Closed
Bug 1463977
Opened 7 years ago
Closed 2 years ago
Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), at layout/generic/ReflowInput.cpp:308
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
People
(Reporter: tsmith, Assigned: TYLin)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])
Attachments
(4 files)
Found with m-c:
BuildID=20180523220103
SourceStamp=47e81ea1ef10189ef210867934bf36e14cf223dc
Assertion failure: aComputedHeight >= 0 (Invalid computed height), at /builds/worker/workspace/build/src/layout/generic/ReflowInput.cpp:335
#0 mozilla::ReflowInput::SetComputedHeight(int) src/layout/generic/ReflowInput.cpp:335:3
#1 nsTableCellFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableCellFrame.cpp
#2 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#3 nsTableRowFrame::ReflowChildren(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsTableFrame&, nsReflowStatus&) src/layout/tables/nsTableRowFrame.cpp:882:9
#4 nsTableRowFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableRowFrame.cpp:1074:3
#5 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#6 nsTableRowGroupFrame::ReflowChildren(nsPresContext*, mozilla::ReflowOutput&, mozilla::TableRowGroupReflowInput&, nsReflowStatus&, bool*) src/layout/tables/nsTableRowGroupFrame.cpp:425:7
#7 nsTableRowGroupFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableRowGroupFrame.cpp:1383:3
#8 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#9 nsTableFrame::ReflowChildren(mozilla::TableReflowInput&, nsReflowStatus&, nsIFrame*&, nsOverflowAreas&) src/layout/tables/nsTableFrame.cpp:3381:7
#10 nsTableFrame::ReflowTable(mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, nsIFrame*&, nsReflowStatus&) src/layout/tables/nsTableFrame.cpp:2326:3
#11 nsTableFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableFrame.cpp:2150:7
#12 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#13 nsTableWrapperFrame::OuterDoReflowChild(nsPresContext*, nsIFrame*, mozilla::ReflowInput const&, mozilla::ReflowOutput&, nsReflowStatus&) src/layout/tables/nsTableWrapperFrame.cpp:840:3
#14 nsTableWrapperFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableWrapperFrame.cpp:998:3
#15 nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:306:11
#16 nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3463:11
#17 nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2813:5
#18 nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#19 nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
#20 nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:306:11
#21 nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3463:11
#22 nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2813:5
#23 nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7
#24 nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3
#25 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#26 nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:713:5
#27 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14
#28 nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) src/layout/generic/nsGfxScrollFrame.cpp:555:3
#29 nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:678:3
#30 nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1055:3
#31 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:995:14
#32 mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:335:7
#33 mozilla::PresShell::DoReflow(nsIFrame*, bool) src/layout/base/PresShell.cpp:8942:11
#34 mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9115:24
#35 mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4332:11
#36 mozilla::PresShell::DoFlushPendingNotifications(mozilla::FlushType) src/layout/base/PresShell.cpp:4125:3
#37 nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1082:12
#38 nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:7169:21
#39 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6962:7
#40 non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp
#41 nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1309:3
#42 nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:852:14
#43 nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:741:9
#44 nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:627:5
#45 non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp
#46 mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:629:28
#47 nsIDocument::DoUnblockOnload() src/dom/base/nsDocument.cpp:8340:18
#48 nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:8262:9
#49 nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:5224:3
#50 mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1216:13
#51 mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:337:32
#52 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1090:14
#53 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10
#54 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21
#55 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10
#56 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3
#57 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:157:27
#58 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:893:22
#59 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:269:9
#60 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10
#61 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3
#62 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:719:34
#63 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
#64 main src/browser/app/nsBrowserApp.cpp:282:18
#65 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#66 _start (firefox+0x423434)
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Priority: -- → P2
|
||
Comment 1•6 years ago
|
||
Probably similar to bug 1461979 given the big number in the testcase.
Priority: P2 → P3
|
Reporter | |
Updated•6 years ago
|
|
||
Comment 3•4 years ago
|
||
This is still an issue, though the assertion text changed recently[1]. Hence: updating bug summary to reflect the current assertion text, which is:
Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308
[1] https://hg.mozilla.org/mozilla-central/rev/f875e1fd1c377d2012ce6c9436c4610e877ceeb1#l1.29
status-firefox62:
wontfix → ---
status-firefox63:
affected → ---
status-firefox64:
affected → ---
status-firefox65:
affected → ---
Summary: Assertion failure: aComputedHeight >= 0 (Invalid computed height), at /builds/worker/workspace/build/src/layout/generic/ReflowInput.cpp:335 → Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
Summary: Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308 → Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), at layout/generic/ReflowInput.cpp:308
|
|
Reporter | |
Comment 5•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/JpjbqRbh4Xa-vZt5voiGdQ/index.html
|
|
Reporter | |
Comment 6•4 years ago
|
||
The fuzzers are frequently tripping over this issue and has been marked as a fuzzblocker. Please prioritize this issue accordingly.
Whiteboard: [fuzzblocker]
|
||
Comment 7•2 years ago
|
||
This bug prevents fuzzing from making progress; however, it has low severity. It is important for fuzz blocker bugs to be addressed in a timely manner (see here why?).
:dholbert, could you increase the severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dholbert)
|
Assignee | |
Comment 8•2 years ago
|
||
mFrame is public and used throughout the layout, but it shouldn't be modified
post constructor.
|
|
Assignee | |
Comment 9•2 years ago
|
||
This is a preparation for the next part.
Depends on D155320
|
|
Assignee | |
Comment 10•2 years ago
|
||
Depends on D155321
|
||
Updated•2 years ago
|
Assignee: nobody → aethanyc
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•2 years ago
|
Severity: normal → S2
Flags: needinfo?(dholbert)
|
||
Comment 11•2 years ago
|
||
Pushed by aethanyc@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/89f3219ff357
Part 1 - Mark SizeComputationInput::mFrame const, and assert its validity. r=dholbert
https://hg.mozilla.org/integration/autoland/rev/70fd1dccdaa6
Part 2 - Call SetComputedBSizeWithoutResettingResizeFlags() in SetComputedBSize(). r=dholbert
https://hg.mozilla.org/integration/autoland/rev/57d149b72bc1
Part 3 - Ensure {I|B}Size set in SetComputed{I|B}Size is non-negative, and downgrade the assertion. r=dholbert
|
||
Comment 12•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/89f3219ff357
https://hg.mozilla.org/mozilla-central/rev/70fd1dccdaa6
https://hg.mozilla.org/mozilla-central/rev/57d149b72bc1
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox106:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
|
||
Updated•2 years ago
|
status-firefox104:
--- → wontfix
status-firefox105:
--- → wontfix
status-firefox-esr102:
--- → wontfix
status-firefox-esr91:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•