When rapidly dragging scrollbar: "Assertion failure: aMax >= aMin (clamped(): aMax must be greater than or equal to aMin), at ../../dist/include/nsAlgorithm.h:36"
Categories
(Core :: Panning and Zooming, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox68 | --- | fixed |
People
(Reporter: dholbert, Assigned: kats)
References
(Regressed 1 open bug)
Details
Attachments
(4 files)
noscroll.png
STR:
- In a debug build of Firefox, load attached testcase.
- Click and hold the vertical scrollbar inside the green box, and rapidly drag it up and down.
ACTUAL RESULTS:
Within ~10 seconds of continuous up-and-down scrollbar dragging, I hit this fatal assertion:
Assertion failure: aMax >= aMin (clamped(): aMax must be greater than or equal to aMin), at ../../dist/include/nsAlgorithm.h:36
#01: int const& mozilla::clamped<int>(int const&, int const&, int const&) (/scratch/work/builds/mozilla-central/obj/netwerk/base/../../dist/include/nsAlgorithm.h:35)
#02: ClampAndAlignWithPixels(int, int, int, int, int, int, double, int) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2533)
#03: ClampAndAlignWithLayerPixels(nsPoint const&, nsRect const&, nsRect const&, nsPoint const&, int, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, double> const&) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2585)
#04: mozilla::ScrollFrameHelper::ScrollToImpl(nsPoint, nsRect const&, nsAtom*) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2697)
#05: mozilla::ScrollFrameHelper::CompleteAsyncScroll(nsRect const&, nsAtom*) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2142)
#06: mozilla::ScrollFrameHelper::ScrollToWithOrigin(nsPoint, nsIScrollableFrame::ScrollMode, nsAtom*, nsRect const*, nsIScrollbarMediator::ScrollSnapMode) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2262)
#07: mozilla::ScrollFrameHelper::ScrollToCSSPixelsApproximate(mozilla::gfx::PointTyped<mozilla::CSSPixel, float> const&, nsAtom*) ($SRC/layout/generic/nsGfxScrollFrame.cpp:2215)
#08: nsHTMLScrollFrame::ScrollToCSSPixelsApproximate(mozilla::gfx::PointTyped<mozilla::CSSPixel, float> const&, nsAtom*) (/scratch/work/builds/mozilla-central/obj/layout/generic/../../../mozilla/layout/generic/nsGfxScrollFrame.h:976)
#09: mozilla::layers::ScrollFrameTo(nsIScrollableFrame*, mozilla::layers::RepaintRequest const&, bool&) ($SRC/gfx/layers/apz/util/APZCCallbackHelper.cpp:149)
#10: mozilla::layers::ScrollFrame(nsIContent*, mozilla::layers::RepaintRequest const&) ($SRC/gfx/layers/apz/util/APZCCallbackHelper.cpp:190)
#11: mozilla::layers::APZCCallbackHelper::UpdateSubFrame(mozilla::layers::RepaintRequest const&) ($SRC/gfx/layers/apz/util/APZCCallbackHelper.cpp:363)
#12: mozilla::dom::TabChildBase::UpdateFrameHandler(mozilla::layers::RepaintRequest const&) ($SRC/dom/ipc/TabChild.cpp:251)
#13: mozilla::dom::TabChild::UpdateFrame(mozilla::layers::RepaintRequest const&) ($SRC/dom/ipc/TabChild.cpp:1205)
#14: mozilla::layers::ContentProcessController::RequestContentRepaint(mozilla::layers::RepaintRequest const&) ($SRC/gfx/layers/apz/util/ContentProcessController.cpp:34)
#15: mozilla::layers::APZChild::RecvRequestContentRepaint(mozilla::layers::RepaintRequest const&) ($SRC/gfx/layers/ipc/APZChild.cpp:41)
#16: mozilla::layers::PAPZChild::OnMessageReceived(IPC::Message const&) (/scratch/work/builds/mozilla-central/obj/ipc/ipdl/./PAPZChild.cpp:146)
#17: mozilla::layers::PCompositorManagerChild::OnMessageReceived(IPC::Message const&) (/scratch/work/builds/mozilla-central/obj/ipc/ipdl/./PCompositorManagerChild.cpp:289)
#18: mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ($SRC/ipc/glue/MessageChannel.cpp:2151)
#19: mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (Unified_cpp_ipc_glue1.cpp:?)
#20: mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) (Unified_cpp_ipc_glue1.cpp:?)
#21: mozilla::ipc::MessageChannel::MessageTask::Run() ($SRC/ipc/glue/MessageChannel.cpp:1969)
#22: mozilla::SchedulerGroup::Runnable::Run() ($SRC/xpcom/threads/SchedulerGroup.cpp:295)
#23: nsThread::ProcessNextEvent(bool, bool*) ($SRC/xpcom/threads/nsThread.cpp:1182)
#24: NS_ProcessNextEvent(nsIThread*, bool) ($SRC/xpcom/threads/nsThreadUtils.cpp:482)
|
||
Updated•6 years ago
|
|
Assignee | |
Comment 1•6 years ago
|
||
Presumably you saw this on Linux? On macOS I don't even see a vertical scrollbar...
|
Reporter | |
Comment 2•6 years ago
|
||
Yes, this was on Linux. Here's a screenshot of what the testcase looks like for me.
(Note that there's no specified height on the scrollframe, so I'm not sure how we decide how tall to make it.... It seems like it gets its intrinsic size from the scrollbars, i.e. it's as tall as the box in this data URI:
data:text/html,<div style="overflow:scroll; border: 3px solid black; width: 50px">
And then, in testcase 1, it should show a vertical scrollbar because it does have scrollable overflow (from its tall out-of-flow descendant). Not sure why that doesn't happen on Mac. shrug
|
|
Reporter | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 3•6 years ago
|
||
I can repro on Linux, investigating.
The function is being called with aDestLower=2147423648 and aDestUpper=-2147423649 which are not happy numbers. This I traced back to the APZ repaint request coming in with a NaN scroll offset y-coordinate.
|
|
Assignee | |
Comment 4•6 years ago
|
||
NaN is coming from maxThumbPos going to 0 because the scrollbar track length == the thumb length.
|
|
Assignee | |
Comment 5•6 years ago
|
||
Fixing the NaN is easy enough. But there's probably another bug here because the thumb length probably shouldn't be equal to the track length. The NaN can also trigger other assertion failures in the parent process though (I saw one in AsyncCompositionManager) so it's good to guard against that regardless.
|
|
Assignee | |
Comment 6•6 years ago
|
||
|
|
Reporter | |
Comment 8•6 years ago
|
||
Thanks!
|
||
Comment 9•6 years ago
|
||
| bugherder | ||
|
|
||
Updated•6 years ago
|
Description
•