1516850 - Crash in SelectContainerASR

Status: RESOLVED DUPLICATE of bug 1509581

(Core :: Web Painting, defect)

Description

[[:philipp]]

This bug was filed from the Socorro interface and is
report bp-8c61d89d-ecb5-4237-a63d-adbd80181230.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll static class mozilla::Maybe<const mozilla::ActiveScrolledRoot*> SelectContainerASR layout/painting/RetainedDisplayListBuilder.cpp:245
1 xul.dll struct Index<MergedListUnits> MergeState::AddNewNode layout/painting/RetainedDisplayListBuilder.cpp:483
2 xul.dll void MergeState::ProcessOldNode layout/painting/RetainedDisplayListBuilder.cpp:528
3 xul.dll class RetainedDisplayList MergeState::Finalize layout/painting/RetainedDisplayListBuilder.cpp:444
4 xul.dll bool RetainedDisplayListBuilder::MergeDisplayLists layout/painting/RetainedDisplayListBuilder.cpp:642
5 xul.dll void MergeState::ProcessOldNode layout/painting/RetainedDisplayListBuilder.cpp:515
6 xul.dll class AutoTArray<Index<MergedListUnits>, 2> MergeState::ProcessPredecessorsOfOldNode layout/painting/RetainedDisplayListBuilder.cpp:570
7 xul.dll struct Index<MergedListUnits> MergeState::ProcessItemFromNewList layout/painting/RetainedDisplayListBuilder.cpp:356
8 xul.dll bool RetainedDisplayListBuilder::MergeDisplayLists layout/painting/RetainedDisplayListBuilder.cpp:638
9 xul.dll RetainedDisplayListBuilder::AttemptPartialUpdate layout/painting/RetainedDisplayListBuilder.cpp:1313

=============================================================

reports for tab crashes with this signature are newly showing up in the firefox 65 beta cycle (in fairly low volume though). they are predominantly coming from 32bit installations.
the crash appears to be in a codepath that got added in bug 1504233 and addresses look security sensitive.

Comment 1

[Miko Mynttinen]

Looks like a duplicate of bug 1509581 with a new signature.