Open Bug 1443645 Opened 6 years ago Updated 2 years ago

Assertion failure: aImage->GetType() == imgIContainer::TYPE_VECTOR, at /builds/worker/workspace/build/src/image/ClippedImage.cpp:153

Categories

(Core :: Web Painting, defect, P3)

Product:
Core
Component:
Web Painting
Version:
59 Branch
Type:
defect

Tracking

()

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

trigger.html
354 bytes, text/html
Details
Attached file trigger.html 
Found while fuzzing mozilla-central rev a007dd56b994.

rax = 0x0000000000000000   rdx = 0x0000000000000000
rcx = 0x00007f675b4dd2dd   rbx = 0x00007f673e324ec0
rsi = 0x00007f675b7ac770   rdi = 0x00007f675b7ab540
rbp = 0x00007ffe6825fda0   rsp = 0x00007ffe6825fd50
r8 = 0x00007f675b7ac770    r9 = 0x00007f675c877740
r10 = 0x0000000000000039   r11 = 0x0000000000000000
r12 = 0x00007ffe6825ff64   r13 = 0x00007f6739cff280
r14 = 0x00007ffe6825ffd0   r15 = 0x000000000000012f
rip = 0x00007f674acbace4
OS|Linux|0.0.0 Linux 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::image::ClippedImage::ClippedImage|hg:hg.mozilla.org/mozilla-central:image/ClippedImage.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|152|0x18
0|1|libxul.so|mozilla::image::ImageOps::Clip|hg:hg.mozilla.org/mozilla-central:image/ImageOps.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|56|0x10
0|2|libxul.so|mozilla::nsImageRenderer::DrawBorderImageComponent|hg:hg.mozilla.org/mozilla-central:layout/painting/nsImageRenderer.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|910|0x28
0|3|libxul.so|nsCSSBorderImageRenderer::DrawBorderImage|hg:hg.mozilla.org/mozilla-central:layout/painting/nsCSSRenderingBorders.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|3667|0x1b
0|4|libxul.so|nsCSSRendering::PaintBorderWithStyleBorder|hg:hg.mozilla.org/mozilla-central:layout/painting/nsCSSRendering.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|937|0x20
0|5|libxul.so|nsCSSRendering::PaintBorder|hg:hg.mozilla.org/mozilla-central:layout/painting/nsCSSRendering.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|650|0x30
0|6|libxul.so|nsDisplayBorder::Paint|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|5778|0x12
0|7|libxul.so|mozilla::FrameLayerBuilder::PaintItems|hg:hg.mozilla.org/mozilla-central:layout/painting/FrameLayerBuilder.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|6105|0x1b
0|8|libxul.so|mozilla::FrameLayerBuilder::DrawPaintedLayer|hg:hg.mozilla.org/mozilla-central:layout/painting/FrameLayerBuilder.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|6265|0x18
0|9|libxul.so|mozilla::layers::ClientPaintedLayer::PaintThebes|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientPaintedLayer.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|164|0x24
0|10|libxul.so|mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientPaintedLayer.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|314|0xb
0|11|libxul.so|mozilla::layers::ClientContainerLayer::RenderLayer|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientContainerLayer.h:a007dd56b9947a93c276e82275d7065db1949c9e|58|0xd
0|12|libxul.so|mozilla::layers::ClientLayerManager::EndTransactionInternal|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientLayerManager.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|359|0xa
0|13|libxul.so|mozilla::layers::ClientLayerManager::EndTransaction|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientLayerManager.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|423|0x11
0|14|libxul.so|nsDisplayList::PaintRoot|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|2780|0x17
0|15|libxul.so|nsLayoutUtils::PaintFrame|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|4016|0x5
0|16|libxul.so|mozilla::PresShell::Paint|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|6448|0x17
0|17|libxul.so|nsViewManager::ProcessPendingUpdatesPaint|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|480|0x12
0|18|libxul.so|nsViewManager::ProcessPendingUpdatesForView|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|412|0xd
0|19|libxul.so|nsViewManager::ProcessPendingUpdates|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|1102|0x11
0|20|libxul.so|nsRefreshDriver::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|2063|0x8
0|21|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|310|0xf
0|22|libxul.so|mozilla::RefreshDriverTimer::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|332|0x12
0|23|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|773|0x5
0|24|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|587|0xc
0|25|libxul.so|mozilla::layout::VsyncChild::RecvNotify|hg:hg.mozilla.org/mozilla-central:layout/ipc/VsyncChild.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|68|0x9
0|26|libxul.so|mozilla::layout::PVsyncChild::OnMessageReceived|s3:gecko-generated-sources:668ae60ab945c9f59521cbd54f26b8fa229f96b8af45937bd735d86a432f1cf35482c0014090f530c334ca11ea7389383a8632cd0e23daddc7575da11217aca5/ipc/ipdl/PVsyncChild.cpp:|156|0xf
0|27|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|2133|0x6
0|28|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|2063|0xb
0|29|libxul.so|mozilla::ipc::MessageChannel::RunMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|1909|0xb
0|30|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|1942|0xc
0|31|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|1040|0x15
0|32|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|517|0x11
0|33|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|97|0xa
0|34|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:a007dd56b9947a93c276e82275d7065db1949c9e|326|0x17
0|35|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:a007dd56b9947a93c276e82275d7065db1949c9e|319|0x8
0|36|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|157|0xd
0|37|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|892|0x11
0|38|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|269|0x5
0|39|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:a007dd56b9947a93c276e82275d7065db1949c9e|326|0x17
0|40|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:a007dd56b9947a93c276e82275d7065db1949c9e|319|0x8
0|41|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|718|0x8
0|42|firefox|content_process_main|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|50|0x14
0|43|firefox|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:a007dd56b9947a93c276e82275d7065db1949c9e|280|0x11
0|44|libc-2.23.so||||0x20830
0|45|firefox|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:a007dd56b9947a93c276e82275d7065db1949c9e|164|0x5
Flags: in-testsuite?
[Triage 2018/03/23 - P3]
Priority: -- → P3
Component: Layout: View Rendering → Layout: Web Painting
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: