Closed Bug 1516286 Opened 1 year ago Closed 6 months ago

Assertion failure: !aRect.IsEmpty(), at src/gfx/2d/DrawEventRecorder.cpp:108

Categories

(Core :: Graphics: WebRender, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- disabled
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- wontfix
firefox69 --- wontfix
firefox70 --- wontfix
firefox71 --- fixed

People

(Reporter: tsmith, Assigned: jrmuizel)

References

(Blocks 3 open bugs)

Details

(Keywords: assertion, crash, testcase, Whiteboard: [fuzzblocker])

Crash Data

Attachments

(2 files, 1 obsolete file)

Attached file testcase.html
Requires "gfx.webrender.all=true"

Assertion failure: !aRect.IsEmpty(), at src/gfx/2d/DrawEventRecorder.cpp:108

#0 mozilla::gfx::DrawEventRecorderMemory::FlushItem(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits>) src/gfx/2d/DrawEventRecorder.cpp:108:3
#1 mozilla::layers::WebRenderCommandBuilder::BuildWrMaskImage(nsDisplayMasksAndClipPaths*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2304:15
#2 CreateWRClipPathAndMasks(nsDisplayMasksAndClipPaths*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float> const&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::wr::DisplayListBuilder&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:9010:60
#3 nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:9034:51
#4 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#5 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5702:30
#6 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:7873:22
#7 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#8 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5702:30
#9 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:7873:22
#10 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#11 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5702:30
#12 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:7873:22
#13 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#14 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5702:30
#15 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:7873:22
#16 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#17 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5702:30
#18 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:7873:22
#19 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1621:38
#20 mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, mozilla::wr::TypedSize2D<float, mozilla::wr::LayoutPixel>&, nsTArray<mozilla::wr::WrFilterOp> const&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1448:5
#21 mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, nsTArray<mozilla::wr::WrFilterOp> const&, mozilla::layers::WebRenderBackgroundData*) src/gfx/layers/wr/WebRenderLayerManager.cpp:284:30
#22 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2619:18
#23 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3786:12
#24 mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) src/layout/base/PresShell.cpp:6027:5
#25 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:461:19
#26 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:396:33
#27 nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1030:5
#28 nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1957:11
#29 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:304:7
#30 mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:321:5
#31 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:646:16
#32 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:546:9
#33 mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#34 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:167:20
#35 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:2788:28
#36 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2159:21
#37 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2086:9
#38 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1935:3
#39 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1966:13
#40 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1157:14
#41 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:468:10
#42 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#43 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10
#44 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3
#45 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#46 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:915:20
#47 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#48 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10
#49 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3
#50 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:753:34
#51 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
#52 main src/browser/app/nsBrowserApp.cpp:265:18
#53 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#54 _start (firefox+0x349f4)
Flags: in-testsuite?
Component: Graphics → Graphics: WebRender
Crash Signature: [@ mozilla::gfx::DrawEventRecorderMemory::FlushItem ]
OS: Unspecified → All
Hardware: Unspecified → All
Priority: -- → P3

This issue is hit frequently by the fuzzers and can limit their effectiveness.

If a Pernosco session would be helpful please let me know and I will create one.

Whiteboard: [fuzzblocker]

Yes. That would be helpful.

Flags: needinfo?(twsmith)

A Pernosco session is available here: https://pernos.co/debug/pDN50eQ46DXVwXVhMowtZg/index.html

It will expire in 7 days.

Flags: needinfo?(twsmith)
Assignee: nobody → jmuizelaar

I tested locally and I am able to reproduce the issue with the patch applied.

Are you sure? The patch fixes the problem for me locally.

What we actually care about here is whether itemRect is empty bceause that's
the what we'll use for the actual surface size.

(In reply to Jeff Muizelaar [:jrmuizel] from comment #7)

Are you sure? The patch fixes the problem for me locally.

Yes.

Applying the second patch does fix the problem. Thanks!

Ah. I posted the wrong patch originally. Sorry about that.

Attachment #9099408 - Attachment is obsolete: true
Pushed by jmuizelaar@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/44d332a2e17a
WR Fallback: Do the empty check later. r=aosmond
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.