Closed
Bug 1514086
Opened 6 years ago
Closed 6 years ago
Hit MOZ_CRASH(Resolving style on unstyled element) at libcore/option.rs:1000
Categories
(Core :: CSS Parsing and Computation, defect, P3)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla66
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox64 | --- | unaffected |
| firefox65 | --- | fixed |
| firefox66 | --- | fixed |
People
(Reporter: tsmith, Assigned: emilio)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [fuzzblocker])
Crash Data
Attachments
(2 files, 1 obsolete file)
|
365 bytes,
text/html
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
Hit MOZ_CRASH(Resolving style on unstyled element) at libcore/option.rs:1000
#0 MOZ_CrashOOL(char const*, int, char const*) src/obj-firefox/dist/include/mozilla/Assertions.h:314:3
#1 GeckoCrashOOL src/toolkit/xre/nsAppRunner.cpp:5124:3
#2 gkrust_shared::panic_hook::h80f9b4ed5c0796b3 src/toolkit/library/rust/shared/lib.rs:234:8
#3 core::ops::function::Fn::call::hac0477c01f4e8ad0 src/libcore/ops/function.rs:78:4
#4 std::panicking::rust_panic_with_hook::h0e12cb2fc86d00fa /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:481:16
#5 std::panicking::continue_panic_fmt::h141671b29fe0e27d /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:391:4
#6 rust_begin_unwind /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:326:4
#7 core::panicking::panic_fmt::h429a06507aba9228 /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/panicking.rs:77:13
#8 core::option::expect_failed::h4c79c3aae6612643 /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/option.rs:1000:4
#9 _$LT$core..option..Option$LT$T$GT$$GT$::expect::h2780ce7edfdba78b src/libcore/option.rs:312:20
#10 Servo_ResolveStyle src/servo/ports/geckolib/glue.rs:4847
#11 mozilla::ServoStyleSet::ResolveServoStyle(mozilla::dom::Element const&) src/obj-firefox/dist/include/mozilla/ServoStyleSetInlines.h:23:10
#12 nsCSSFrameConstructor::ResolveComputedStyle(nsIContent*) src/layout/base/nsCSSFrameConstructor.cpp:4583:22
#13 nsCSSFrameConstructor::BuildInlineChildItems(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, bool, bool) src/layout/base/nsCSSFrameConstructor.cpp:11107:42
#14 nsCSSFrameConstructor::AddFrameConstructionItemsInternal(nsFrameConstructorState&, nsIContent*, nsContainerFrame*, bool, mozilla::ComputedStyle*, unsigned int, nsCSSFrameConstructor::FrameConstructionItemList&) src/layout/base/nsCSSFrameConstructor.cpp:5481:5
#15 nsCSSFrameConstructor::DoAddFrameConstructionItems(nsFrameConstructorState&, nsIContent*, mozilla::ComputedStyle*, bool, nsContainerFrame*, nsCSSFrameConstructor::FrameConstructionItemList&) src/layout/base/nsCSSFrameConstructor.cpp:5091:3
#16 nsCSSFrameConstructor::AddFrameConstructionItems(nsFrameConstructorState&, nsIContent*, bool, nsCSSFrameConstructor::InsertionPoint const&, nsCSSFrameConstructor::FrameConstructionItemList&) src/layout/base/nsCSSFrameConstructor.cpp:5105:3
#17 nsCSSFrameConstructor::ContentRangeInserted(nsIContent*, nsIContent*, nsILayoutHistoryState*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:7156:5
#18 nsCSSFrameConstructor::RecreateFramesForContent(nsIContent*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:8617:7
#19 mozilla::RestyleManager::ProcessRestyledFrames(nsStyleChangeList&) src/layout/base/RestyleManager.cpp:1502:25
#20 mozilla::RestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags) src/layout/base/RestyleManager.cpp:2974:9
#21 mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4033:39
#22 nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1757:18
#23 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:304:7
#24 mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:321:5
#25 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:646:16
#26 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:546:9
#27 mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#28 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:167:20
#29 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:2788:28
#30 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2159:21
#31 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2086:9
#32 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1935:3
#33 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1966:13
#34 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1157:14
#35 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:468:10
#36 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#37 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10
#38 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3
#39 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#40 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:915:20
#41 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#42 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10
#43 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3
#44 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:753:34
#45 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
#46 main src/browser/app/nsBrowserApp.cpp:265:18
#47 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#48 _start (firefox+0x349f4)
Flags: in-testsuite?
|
||
Updated•6 years ago
|
Component: Graphics: WebRender → CSS Parsing and Computation
Priority: -- → P3
|
Assignee | |
Updated•6 years ago
|
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 1•6 years ago
|
||
This doesn't seem like the right test-case? This crashes with:
Assertion failure: aTextRun->GetFlags2() & nsTextFrameUtils::Flags::TEXT_IS_TRANSFORMED, at /builds/worker/workspace/build/src/layout/generic/nsTextFrame.cpp:10028
And doesn't crash on opt, while the unstyled element thing should crash opt as well.
Flags: needinfo?(emilio) → needinfo?(twsmith)
|
Reporter | |
Comment 2•6 years ago
|
||
Hey someone has gotta keep you on your toes :) (sorry about that)
Attachment #9031309 -
Attachment is obsolete: true
Flags: needinfo?(twsmith)
|
||
Comment 3•6 years ago
|
||
Crash Signature: [@ core::option::expect_failed | Servo_ResolveStyle ]
|
|
Assignee | |
Comment 4•6 years ago
|
||
NP! That does sound like a more suspicious test-case.
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 6•6 years ago
|
||
Since it allows to animate display, which is not good.
This is a regression from:
https://hg.mozilla.org/mozilla-central/rev/6884ba750aa3
Actually I wonder if the logic shouldn't be the other way around, i.e., a
shorthand is animatable if all the longhands are, not if just one.
In any case this rolls back to the previous behavior, should we do that, it
should be another bug.
|
|
Assignee | |
Updated•6 years ago
|
Flags: needinfo?(emilio)
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c6569a81a66c
The 'all' property is not animatable. r=hiro
|
|
Assignee | |
Comment 8•6 years ago
|
||
Comment on attachment 9031600 [details]
Bug 1514086 - The 'all' property is not animatable.
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: Bug 1504536
User impact if declined: Crash
Is this code covered by automated tests?: Yes
Has the fix been verified in Nightly?: No
Needs manual test from QE?: No
If yes, steps to reproduce:
List of other uplifts needed: none
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): Trivial patch that restores behavior to the one before bug 1504536.
String changes made/needed: none
Attachment #9031600 -
Flags: approval-mozilla-beta?
|
||
Updated•6 years ago
|
status-firefox64:
--- → unaffected
status-firefox-esr60:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
|
||
Comment 9•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
|
|
||
Comment 10•6 years ago
|
||
Comment on attachment 9031600 [details]
Bug 1514086 - The 'all' property is not animatable.
[Triage Comment]
Fixes a crash, approved for 65.0b5. Thanks for including a crashtest.
Attachment #9031600 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 11•6 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•