Closed
Bug 1463977
Opened 6 years ago
Closed 2 years ago
Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), at layout/generic/ReflowInput.cpp:308
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
People
(Reporter: tsmith, Assigned: TYLin)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])
Attachments
(4 files)
Found with m-c: BuildID=20180523220103 SourceStamp=47e81ea1ef10189ef210867934bf36e14cf223dc Assertion failure: aComputedHeight >= 0 (Invalid computed height), at /builds/worker/workspace/build/src/layout/generic/ReflowInput.cpp:335 #0 mozilla::ReflowInput::SetComputedHeight(int) src/layout/generic/ReflowInput.cpp:335:3 #1 nsTableCellFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableCellFrame.cpp #2 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #3 nsTableRowFrame::ReflowChildren(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsTableFrame&, nsReflowStatus&) src/layout/tables/nsTableRowFrame.cpp:882:9 #4 nsTableRowFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableRowFrame.cpp:1074:3 #5 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #6 nsTableRowGroupFrame::ReflowChildren(nsPresContext*, mozilla::ReflowOutput&, mozilla::TableRowGroupReflowInput&, nsReflowStatus&, bool*) src/layout/tables/nsTableRowGroupFrame.cpp:425:7 #7 nsTableRowGroupFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableRowGroupFrame.cpp:1383:3 #8 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #9 nsTableFrame::ReflowChildren(mozilla::TableReflowInput&, nsReflowStatus&, nsIFrame*&, nsOverflowAreas&) src/layout/tables/nsTableFrame.cpp:3381:7 #10 nsTableFrame::ReflowTable(mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, nsIFrame*&, nsReflowStatus&) src/layout/tables/nsTableFrame.cpp:2326:3 #11 nsTableFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableFrame.cpp:2150:7 #12 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #13 nsTableWrapperFrame::OuterDoReflowChild(nsPresContext*, nsIFrame*, mozilla::ReflowInput const&, mozilla::ReflowOutput&, nsReflowStatus&) src/layout/tables/nsTableWrapperFrame.cpp:840:3 #14 nsTableWrapperFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableWrapperFrame.cpp:998:3 #15 nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:306:11 #16 nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3463:11 #17 nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2813:5 #18 nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7 #19 nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3 #20 nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:306:11 #21 nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3463:11 #22 nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2813:5 #23 nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2352:7 #24 nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1225:3 #25 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #26 nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:713:5 #27 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:951:14 #28 nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) src/layout/generic/nsGfxScrollFrame.cpp:555:3 #29 nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:678:3 #30 nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1055:3 #31 nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:995:14 #32 mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:335:7 #33 mozilla::PresShell::DoReflow(nsIFrame*, bool) src/layout/base/PresShell.cpp:8942:11 #34 mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9115:24 #35 mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4332:11 #36 mozilla::PresShell::DoFlushPendingNotifications(mozilla::FlushType) src/layout/base/PresShell.cpp:4125:3 #37 nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1082:12 #38 nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:7169:21 #39 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6962:7 #40 non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp #41 nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1309:3 #42 nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:852:14 #43 nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:741:9 #44 nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:627:5 #45 non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp #46 mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:629:28 #47 nsIDocument::DoUnblockOnload() src/dom/base/nsDocument.cpp:8340:18 #48 nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:8262:9 #49 nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:5224:3 #50 mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1216:13 #51 mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:337:32 #52 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1090:14 #53 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10 #54 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21 #55 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10 #56 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3 #57 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:157:27 #58 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:893:22 #59 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:269:9 #60 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10 #61 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3 #62 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:719:34 #63 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #64 main src/browser/app/nsBrowserApp.cpp:282:18 #65 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #66 _start (firefox+0x423434)
Flags: in-testsuite?
|
||
Updated•6 years ago
|
Priority: -- → P2
|
||
Comment 1•6 years ago
|
||
Probably similar to bug 1461979 given the big number in the testcase.
Priority: P2 → P3
|
Reporter | |
Updated•6 years ago
|
|
||
Comment 3•4 years ago
|
||
This is still an issue, though the assertion text changed recently[1]. Hence: updating bug summary to reflect the current assertion text, which is:
Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308
[1] https://hg.mozilla.org/mozilla-central/rev/f875e1fd1c377d2012ce6c9436c4610e877ceeb1#l1.29
status-firefox62:
wontfix → ---
status-firefox63:
affected → ---
status-firefox64:
affected → ---
status-firefox65:
affected → ---
Summary: Assertion failure: aComputedHeight >= 0 (Invalid computed height), at /builds/worker/workspace/build/src/layout/generic/ReflowInput.cpp:335 → Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
Summary: Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), layout/generic/ReflowInput.cpp:308 → Assertion failure: aComputedBSize >= 0 (Invalid computed block-size!), at layout/generic/ReflowInput.cpp:308
|
|
Reporter | |
Comment 5•3 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/JpjbqRbh4Xa-vZt5voiGdQ/index.html
|
|
Reporter | |
Comment 6•3 years ago
|
||
The fuzzers are frequently tripping over this issue and has been marked as a fuzzblocker. Please prioritize this issue accordingly.
Whiteboard: [fuzzblocker]
|
||
Comment 7•2 years ago
|
||
This bug prevents fuzzing from making progress; however, it has low severity. It is important for fuzz blocker bugs to be addressed in a timely manner (see here why?).
:dholbert, could you increase the severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dholbert)
|
Assignee | |
Comment 8•2 years ago
|
||
mFrame is public and used throughout the layout, but it shouldn't be modified
post constructor.
|
|
Assignee | |
Comment 9•2 years ago
|
||
This is a preparation for the next part.
Depends on D155320
|
|
Assignee | |
Comment 10•2 years ago
|
||
Depends on D155321
|
||
Updated•2 years ago
|
Assignee: nobody → aethanyc
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•2 years ago
|
Severity: normal → S2
Flags: needinfo?(dholbert)
|
||
Comment 11•2 years ago
|
||
Pushed by aethanyc@gmail.com: https://hg.mozilla.org/integration/autoland/rev/89f3219ff357 Part 1 - Mark SizeComputationInput::mFrame const, and assert its validity. r=dholbert https://hg.mozilla.org/integration/autoland/rev/70fd1dccdaa6 Part 2 - Call SetComputedBSizeWithoutResettingResizeFlags() in SetComputedBSize(). r=dholbert https://hg.mozilla.org/integration/autoland/rev/57d149b72bc1 Part 3 - Ensure {I|B}Size set in SetComputed{I|B}Size is non-negative, and downgrade the assertion. r=dholbert
|
||
Comment 12•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/89f3219ff357
https://hg.mozilla.org/mozilla-central/rev/70fd1dccdaa6
https://hg.mozilla.org/mozilla-central/rev/57d149b72bc1
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox106:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
|
||
Updated•2 years ago
|
status-firefox104:
--- → wontfix
status-firefox105:
--- → wontfix
status-firefox-esr102:
--- → wontfix
status-firefox-esr91:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•