Closed
Bug 1467920
Opened 6 years ago
Closed 6 years ago
UBSan: -93.2743 is outside the range of representable values of type 'unsigned int' [@ FireForgetSkippable]
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: tsmith, Assigned: smaug)
References
(Blocks 2 open bugs)
Details
(Keywords: csectype-undefined)
Attachments
(1 file)
|
874 bytes,
patch
|
mccr8
:
review+
|
Details | Diff | Splinter Review |
dom/base/nsJSEnvironment.cpp:1291:16: runtime error: -93.2743 is outside the range of representable values of type 'unsigned int'
#0 0x7f265cd93246 in FireForgetSkippable(unsigned int, bool, mozilla::TimeStamp) dom/base/nsJSEnvironment.cpp:1291:16
#1 0x7f265cd94c9e in CCRunnerFired(mozilla::TimeStamp) dom/base/nsJSEnvironment.cpp:1957:7
#2 0x7f265b3d73e8 in std::function<bool (mozilla::TimeStamp)>::operator()(mozilla::TimeStamp) const /usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/std_function.h:706:14
#3 0x7f265b3d6b2c in mozilla::IdleTaskRunner::Run() xpcom/threads/IdleTaskRunner.cpp:62:14
#4 0x7f265b3fdafd in nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1088:14
#5 0x7f265b41ccde in NS_ProcessNextEvent(nsIThread*, bool) xpcom/threads/nsThreadUtils.cpp:519:10
#6 0x7f265bc061ff in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:97:21
#7 0x7f265bb6f589 in MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:298:3
#8 0x7f265e77997f in nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:157:27
#9 0x7f266044807b in nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp:290:30
#10 0x7f2660534879 in XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp:4746:22
#11 0x7f2660535585 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4891:8
#12 0x7f2660535c28 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4983:21
#13 0x430fb4 in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:233:22
#14 0x430bba in main browser/app/nsBrowserApp.cpp:311:16
#15 0x7f267e19c1c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
#16 0x4092e9 in _start (firefox+0x4092e9)
|
Assignee | |
Comment 1•6 years ago
|
||
oh, negative number. Hmm
|
Reporter | |
Comment 2•6 years ago
|
||
Perhaps it uninitialized memory? idleDuration not getting initialized?
|
|
Assignee | |
Comment 3•6 years ago
|
||
Not uninitialized. But in theory this can happen if the thread goes to sleep somewhere between creating aDeadline and calculating startTimeStamp, I think. This affects telemetry probe only, but should be fixed. Just not sure how... Perhaps idleDuration could be explicitly 0 if startTimeStamp > aDeadline
|
|
Assignee | |
Comment 4•6 years ago
|
||
perhaps like this. TimeDuration is initialized to 0 by default https://searchfox.org/mozilla-central/rev/04b9cbbc2be2137a37e158a5ebaf9c7bef2364f9/mozglue/misc/TimeStamp.h#66
Assignee: nobody → bugs
Attachment #8984751 -
Flags: review?(continuation)
|
||
Updated•6 years ago
|
Attachment #8984751 -
Flags: review?(continuation) → review+
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/9948ffb9dc03 ensure only non-negative values are reported to telemetry, r=mccr8
|
||
Comment 6•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/9948ffb9dc03
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•