Closed Bug 1513416 Opened 7 years ago Closed 7 years ago

crash near null in [@ nsCSSFrameConstructor::ContentRangeInserted]

Categories

(Core :: Layout: Columns, defect, P3)

Product:
Core
Component:
Layout: Columns
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1506314
Tracking Flags:
Tracking Status
firefox65 --- disabled
firefox66 --- disabled

People

(Reporter: tsmith, Assigned: TYLin)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

testcase.html
304 bytes, text/html
Details
Attached file testcase.html
==27040==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000065 (pc 0x7f2118ced476 bp 0x7ffc6e734630 sp 0x7ffc6e7341a0 T0) ==27040==The signal is caused by a READ memory access. ==27040==Hint: address points to the zero page. #0 0x7f2118ced475 in Type src/layout/generic/nsIFrame.h:2709:38 #1 0x7f2118ced475 in nsCSSFrameConstructor::ContentRangeInserted(nsIContent*, nsIContent*, nsILayoutHistoryState*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:7003 #2 0x7f2118c606cb in mozilla::RestyleManager::ProcessRestyledFrames(nsStyleChangeList&) src/layout/base/RestyleManager.cpp:1502:25 #3 0x7f2118c71733 in mozilla::RestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags) src/layout/base/RestyleManager.cpp:2974:9 #4 0x7f2118c11a6a in ProcessPendingRestyles src/layout/base/RestyleManager.cpp:3046:3 #5 0x7f2118c11a6a in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4034 #6 0x7f2118b7eabe in FlushPendingNotifications src/layout/base/nsIPresShell.h:575:5 #7 0x7f2118b7eabe in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1757 #8 0x7f2118b92989 in TickDriver src/layout/base/nsRefreshDriver.cpp:327:13 #9 0x7f2118b92989 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:304 #10 0x7f2118b92345 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:320:5 #11 0x7f2118b957cf in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:726:5 #12 0x7f2118b957cf in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:646 #13 0x7f2118b8fb50 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() src/layout/base/nsRefreshDriver.cpp:487:20 #14 0x7f210e14e2f8 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1157:14 #15 0x7f210e1570ad in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:468:10 #16 0x7f210f3db3d4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:110:5 #17 0x7f210f2ce20e in RunInternal src/ipc/chromium/src/base/message_loop.cc:314:10 #18 0x7f210f2ce20e in RunHandler src/ipc/chromium/src/base/message_loop.cc:307 #19 0x7f210f2ce20e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289 #20 0x7f211849a283 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 #21 0x7f211cc23620 in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:271:30 #22 0x7f211cefe326 in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4622:22 #23 0x7f211cf00e09 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4760:8 #24 0x7f211cf028d3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4845:21 #25 0x55db330aa67c in do_main src/browser/app/nsBrowserApp.cpp:214:22 #26 0x55db330aa67c in main src/browser/app/nsBrowserApp.cpp:293 #27 0x7f21320cc82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #28 0x55db32fcfeec in _start (firefox+0x2deec)
Flags: in-testsuite?
Assignee: nobody → aethanyc
Blocks: 1421105
Status: NEW → ASSIGNED
Priority: -- → P3
Bug 1506314 fixed this. Adding a crashtest there should be sufficient.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: