Open
Bug 1443910
Opened 7 years ago
Updated 8 months ago
UBSan: multiple instances of undefined behavior
Categories
(Core :: Layout: Tables, defect, P3)
Core
Layout: Tables
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: csectype-undefined, testcase)
Attachments
(2 files)
Found with mozilla-central changeset: 406904:493e45400842
For full list of errors see attached log.
mozilla-central/layout/tables/BasicTableLayoutStrategy.cpp:985:48: runtime error: division by zero
#0 0x7f2d419eb5a9 in BasicTableLayoutStrategy::DistributeISizeToColumns(int, int, int, BasicTableLayoutStrategy::BtlsISizeType, bool) mozilla-central/layout/tables/BasicTableLayoutStrategy.cpp:985:48
#1 0x7f2d41a0a68d in nsTableFrame::ReflowTable(mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, nsIFrame*&, nsReflowStatus&) mozilla-central/layout/tables/nsTableFrame.cpp:2354:27
#2 0x7f2d41a09ded in nsTableFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/tables/nsTableFrame.cpp:2144:5
#3 0x7f2d41876a9d in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) mozilla-central/layout/generic/nsContainerFrame.cpp:940:14
#4 0x7f2d41a2d294 in nsTableWrapperFrame::OuterDoReflowChild(nsPresContext*, nsIFrame*, mozilla::ReflowInput const&, mozilla::ReflowOutput&, nsReflowStatus&) mozilla-central/layout/tables/nsTableWrapperFrame.cpp:840:3
#5 0x7f2d41a2daa2 in nsTableWrapperFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/tables/nsTableWrapperFrame.cpp:1002:3
#6 0x7f2d4185e88a in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) mozilla-central/layout/generic/nsBlockReflowContext.cpp:306:11
#7 0x7f2d4185acda in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) mozilla-central/layout/generic/nsBlockFrame.cpp:3463:11
#8 0x7f2d41854d5e in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) mozilla-central/layout/generic/nsBlockFrame.cpp:2352:7
#9 0x7f2d41851fda in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/generic/nsBlockFrame.cpp:1225:3
#10 0x7f2d4185e88a in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) mozilla-central/layout/generic/nsBlockReflowContext.cpp:306:11
#11 0x7f2d4185acda in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) mozilla-central/layout/generic/nsBlockFrame.cpp:3463:11
#12 0x7f2d41854d5e in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) mozilla-central/layout/generic/nsBlockFrame.cpp:2352:7
#13 0x7f2d41851fda in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/generic/nsBlockFrame.cpp:1225:3
#14 0x7f2d41876a9d in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) mozilla-central/layout/generic/nsContainerFrame.cpp:940:14
#15 0x7f2d41875ffb in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/generic/nsCanvasFrame.cpp:720:5
#16 0x7f2d41876a9d in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) mozilla-central/layout/generic/nsContainerFrame.cpp:940:14
#17 0x7f2d418ea458 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) mozilla-central/layout/generic/nsGfxScrollFrame.cpp:554:3
#18 0x7f2d418eb0ad in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) mozilla-central/layout/generic/nsGfxScrollFrame.cpp:677:3
#19 0x7f2d418ec98c in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/generic/nsGfxScrollFrame.cpp:1054:3
#20 0x7f2d41848b99 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) mozilla-central/layout/generic/nsContainerFrame.cpp:984:14
#21 0x7f2d41848573 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) mozilla-central/layout/generic/ViewportFrame.cpp:335:7
#22 0x7f2d4172da07 in mozilla::PresShell::DoReflow(nsIFrame*, bool) mozilla-central/layout/base/PresShell.cpp:8939:11
#23 0x7f2d41735cb8 in mozilla::PresShell::ProcessReflowCommands(bool) mozilla-central/layout/base/PresShell.cpp:9112:24
#24 0x7f2d41735311 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) mozilla-central/layout/base/PresShell.cpp:4261:11
#25 0x7f2d417a43e4 in FlushPendingNotifications mozilla-central/objdir-ff-ubsan/dist/include/nsIPresShell.h:565:5
#26 0x7f2d417a43e4 in nsDocumentViewer::LoadComplete(nsresult) mozilla-central/layout/base/nsDocumentViewer.cpp:984
#27 0x7f2d44432c7f in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) mozilla-central/docshell/base/nsDocShell.cpp:7303:21
#28 0x7f2d444317ad in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) mozilla-central/docshell/base/nsDocShell.cpp:7096:7
#29 0x7f2d44433c2f in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) mozilla-central/docshell/base/nsDocShell.cpp
#30 0x7f2d3eba4262 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) mozilla-central/uriloader/base/nsDocLoader.cpp:1315:3
#31 0x7f2d3eba3e55 in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) mozilla-central/uriloader/base/nsDocLoader.cpp:858:14
#32 0x7f2d3eba2d18 in nsDocLoader::DocLoaderIsEmpty(bool) mozilla-central/uriloader/base/nsDocLoader.cpp:747:9
#33 0x7f2d3eba386e in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) mozilla-central/uriloader/base/nsDocLoader.cpp:632:5
#34 0x7f2d3eba3d4c in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) mozilla-central/uriloader/base/nsDocLoader.cpp
#35 0x7f2d3d9c0744 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) mozilla-central/netwerk/base/nsLoadGroup.cpp:629:28
#36 0x7f2d3f68c50b in nsDocument::DoUnblockOnload() mozilla-central/dom/base/nsDocument.cpp:8487:18
#37 0x7f2d3f682c8b in nsDocument::DispatchContentLoadedEvents() mozilla-central/dom/base/nsDocument.cpp:5420:3
#38 0x7f2d3f6cc0f6 in applyImpl<nsDocument, void (nsDocument::*)()> mozilla-central/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1149:12
#39 0x7f2d3f6cc0f6 in apply<nsDocument, void (nsDocument::*)()> mozilla-central/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1155
#40 0x7f2d3f6cc0f6 in mozilla::detail::RunnableMethodImpl<nsDocument*, void (nsDocument::*)(), true, (mozilla::RunnableKind)0>::Run() mozilla-central/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1200
#41 0x7f2d3d89d5b4 in mozilla::SchedulerGroup::Runnable::Run() mozilla-central/xpcom/threads/SchedulerGroup.cpp:413:25
#42 0x7f2d3d8bb393 in nsThread::ProcessNextEvent(bool, bool*) mozilla-central/xpcom/threads/nsThread.cpp:1040:14
#43 0x7f2d3d8d7c60 in NS_ProcessNextEvent(nsIThread*, bool) mozilla-central/xpcom/threads/nsThreadUtils.cpp:517:10
#44 0x7f2d3e368aab in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) mozilla-central/ipc/glue/MessagePump.cpp:97:21
#45 0x7f2d3e28f679 in RunHandler mozilla-central/ipc/chromium/src/base/message_loop.cc:319:3
#46 0x7f2d3e28f679 in MessageLoop::Run() mozilla-central/ipc/chromium/src/base/message_loop.cc:299
#47 0x7f2d4134f146 in nsBaseAppShell::Run() mozilla-central/widget/nsBaseAppShell.cpp:157:27
#48 0x7f2d4495a614 in XRE_RunAppShell() mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:892:22
#49 0x7f2d3e28f679 in RunHandler mozilla-central/ipc/chromium/src/base/message_loop.cc:319:3
#50 0x7f2d3e28f679 in MessageLoop::Run() mozilla-central/ipc/chromium/src/base/message_loop.cc:299
#51 0x7f2d4495a240 in XRE_InitChildProcess(int, char**, XREChildData const*) mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:718:34
#52 0x42d23b in content_process_main(mozilla::Bootstrap*, int, char**) mozilla-central/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
#53 0x42d358 in main mozilla-central/browser/app/nsBrowserApp.cpp:280:18
#54 0x7f2d623011c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
#55 0x407159 in _start (mozilla-central/objdir-ff-ubsan/dist/bin/firefox+0x407159)
Flags: in-testsuite?
|
Reporter | |
Comment 1•7 years ago
|
||
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•