbes/fuzzing/builds/mc-asan-debug/firefox+0x41f114)
|
||
Updated•6 years ago
|
Priority: -- → P1
|
|
||
Updated•6 years ago
|
Priority: P1 → P3
Looks similar to bug 893331, I'm also running into this while testing EME via shaka-player demo. Not my area of expertise, but I imagine a similar solution to bug 893331 could be suitable: find a minimal test case to add to the crash tests and relax the assert.
|
||
Updated•5 years ago
|
status-firefox65:
--- → affected
status-firefox66:
--- → affected
status-firefox67:
--- → affected
status-firefox-esr60:
--- → affected
Keywords: assertion
|
||
Updated•2 years ago
|
Severity: normal → S3
|
|
||
Comment 4•1 year ago
|
||
Here is an updated stack as well.
Assertion failure: aValue >= minimum && aValue <= maximum (Unsanitized value), at /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:334
#0 0x7fcbb8445623 in nsRangeFrame::GetDoubleAsFractionOfRange(blink::Decimal const&) /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:334:3
#1 0x7fcbb8444e52 in GetValueAsFractionOfRange /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:314:10
#2 0x7fcbb8444e52 in nsRangeFrame::DoUpdateThumbPosition(nsIFrame*, nsSize const&) /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:520:21
#3 0x7fcbb844472d in nsRangeFrame::ReflowAnonymousContent(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&) /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:276:5
#4 0x7fcbb84439a3 in nsRangeFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/forms/nsRangeFrame.cpp:175:3
#5 0x7fcbb83ccb01 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /builds/worker/checkouts/gecko/layout/generic/nsLineLayout.cpp:870:13
#6 0x7fcbb82b998e in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4719:15
#7 0x7fcbb82b8c2a in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowState&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4521:5
#8 0x7fcbb82b4e61 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowState&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4395:9
#9 0x7fcbb82b12f7 in nsBlockFrame::ReflowLine(mozilla::BlockReflowState&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:3381:5
#10 0x7fcbb82ab5e8 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowState&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:2895:9
#11 0x7fcbb82a6dfb in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:1470:3
#12 0x7fcbb82cab39 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1029:14
#13 0x7fcbb82ca099 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsCanvasFrame.cpp:754:7
#14 0x7fcbb82cab39 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1029:14
#15 0x7fcbb83131b0 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput&, bool, bool, mozilla::ReflowOutput*) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:840:3
#16 0x7fcbb8313f3f in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput&, mozilla::ReflowOutput const&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:976:3
#17 0x7fcbb8318a4d in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:1403:3
#18 0x7fcbb829b726 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1069:14
#19 0x7fcbb829ae74 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/ViewportFrame.cpp:384:7
#20 0x7fcbb8195baa in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9687:11
#21 0x7fcbb81b9c2f in mozilla::PresShell::ProcessReflowCommands(bool) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9859:24
#22 0x7fcbb819f609 in DoFlushLayout /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9929:10
#23 0x7fcbb819f609 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4440:11
#24 0x7fcbb484dbd2 in FlushPendingNotifications /builds/worker/workspace/obj-build/dist/include/mozilla/PresShell.h:1462:5
#25 0x7fcbb484dbd2 in mozilla::dom::Document::FlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/dom/base/Document.cpp:10737:16
#26 0x7fcbb3cf8382 in nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:742:14
#27 0x7fcbb3cf97b5 in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:680:5
#28 0x7fcbb988a7fe in nsDocShell::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:13865:23
#29 0x7fcbb2fd6a8f in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:628:22
#30 0x7fcbb2fd7fb3 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:532:10
#31 0x7fcbb4852ae9 in mozilla::dom::Document::DoUnblockOnload() /builds/worker/checkouts/gecko/dom/base/Document.cpp:11518:18
#32 0x7fcbb481ec9b in mozilla::dom::Document::UnblockOnload(bool) /builds/worker/checkouts/gecko/dom/base/Document.cpp:11456:9
#33 0x7fcbb48398f8 in mozilla::dom::Document::DispatchContentLoadedEvents() /builds/worker/checkouts/gecko/dom/base/Document.cpp:7983:3
#34 0x7fcbb48eaa48 in applyImpl<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12
#35 0x7fcbb48eaa48 in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1168:12
#36 0x7fcbb48eaa48 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1215:13
#37 0x7fcbb2dc5692 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:140:20
#38 0x7fcbb2dcf915 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:538:16
#39 0x7fcbb2dcaefc in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:851:26
#40 0x7fcbb2dc9aca in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:683:15
#41 0x7fcbb2dc9e25 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:461:36
#42 0x7fcbb2dd3216 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:187:37
#43 0x7fcbb2dd3216 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_2>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:546:5
#44 0x7fcbb2de8ba8 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#45 0x7fcbb2def31d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:474:10
#46 0x7fcbb39e0603 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#47 0x7fcbb3905598 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#48 0x7fcbb39054a1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#49 0x7fcbb39054a1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#50 0x7fcbb7e11938 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:150:27
#51 0x7fcbba03e84b in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:884:20
#52 0x7fcbb39e14c9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#53 0x7fcbb3905598 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#54 0x7fcbb39054a1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#55 0x7fcbb39054a1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#56 0x7fcbba03dddc in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34
#57 0x563e5604fca0 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#58 0x563e5604fca0 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:359:18
#59 0x7fcbc6550d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#60 0x7fcbc6550e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#61 0x563e56026308 in _start (/home/user/workspace/browsers/m-c-20221208153054-fuzzing-debug/firefox-bin+0x5b308) (BuildId: cf3f3feb87a6f6cf895057243eae02a02822a19c)
status-firefox107:
--- → wontfix
status-firefox108:
--- → wontfix
status-firefox109:
--- → affected
status-firefox-esr102:
--- → affected
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•