1509998 - Assertion failure: mRow < mFrameRect.y || mRow >= mFrameRect.YMost(), at src/image/SurfaceFilters.h:712

Status: RESOLVED FIXED

(Core :: Graphics: ImageLib, defect, P3)

Description

[Tyson Smith [:tsmith]]

Attachment: testcase.gif

Reduced with m-c:
BuildID=20181126161820
SourceStamp=6c10213a8924b377ea37a37385698ebb09773a30

Assertion failure: mRow < mFrameRect.y || mRow >= mFrameRect.YMost(), at src/image/SurfaceFilters.h:712

#0 0x7fb5ddad9b99 in mozilla::image::BlendAnimationFilter<mozilla::image::SurfaceSink>::AdvanceRowOutsideFrameRect() src/image/SurfaceFilters.h:711:5
#1 0x7fb5ddad9d9f in mozilla::image::BlendAnimationFilter<mozilla::image::SurfaceSink>::WriteBaseFrameRowsUntilComplete() src/image/SurfaceFilters.h:667:14
#2 0x7fb5ddad9047 in mozilla::image::BlendAnimationFilter<mozilla::image::SurfaceSink>::DoResetToFirstRow() src/image/SurfaceFilters.h:601:5
#3 0x7fb5dda5f340 in mozilla::image::SurfaceFilter::ResetToFirstRow() src/image/SurfacePipe.h:121:19
#4 0x7fb5ddadb3e2 in nsresult mozilla::image::BlendAnimationFilter<mozilla::image::SurfaceSink>::Configure<mozilla::image::SurfaceConfig>(mozilla::image::BlendAnimationConfig const&, mozilla::image::SurfaceConfig const&) src/image/SurfaceFilters.h:559:5
#5 0x7fb5ddac6ff3 in mozilla::Maybe<mozilla::image::SurfacePipe> mozilla::image::SurfacePipeFactory::MakePipe<mozilla::image::BlendAnimationConfig, mozilla::image::SurfaceConfig>(mozilla::image::BlendAnimationConfig const&, mozilla::image::SurfaceConfig const&) src/image/SurfacePipeFactory.h:250:25
#6 0x7fb5ddaa404a in mozilla::image::SurfacePipeFactory::CreateSurfacePipe(mozilla::image::Decoder*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat, mozilla::Maybe<mozilla::image::AnimationParams> const&, mozilla::image::SurfacePipeFlags) src/image/SurfacePipeFactory.h:168:18
#7 0x7fb5ddaa300b in mozilla::image::nsGIFDecoder2::BeginImageFrame(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, unsigned short, bool) src/image/decoders/nsGIFDecoder2.cpp:218:7
#8 0x7fb5ddaa7c35 in mozilla::image::nsGIFDecoder2::FinishImageDescriptor(char const*) src/image/decoders/nsGIFDecoder2.cpp:908:7
#9 0x7fb5ddaa7626 in mozilla::image::nsGIFDecoder2::ReadImageDescriptor(char const*) src/image/decoders/nsGIFDecoder2.cpp:800:12
#10 0x7fb5ddafa51a in mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_1::operator()(mozilla::image::nsGIFDecoder2::State, char const*, unsigned long) const src/image/decoders/nsGIFDecoder2.cpp:519:16
#11 0x7fb5ddaf9e5a in mozilla::Maybe<mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> > mozilla::image::StreamingLexer<mozilla::image::nsGIFDecoder2::State, 16ul>::BufferedRead<mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_1>(mozilla::image::SourceBufferIterator&, mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_1) src/image/StreamingLexer.h:649:28
#12 0x7fb5ddaa5149 in mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> mozilla::image::StreamingLexer<mozilla::image::nsGIFDecoder2::State, 16ul>::Lex<mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_1>(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*, mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_1) src/image/StreamingLexer.h:512:20
#13 0x7fb5ddaa4d14 in mozilla::image::nsGIFDecoder2::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) src/image/decoders/nsGIFDecoder2.cpp:495:17
#14 0x7fb5dd9b2104 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) src/image/Decoder.cpp:135:20
#15 0x7fb5dd9b1a7f in mozilla::image::AnimationSurfaceProvider::Run() src/image/AnimationSurfaceProvider.cpp:237:36
#16 0x7fb5dd9e3eef in mozilla::image::DecodePoolWorker::Run() src/image/DecodePool.cpp:285:23
#17 0x7fb5db400cc5 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1244:14
#18 0x7fb5db40776c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:530:10
#19 0x7fb5dc1821a3 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:334:20
#20 0x7fb5dc0ba4bc in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:325:10
#21 0x7fb5dc0ba330 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298:3
#22 0x7fb5db3faa5e in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:503:11
#23 0x7fb5fdbf44e5 in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5
#24 0x7fb5fd84c6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

Comment 1

[Andrew Osmond [:aosmond] (he/him)]

Attachment: Bug 1509998 - Ensure we handle empty frame rects properly in BlendAnimationFilter.

Comment 2

[Andrew Osmond [:aosmond] (he/him)]

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=441398715b6ac1d86820f29ad42c6ebe0e828751

Comment 3

[Pulsebot]

Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0ce8f2b44c74
Ensure we handle empty frame rects properly in BlendAnimationFilter. r=tnikkel

Comment 4

[Cristina Coroiu [:ccoroiu]]

https://hg.mozilla.org/mozilla-central/rev/0ce8f2b44c74

Comment 5

[Ryan VanderMeulen [:RyanVM]]

Fx64 RC is next week; I'm assuming this can just ride the trains.