Closed
Bug 1470311
Opened 6 years ago
Closed 6 years ago
Assertion failure: mListLink == aOther.mListLink (comparing iterators over different lists), at src/layout/generic/nsLineBox.h:893
Categories
(Core :: Layout: Block and Inline, defect, P1)
Core
Layout: Block and Inline
Tracking
()
RESOLVED
FIXED
mozilla63
People
(Reporter: tsmith, Assigned: mozbugz)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [fixed by bug 1459937][adv-main63-])
Attachments
(1 file)
|
307 bytes,
text/html
|
Details |
Reduced with m-c: BuildID=20180621135543 SourceStamp=1c33a38da75d550750923358e73d7af2102b9c1d Marked as s-s because this assertions seems bad. Please let me know if this is not a s-s bug. Assertion failure: mListLink == aOther.mListLink (comparing iterators over different lists), at src/layout/generic/nsLineBox.h:893 #0 nsLineList_iterator::operator==(nsLineList_iterator) src/layout/generic/nsLineBox.h:894:14 #1 InlineBackgroundData::AreOnSameLine(nsIFrame*, nsIFrame*) src/layout/painting/nsCSSRendering.cpp:395:23 #2 InlineBackgroundData::Init(nsIFrame*) src/layout/painting/nsCSSRendering.cpp:359:28 #3 InlineBackgroundData::GetContinuousRect(nsIFrame*) src/layout/painting/nsCSSRendering.cpp:108:5 #4 InlineBackgroundData::GetBorderContinuousRect(nsIFrame*, nsRect) src/layout/painting/nsCSSRendering.cpp:197:39 #5 JoinBoxesForSlice(nsIFrame*, nsRect const&, InlineBoxOrder) src/layout/painting/nsCSSRendering.cpp:563:30 #6 nsCSSRendering::BoxDecorationRectForBorder(nsIFrame*, nsRect const&, mozilla::Sides, nsStyleBorder const*) src/layout/painting/nsCSSRendering.cpp:588:14 #7 ConstructBorderRenderer(nsPresContext*, mozilla::ComputedStyle*, mozilla::gfx::DrawTarget*, nsIFrame*, nsRect const&, nsRect const&, nsStyleBorder const&, mozilla::Sides, bool*) src/layout/painting/nsCSSRendering.cpp:817:5 #8 nsCSSRendering::PaintBorderWithStyleBorder(nsPresContext*, gfxContext&, nsIFrame*, nsRect const&, nsRect const&, nsStyleBorder const&, mozilla::ComputedStyle*, mozilla::PaintBorderFlags, mozilla::Sides) src/layout/painting/nsCSSRendering.cpp:958:28 #9 nsCSSRendering::PaintBorder(nsPresContext*, gfxContext&, nsIFrame*, nsRect const&, nsRect const&, mozilla::ComputedStyle*, mozilla::PaintBorderFlags, mozilla::Sides) src/layout/painting/nsCSSRendering.cpp:651:12 #10 nsDisplayBorder::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:5497:5 #11 mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::AssignedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float) src/layout/painting/FrameLayerBuilder.cpp:6425:15 #12 mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) src/layout/painting/FrameLayerBuilder.cpp:6582:19 #13 mozilla::layers::ClientPaintedLayer::PaintThebes(nsTArray<mozilla::layers::ReadbackProcessor::Update>*) src/gfx/layers/client/ClientPaintedLayer.cpp:158:5 #14 mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) src/gfx/layers/client/ClientPaintedLayer.cpp:314:3 #15 mozilla::layers::ClientContainerLayer::RenderLayer() src/gfx/layers/client/ClientContainerLayer.h:58:29 #16 mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) src/gfx/layers/client/ClientLayerManager.cpp:372:13 #17 mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) src/gfx/layers/client/ClientLayerManager.cpp:430:3 #18 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2761:19 #19 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3837:12 #20 mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) src/layout/base/PresShell.cpp:6314:5 #21 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:480:19 #22 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:412:33 #23 nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1102:5 #24 nsRefreshDriver::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2039:11 #25 mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:301:7 #26 mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:320:5 #27 mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:760:5 #28 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:673:35 #29 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:574:9 #30 mozilla::layout::VsyncChild::RecvNotify(mozilla::TimeStamp const&) src/layout/ipc/VsyncChild.cpp:68:16 #31 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:167:20 #32 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:1988:28 #33 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2134:25 #34 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2064:17 #35 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1910:5 #36 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1943:15 #37 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1051:14 #38 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10 #39 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21 #40 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:325:10 #41 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298:3 #42 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:158:27 #43 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:896:22 #44 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:269:9 #45 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:325:10 #46 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298:3 #47 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:722:34 #48 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #49 main src/browser/app/nsBrowserApp.cpp:287:18 #50 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #51 _start (firefox+0x4236e4)
Flags: in-testsuite?
|
||
Comment 1•6 years ago
|
||
INFO: Last good revision: e6e712904806da25a9c8f48ea4533abe7c6ea8f4 INFO: First bad revision: d6bf703c5deaf1e328babd03d5e68ff2a4ffe10e INFO: Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=e6e712904806da25a9c8f48ea4533abe7c6ea8f4&tochange=d6bf703c5deaf1e328babd03d5e68ff2a4ffe10e I guess bug 1308876 is the most likely given all the other regressions it caused, but I'll leave that for dbaron to assess.
Has Regression Range: --- → yes
status-firefox60:
--- → wontfix
status-firefox61:
--- → wontfix
status-firefox-esr52:
--- → unaffected
status-firefox-esr60:
--- → affected
Flags: needinfo?(dbaron)
|
||
Updated•6 years ago
|
Priority: -- → P1
|
||
Comment 2•6 years ago
|
||
dbaron thinks there's a chance bug 1474771 will fix this.
Depends on: 1474771
Component: Layout: Web Painting → Layout: Block and Inline
|
||
Updated•6 years ago
|
Keywords: regression
Blocks: 1308876
Flags: needinfo?(dbaron)
|
||
Updated•6 years ago
|
status-firefox63:
--- → affected
|
|
||
Updated•6 years ago
|
|
||
Comment 3•6 years ago
|
||
I can't reproduce this in a trunk Linux debug build. rev 197fcba26a38 crashes, rev d29652fbe483 does not, so it appears this was fixed by bug 1459937.
Status: NEW → RESOLVED
Closed: 6 years ago
Depends on: 1459937
Resolution: --- → FIXED
Whiteboard: [fixed by bug 1459937]
|
|
||
Comment 4•6 years ago
|
||
Calling this wontfix for branch uplifts to match the status of bug 1459937, but I'd feel better about doing so if this bug had a sec rating.
Assignee: nobody → gsquelart
Group: core-security-release
Target Milestone: --- → mozilla63
|
||
Updated•6 years ago
|
Whiteboard: [fixed by bug 1459937] → [fixed by bug 1459937][adv-main63-]
|
|
||
Updated•4 years ago
|
Group: core-security-release
|
|
||
Updated•4 years ago
|
Group: layout-core-security → core-security-release
|
|
||
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•