AddressSanitizer: SEGV /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:4133:43 in MayHaveWillChangeBudget
Categories
(Core :: Layout, defect, P3)
Tracking
()
People
(Reporter: jkratzer, Assigned: dholbert)
References
(Blocks 2 open bugs)
Details
(Keywords: crash, testcase, Whiteboard: qa-not-actionable)
Attachments
(3 files)
Comment 1•6 years ago
|
||
Comment 2•6 years ago
|
||
Comment hidden (typo) |
Comment hidden (typo) |
Comment hidden (typo) |
Updated•6 years ago
|
Updated•6 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 6•2 years ago
|
||
This might be WFM? The testcase doesn't reproduce the crash for me anymore, in recent Nightlies, though it does repro in Nigthlies from around when this bug was filed.
Regular Nightlies (old ones via mozregression) are sufficient; they don't need to be ASAN builds. Though I do sometime have to reload a couple times to trigger the crash.
Here's a testcase with unprefixed column
styling, to remove that variable (since we dropped support for prefixed column styling at some point). Old/affected nightlies crash with this testcase, while recent Nightlies do not.
Assignee | ||
Comment 7•2 years ago
|
||
Dropping severity to S3 given this was a safe (null-deref, i.e. near-null pointer access) crash, with a fuzzer testcase, not known to affect any particular content in the wild.
Assignee | ||
Comment 8•2 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #6)
The testcase doesn't reproduce the crash for me anymore, in recent Nightlies, though it does repro in Nigthlies from around when this bug was filed.
Looking in that range, this probably would've been an incidental fix that fell out from the changes in bug 1421105 (which was multi-column-related). Calling fixed with a dependency on that bug.
Assignee | ||
Comment 9•2 years ago
|
||
Comment 10•2 years ago
|
||
Comment 11•2 years ago
|
||
bugherder |
Updated•2 years ago
|
Description
•