Closed
Bug 1457698
Opened 6 years ago
Closed 6 years ago
heap-buffer-overflow in nsFloatManager::EllipseShapeInfo::EllipseShapeInfo
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
DUPLICATE
of bug 1457288
People
(Reporter: tsmith, Assigned: bradwerth)
References
(Blocks 1 open bug)
Details
(4 keywords)
Attachments
(1 file)
|
340 bytes,
text/html
|
Details |
I have a testcase that I will attach once it is reduced.
WRITE of size 2 at 0x7fa9c55860a0 thread T0
#0 0x7faa2cbddfb4 in nsFloatManager::EllipseShapeInfo::EllipseShapeInfo(nsPoint const&, nsSize const&, int, int) src/layout/generic/nsFloatManager.cpp:892:19
#1 0x7faa2cbe93f1 in MakeUnique<nsFloatManager::EllipseShapeInfo, nsPoint &, nsSize &, int &, int &> src/obj-firefox/dist/include/mozilla/UniquePtr.h:680:27
#2 0x7faa2cbe93f1 in nsFloatManager::ShapeInfo::CreateCircleOrEllipse(mozilla::UniquePtr<mozilla::StyleBasicShape, mozilla::DefaultDelete<mozilla::StyleBasicShape> > const&, int, nsIFrame*, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:2330
#3 0x7faa2cbe4e3e in CreateBasicShape src/layout/generic/nsFloatManager.cpp:2197:14
#4 0x7faa2cbe4e3e in nsFloatManager::FloatInfo::FloatInfo(nsIFrame*, int, int, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:2005
#5 0x7faa2cb7c22f in nsFloatManager::AddFloat(nsIFrame*, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:260:13
#6 0x7faa2cadb5ab in mozilla::BlockReflowInput::FlowAndPlaceFloat(nsIFrame*) src/layout/generic/BlockReflowInput.cpp:994:19
#7 0x7faa2cade78a in mozilla::BlockReflowInput::PlaceBelowCurrentLineFloats(nsFloatCacheFreeList&, nsLineBox*) src/layout/generic/BlockReflowInput.cpp:1083:19
#8 0x7faa2cb6bf14 in nsBlockFrame::PlaceLine(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFloatManager::SavedState*, mozilla::LogicalRect&, int&, bool*) src/layout/generic/nsBlockFrame.cpp:4687:12
#9 0x7faa2cb693ad in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:4086:12
#10 0x7faa2cb5f879 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3832:9
#11 0x7faa2cb57dd0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2816:5
#12 0x7faa2cb4d650 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#13 0x7faa2cb44e64 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
#14 0x7faa2cc3a03d in nsFrame::BoxReflow(nsBoxLayoutState&, nsPresContext*, mozilla::ReflowOutput&, gfxContext*, int, int, int, int, bool) src/layout/generic/nsFrame.cpp:10697:5
#15 0x7faa2cc3853b in nsFrame::RefreshSizeCache(nsBoxLayoutState&) src/layout/generic/nsFrame.cpp:10231:5
#16 0x7faa2cc3b7ff in nsFrame::GetXULMinSize(nsBoxLayoutState&) src/layout/generic/nsFrame.cpp:10347:5
#17 0x7faa2d0bf2dd in nsStackLayout::GetXULMinSize(nsIFrame*, nsBoxLayoutState&) src/layout/xul/nsStackLayout.cpp:106:27
#18 0x7faa2d02a455 in nsBoxFrame::GetXULMinSize(nsBoxLayoutState&) src/layout/xul/nsBoxFrame.cpp:851:43
#19 0x7faa2d0285ec in nsBoxFrame::GetMinISize(gfxContext*) src/layout/xul/nsBoxFrame.cpp:610:20
#20 0x7faa2cbb519d in ShrinkWidthToFit src/layout/generic/nsFrame.cpp:6386:22
#21 0x7faa2cbb519d in nsContainerFrame::ComputeAutoSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsContainerFrame.cpp:862
#22 0x7faa2cbbb8b4 in nsFrame::ComputeSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsFrame.cpp:5629:24
#23 0x7faa2caedf60 in mozilla::ReflowInput::InitConstraints(nsPresContext*, mozilla::LogicalSize const&, nsMargin const*, nsMargin const*, mozilla::LayoutFrameType) src/layout/generic/ReflowInput.cpp:2473:17
#24 0x7faa2cae55af in mozilla::ReflowInput::Init(nsPresContext*, mozilla::LogicalSize const*, nsMargin const*, nsMargin const*) src/layout/generic/ReflowInput.cpp:414:3
#25 0x7faa2cd33a1c in emplace<nsPresContext *&, const mozilla::ReflowInput &, nsIFrame *&, mozilla::LogicalSize &> src/obj-firefox/dist/include/mozilla/Maybe.h:550:34
#26 0x7faa2cd33a1c in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) src/layout/generic/nsLineLayout.cpp:864
#27 0x7faa2cb6a1ad in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) src/layout/generic/nsBlockFrame.cpp:4158:15
#28 0x7faa2cb68b57 in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:3958:5
#29 0x7faa2cb5f879 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3832:9
#30 0x7faa2cb57dd0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2816:5
#31 0x7faa2cb4d650 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#32 0x7faa2cb44e64 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
#33 0x7faa2cba5326 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#34 0x7faa2cba3b72 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:713:5
#35 0x7faa2cba5326 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#36 0x7faa2cc8c608 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) src/layout/generic/nsGfxScrollFrame.cpp:555:3
#37 0x7faa2cc8da29 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:678:3
#38 0x7faa2cc91a08 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1055:3
#39 0x7faa2cb291be in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:995:14
#40 0x7faa2cb27d3e in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:335:7
#41 0x7faa2c90d8a0 in mozilla::PresShell::DoReflow(nsIFrame*, bool) src/layout/base/PresShell.cpp:8960:11
#42 0x7faa2c9234b0 in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9133:24
#43 0x7faa2c9218b9 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4342:11
#44 0x7faa27bb2388 in FlushPendingNotifications src/obj-firefox/dist/include/nsIPresShell.h:592:5
#45 0x7faa27bb2388 in nsIDocument::FlushPendingNotifications(mozilla::ChangesToFlush) src/dom/base/nsDocument.cpp:7589
#46 0x7faa27bb227d in nsIDocument::FlushPendingNotifications(mozilla::ChangesToFlush) src/dom/base/nsDocument.cpp:7585:22
#47 0x7faa2c7e86cf in nsComputedDOMStyle::UpdateCurrentStyleSources(bool) src/layout/style/nsComputedDOMStyle.cpp:857:15
#48 0x7faa2c7e9b18 in nsComputedDOMStyle::GetPropertyCSSValueWithoutWarning(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) src/layout/style/nsComputedDOMStyle.cpp:1039:3
#49 0x7faa2c7e7f00 in nsComputedDOMStyle::GetPropertyValue(nsTSubstring<char16_t> const&, nsTSubstring<char16_t>&) src/layout/style/nsComputedDOMStyle.cpp:440:5
#50 0x7faa28dff14a in GetPropertyValue src/layout/style/nsICSSDeclaration.h:94:10
#51 0x7faa28dff14a in mozilla::dom::CSSStyleDeclarationBinding::getPropertyValue(JSContext*, JS::Handle<JSObject*>, nsICSSDeclaration*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/CSSStyleDeclarationBinding.cpp:264
#52 0x7faa2a003f81 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3260:13
#53 0x7faa308bd997 in CallJSNative src/js/src/vm/JSContext-inl.h:280:15
#54 0x7faa308bd997 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:467
#55 0x7faa308a8488 in CallFromStack src/js/src/vm/Interpreter.cpp:522:12
#56 0x7faa308a8488 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084
#57 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#58 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#59 0x7faa308bfe73 in InternalCall src/js/src/vm/Interpreter.cpp:516:12
#60 0x7faa308bfe73 in Call src/js/src/vm/Interpreter.cpp:535
#61 0x7faa308bfe73 in js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:650
#62 0x7faa318593d0 in CallGetter src/js/src/vm/NativeObject.cpp:2176:16
#63 0x7faa318593d0 in GetExistingProperty<js::AllowGC::CanGC> src/js/src/vm/NativeObject.cpp:2229
#64 0x7faa318593d0 in NativeGetPropertyInline<js::AllowGC::CanGC> src/js/src/vm/NativeObject.cpp:2442
#65 0x7faa318593d0 in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) src/js/src/vm/NativeObject.cpp:2478
#66 0x7faa308c9395 in GetProperty src/js/src/vm/NativeObject.h:1640:12
#67 0x7faa308c9395 in GetProperty src/js/src/vm/JSObject.h:800
#68 0x7faa308c9395 in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:4395
#69 0x7faa308ab50c in GetPropertyOperation src/js/src/vm/Interpreter.cpp:213:12
#70 0x7faa308ab50c in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:2803
#71 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#72 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#73 0x7faa308a8488 in CallFromStack src/js/src/vm/Interpreter.cpp:522:12
#74 0x7faa308a8488 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084
#75 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#76 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#77 0x7faa308a8488 in CallFromStack src/js/src/vm/Interpreter.cpp:522:12
#78 0x7faa308a8488 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084
#79 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#80 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#81 0x7faa308a8488 in CallFromStack src/js/src/vm/Interpreter.cpp:522:12
#82 0x7faa308a8488 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084
#83 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#84 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#85 0x7faa308a8488 in CallFromStack src/js/src/vm/Interpreter.cpp:522:12
#86 0x7faa308a8488 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3084
#87 0x7faa3088eb77 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:417:12
#88 0x7faa308bd715 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:489:15
#89 0x7faa308be992 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:535:10
#90 0x7faa30a1efbe in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) src/js/src/builtin/Promise.cpp:1237:14
#91 0x7faa308bd997 in CallJSNative src/js/src/vm/JSContext-inl.h:280:15
#92 0x7faa308bd997 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:467
#93 0x7faa308be992 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:535:10
#94 0x7faa313edb5a in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2989:12
#95 0x7faa28709c32 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/PromiseBinding.cpp:25:8
#96 0x7faa247a8365 in Call src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:91:12
#97 0x7faa247a8365 in Call src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:104
#98 0x7faa247a8365 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) src/xpcom/base/CycleCollectedJSContext.cpp:205
#99 0x7faa2478bc71 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint() src/xpcom/base/CycleCollectedJSContext.cpp:543:17
#100 0x7faa2772d5cd in LeaveMicroTask src/obj-firefox/dist/include/mozilla/CycleCollectedJSContext.h:200:7
#101 0x7faa2772d5cd in ~nsAutoMicroTask src/obj-firefox/dist/include/mozilla/CycleCollectedJSContext.h:295
#102 0x7faa2772d5cd in mozilla::dom::DocumentTimeline::WillRefresh(mozilla::TimeStamp) src/dom/animation/DocumentTimeline.cpp:205
#103 0x7faa2c8b07d1 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1882:12
#104 0x7faa2c8c0a60 in TickDriver src/layout/base/nsRefreshDriver.cpp:337:13
#105 0x7faa2c8c0a60 in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:307
#106 0x7faa2c8c0614 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:328:5
#107 0x7faa2c8c339e in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:770:5
#108 0x7faa2c8c339e in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:683
#109 0x7faa2c8be449 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() src/layout/base/nsRefreshDriver.cpp:529:20
#110 0x7faa2492ff29 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1090:14
#111 0x7faa2494b960 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10
#112 0x7faa2582a0ca in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21
#113 0x7faa2577db39 in RunInternal src/ipc/chromium/src/base/message_loop.cc:326:10
#114 0x7faa2577db39 in RunHandler src/ipc/chromium/src/base/message_loop.cc:319
#115 0x7faa2577db39 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299
#116 0x7faa2c3608ea in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:157:27
#117 0x7faa303c4a3b in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:290:30
#118 0x7faa305ca62c in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4827:22
#119 0x7faa305cd76c in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4972:8
#120 0x7faa305cec34 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5064:21
#121 0x4f4ef5 in do_main src/browser/app/nsBrowserApp.cpp:231:22
#122 0x4f4ef5 in main src/browser/app/nsBrowserApp.cpp:304
#123 0x7faa4427f82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#124 0x42476c in _start (/home/ubuntu/firefox/firefox+0x42476c)
0x7fa9c55860a0 is located 0 bytes to the right of 3568519328-byte region [0x7fa8f0a51800,0x7fa9c55860a0)
allocated by thread T0 here:
#0 0x4c54b3 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
#1 0x7faa2cbdd752 in operator new[] src/obj-firefox/dist/include/mozilla/mozalloc.h:174:12
#2 0x7faa2cbdd752 in MakeUniqueFallible<unsigned short []> src/obj-firefox/dist/include/mozilla/UniquePtrExtensions.h:33
#3 0x7faa2cbdd752 in nsFloatManager::EllipseShapeInfo::EllipseShapeInfo(nsPoint const&, nsSize const&, int, int) src/layout/generic/nsFloatManager.cpp:827
#4 0x7faa2cbe93f1 in MakeUnique<nsFloatManager::EllipseShapeInfo, nsPoint &, nsSize &, int &, int &> src/obj-firefox/dist/include/mozilla/UniquePtr.h:680:27
#5 0x7faa2cbe93f1 in nsFloatManager::ShapeInfo::CreateCircleOrEllipse(mozilla::UniquePtr<mozilla::StyleBasicShape, mozilla::DefaultDelete<mozilla::StyleBasicShape> > const&, int, nsIFrame*, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:2330
#6 0x7faa2cbe4e3e in CreateBasicShape src/layout/generic/nsFloatManager.cpp:2197:14
#7 0x7faa2cbe4e3e in nsFloatManager::FloatInfo::FloatInfo(nsIFrame*, int, int, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:2005
#8 0x7faa2cb7c22f in nsFloatManager::AddFloat(nsIFrame*, mozilla::LogicalRect const&, mozilla::WritingMode, nsSize const&) src/layout/generic/nsFloatManager.cpp:260:13
#9 0x7faa2cadb5ab in mozilla::BlockReflowInput::FlowAndPlaceFloat(nsIFrame*) src/layout/generic/BlockReflowInput.cpp:994:19
#10 0x7faa2cade78a in mozilla::BlockReflowInput::PlaceBelowCurrentLineFloats(nsFloatCacheFreeList&, nsLineBox*) src/layout/generic/BlockReflowInput.cpp:1083:19
#11 0x7faa2cb6bf14 in nsBlockFrame::PlaceLine(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFloatManager::SavedState*, mozilla::LogicalRect&, int&, bool*) src/layout/generic/nsBlockFrame.cpp:4687:12
#12 0x7faa2cb693ad in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:4086:12
#13 0x7faa2cb5f879 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3832:9
#14 0x7faa2cb57dd0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2816:5
#15 0x7faa2cb4d650 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#16 0x7faa2cb44e64 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
#17 0x7faa2cc3a03d in nsFrame::BoxReflow(nsBoxLayoutState&, nsPresContext*, mozilla::ReflowOutput&, gfxContext*, int, int, int, int, bool) src/layout/generic/nsFrame.cpp:10697:5
#18 0x7faa2cc3853b in nsFrame::RefreshSizeCache(nsBoxLayoutState&) src/layout/generic/nsFrame.cpp:10231:5
#19 0x7faa2cc3b7ff in nsFrame::GetXULMinSize(nsBoxLayoutState&) src/layout/generic/nsFrame.cpp:10347:5
#20 0x7faa2d0bf2dd in nsStackLayout::GetXULMinSize(nsIFrame*, nsBoxLayoutState&) src/layout/xul/nsStackLayout.cpp:106:27
#21 0x7faa2d02a455 in nsBoxFrame::GetXULMinSize(nsBoxLayoutState&) src/layout/xul/nsBoxFrame.cpp:851:43
#22 0x7faa2d0285ec in nsBoxFrame::GetMinISize(gfxContext*) src/layout/xul/nsBoxFrame.cpp:610:20
#23 0x7faa2cbb519d in ShrinkWidthToFit src/layout/generic/nsFrame.cpp:6386:22
#24 0x7faa2cbb519d in nsContainerFrame::ComputeAutoSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsContainerFrame.cpp:862
#25 0x7faa2cbbb8b4 in nsFrame::ComputeSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsFrame.cpp:5629:24
#26 0x7faa2caedf60 in mozilla::ReflowInput::InitConstraints(nsPresContext*, mozilla::LogicalSize const&, nsMargin const*, nsMargin const*, mozilla::LayoutFrameType) src/layout/generic/ReflowInput.cpp:2473:17
#27 0x7faa2cae55af in mozilla::ReflowInput::Init(nsPresContext*, mozilla::LogicalSize const*, nsMargin const*, nsMargin const*) src/layout/generic/ReflowInput.cpp:414:3
#28 0x7faa2cd33a1c in emplace<nsPresContext *&, const mozilla::ReflowInput &, nsIFrame *&, mozilla::LogicalSize &> src/obj-firefox/dist/include/mozilla/Maybe.h:550:34
#29 0x7faa2cd33a1c in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) src/layout/generic/nsLineLayout.cpp:864
#30 0x7faa2cb6a1ad in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) src/layout/generic/nsBlockFrame.cpp:4158:15
#31 0x7faa2cb68b57 in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) src/layout/generic/nsBlockFrame.cpp:3958:5
#32 0x7faa2cb5f879 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3832:9
#33 0x7faa2cb57dd0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2816:5
#34 0x7faa2cb4d650 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#35 0x7faa2cb44e64 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Comment 2•6 years ago
|
||
This might be a regression from bug 1265342. Brad, could you take a look? Thanks.
Flags: needinfo?(bwerth)
|
Assignee | |
Comment 3•6 years ago
|
||
The patch for Bug 1457288 has resolved this.
Assignee: nobody → bwerth
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(bwerth)
Resolution: --- → DUPLICATE
|
||
Comment 4•6 years ago
|
||
Looks like we can un-hide this, for the same reasons that the duplicate bug was un-hidden (nothing besides nightly was ever affected, and it's been fixed now, so no users are affected anymore).
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•