Open
Bug 1446978
Opened 6 years ago
Updated 2 years ago
Assertion failure: !color.IsEmpty() (Content node's GetValue() should return a valid color string (the default color, in case no valid color is set)), at /home/worker/workspace/build/src/layout/forms/nsColorControlFrame.cpp:107
Categories
(Core :: Layout: Form Controls, defect, P3)
Tracking
()
NEW
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
73 bytes,
text/html
|
Details |
Testcase found while fuzzing esr52 rev d61516b059c1. rax = 0x0000000000625d50 rdx = 0x0000000000000000 rcx = 0x00007fb7e069a9ed rbx = 0x00007ffdc95712c0 rsi = 0x00007fb7db484770 rdi = 0x00007fb7db483540 rbp = 0x00007ffdc9571390 rsp = 0x00007ffdc9571270 r8 = 0x00007fb7db484770 r9 = 0x00007fb7e2a39c00 r10 = 0x0000000000000043 r11 = 0x0000000000000000 r12 = 0x00007ffdc9571280 r13 = 0x00007ffdc95713c0 r14 = 0x00007fb7bc4c9850 r15 = 0x00007fb7bc4c97b8 rip = 0x00007fb7debc411a OS|Linux|0.0.0 Linux 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 CPU|amd64|family 6 model 78 stepping 3|1 GPU||| Crash|SIGSEGV|0x0|0 0|0|libxul.so|nsColorControlFrame::UpdateColor|hg:hg.mozilla.org/releases/mozilla-esr52:layout/forms/nsColorControlFrame.cpp:d61516b059c1|105|0x0 0|1|libxul.so|nsColorControlFrame::CreateAnonymousContent|hg:hg.mozilla.org/releases/mozilla-esr52:layout/forms/nsColorControlFrame.cpp:d61516b059c1|74|0x8 0|2|libxul.so|nsCSSFrameConstructor::GetAnonymousContent|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|4228|0xb 0|3|libxul.so|nsCSSFrameConstructor::ProcessChildren|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|10776|0x15 0|4|libxul.so|nsCSSFrameConstructor::ConstructFrameFromItemInternal|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|4030|0x51 0|5|libxul.so|nsCSSFrameConstructor::ConstructFramesFromItem|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|6196|0x16 0|6|libxul.so|nsCSSFrameConstructor::ConstructFramesFromItemList|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|10641|0x15 0|7|libxul.so|nsCSSFrameConstructor::ContentAppended|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsCSSFrameConstructor.cpp:d61516b059c1|7524|0x5 0|8|libxul.so|PresShell::ContentAppended|hg:hg.mozilla.org/releases/mozilla-esr52:layout/base/nsPresShell.cpp:d61516b059c1|4401|0x14 0|9|libxul.so|nsNodeUtils::ContentAppended|hg:hg.mozilla.org/releases/mozilla-esr52:dom/base/nsNodeUtils.cpp:d61516b059c1|167|0x1c 0|10|libxul.so|nsHtml5TreeOperation::Append|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOperation.cpp:d61516b059c1|184|0xe 0|11|libxul.so|nsHtml5TreeOperation::Perform|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOperation.cpp:d61516b059c1|645|0xe 0|12|libxul.so|nsHtml5TreeOpExecutor::RunFlushLoop|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5TreeOpExecutor.cpp:d61516b059c1|449|0xe 0|13|libxul.so|nsHtml5ExecutorFlusher::Run|hg:hg.mozilla.org/releases/mozilla-esr52:parser/html/nsHtml5StreamParser.cpp:d61516b059c1|128|0x8 0|14|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/threads/nsThread.cpp:d61516b059c1|1216|0x11 0|15|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/glue/nsThreadUtils.cpp:d61516b059c1|361|0xd 0|16|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/glue/MessagePump.cpp:d61516b059c1|124|0xd 0|17|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|232|0x17 0|18|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|225|0x8 0|19|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/releases/mozilla-esr52:widget/nsBaseAppShell.cpp:d61516b059c1|156|0xd 0|20|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/releases/mozilla-esr52:toolkit/xre/nsEmbedFunctions.cpp:d61516b059c1|866|0x6 0|21|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/glue/MessagePump.cpp:d61516b059c1|269|0x5 0|22|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|232|0x17 0|23|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|225|0x8 0|24|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/releases/mozilla-esr52:toolkit/xre/nsEmbedFunctions.cpp:d61516b059c1|698|0xf 0|25|plugin-container|content_process_main|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/contentproc/plugin-container.cpp:d61516b059c1|197|0xe 0|26|libc-2.23.so||||0x20830 0|27|plugin-container|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/releases/mozilla-esr52:mfbt/Assertions.h:d61516b059c1|170|0x5
Flags: in-testsuite?
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•