Closed
Bug 1441613
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::dom::GetFontStyleForServo
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
RESOLVED
FIXED
mozilla60
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox58 | --- | unaffected |
firefox59 | --- | unaffected |
firefox60 | --- | fixed |
People
(Reporter: marcia, Assigned: emilio)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(3 files)
This bug was filed from the Socorro interface and is
report bp-f22bddc2-6435-4491-a67b-f00170180227.
=============================================================
Seen while looking at nightly crash stats - 61 crashes/48 installations and appears to have started in 20180225220119: http://bit.ly/2F8ETIp
Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b3191953ccdabd335ffb383905a36b0062e547b2&tochange=7208b6a7b11c3ed8c87a7f17c9c30a8f9583e791
One comment (used Google Translate) When a Google ad appears in the video footer the flap locks
Top 6 frames of crashing thread:
0 xul.dll mozilla::dom::GetFontStyleForServo dom/canvas/CanvasRenderingContext2D.cpp:2934
1 xul.dll mozilla::dom::CanvasRenderingContext2D::SetFontInternal dom/canvas/CanvasRenderingContext2D.cpp:4006
2 xul.dll mozilla::dom::CanvasRenderingContext2DBinding::set_font dom/bindings/CanvasRenderingContext2DBinding.cpp:6222
3 xul.dll mozilla::dom::GenericBindingSetter dom/bindings/BindingUtils.cpp:2992
4 xul.dll js::jit::CallNativeSetter js/src/jit/VMFunctions.cpp:1572
5 @0x60815965bf
=============================================================
Comment 1•7 years ago
|
||
These are MOZ_RELEASE_ASSERT(parentStyle) (Should have a valid parent style) from
https://hg.mozilla.org/mozilla-central/file/bd6e200b5a6b2f9e5a9b31fcc92285aa7fc9afcc/dom/canvas/CanvasRenderingContext2D.cpp#l2934
emilio, does this ring a bell?
Flags: needinfo?(emilio)
Assignee | ||
Comment 2•7 years ago
|
||
I... I cannot make any sense of what that code is trying to assert.
Assignee: nobody → emilio
Flags: needinfo?(emilio)
Comment hidden (mozreview-request) |
Comment 4•7 years ago
|
||
mozreview-review |
Comment on attachment 8954689 [details]
Bug 1441613: Properly check for shell destruction instead of just nonsensically assert.
https://reviewboard.mozilla.org/r/223802/#review229820
Thanks!
I don't recall why I didn't originally put early return after FlushPendingNotifications[1].
[1] https://hg.mozilla.org/mozilla-central/rev/1876d89c8f37fb06dd2e20bee33f69333565b669#l1.67
Attachment #8954689 -
Flags: review?(hikezoe) → review+
Assignee | ||
Comment 5•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8954689 [details]
Bug 1441613: Properly check for shell destruction instead of just nonsensically assert.
https://reviewboard.mozilla.org/r/223802/#review229820
Oh, so fun how much the code has changed since that assert was introduced :-)
Comment 6•7 years ago
|
||
Actually I had a pretty simple testcase for this.
Comment 7•7 years ago
|
||
Assignee | ||
Comment 8•7 years ago
|
||
(In reply to Xidorn Quan [:xidorn] UTC+10 from comment #7)
> Created attachment 8954706 [details]
> testcase
I wouldn't have expected it to be so straight-forward, but makes sense of course. Will land as a crashtest, with a commit to your name of course.
Thanks!
Comment 9•7 years ago
|
||
For this to be reliable you may need to add reftest-wait, I guess.
Comment 10•7 years ago
|
||
Pushed by ecoal95@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/020a45f8ebe7
Properly check for shell destruction instead of just nonsensically assert. r=hiro
Assignee | ||
Comment 11•7 years ago
|
||
I'll try to push it whenever the tree is open again, feel free to do it if I miss it.
Comment 12•7 years ago
|
||
Pushed by ecoal95@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/c023fae29ccc
Crashtest. r=emilio
Comment 13•7 years ago
|
||
Pushed by ecoal95@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/d4b47e577288
Fixup crashtest so that it actually removes the reftest-wait class. r=me on a CLOSED TREE
Comment 14•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment 15•7 years ago
|
||
bugherder |
Updated•7 years ago
|
status-firefox58:
--- → unaffected
status-firefox59:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•