Open
Bug 1436223
Opened 7 years ago
Updated 2 years ago
UBSan: value is outside the range of representable values of type 'unsigned int' in dom/base/nsJSEnvironment.cpp:1859
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-undefined)
This seems to be triggered after a few minutes with regular browsing.
Found in mozilla-central changeset: 402372:3df7961bad2c. Built with -fsanitize=enum,float-cast-overflow,float-divide-by-zero,integer-divide-by-zero,signed-integer-overflow
/dom/base/nsJSEnvironment.cpp:1859:16: runtime error: -5.3346 is outside the range of representable values of type 'unsigned int'
#0 0x7fc29b98faf3 in InterSliceGCRunnerFired(mozilla::TimeStamp, void*) /dom/base/nsJSEnvironment.cpp:1859:16
#1 0x7fc29b99f33d in std::_Function_handler<bool (mozilla::TimeStamp), DOMGCSliceCallback(JSContext*, JS::GCProgress, JS::GCDescription const&)::$_9>::_M_invoke(std::_Any_data const&, mozilla::TimeStamp&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/std_function.h:301:9
#2 0x7fc297c201e3 in std::function<bool (mozilla::TimeStamp)>::operator()(mozilla::TimeStamp) const /usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/std_function.h:706:14
#3 0x7fc297c1eacc in mozilla::IdleTaskRunner::Run() /xpcom/threads/IdleTaskRunner.cpp:62:14
#4 0x7fc297c70301 in nsThread::ProcessNextEvent(bool, bool*) /xpcom/threads/nsThread.cpp:1040:14
#5 0x7fc297cad37a in NS_ProcessNextEvent(nsIThread*, bool) /xpcom/threads/nsThreadUtils.cpp:517:10
#6 0x7fc299008381 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:97:21
#7 0x7fc298e67090 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:299:3
#8 0x7fc29f281b95 in nsBaseAppShell::Run() /widget/nsBaseAppShell.cpp:157:27
#9 0x7fc2a5179187 in nsAppStartup::Run() /toolkit/components/startup/nsAppStartup.cpp:288:30
#10 0x7fc2a534fffa in XREMain::XRE_mainRun() /toolkit/xre/nsAppRunner.cpp:4707:22
#11 0x7fc2a5351eaf in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:4842:8
#12 0x7fc2a5352ce1 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /toolkit/xre/nsAppRunner.cpp:4934:21
#13 0x51855e in do_main(int, char**, char**) /browser/app/nsBrowserApp.cpp:231:22
#14 0x517d44 in main /browser/app/nsBrowserApp.cpp:304:16
#15 0x7fc2cfab61c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
#16 0x4207a9 in _start (/objdir-ff-ubsan/dist/bin/firefox+0x4207a9)
|
||
Updated•7 years ago
|
Component: JavaScript: GC → DOM
|
|
||
Comment 1•7 years ago
|
||
Looks like that is this line:
uint32_t percent =
uint32_t(idleDuration.ToSeconds() / duration.ToSeconds() * 100);
I'm not sure what in there ends up as negative.
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•