Closed Bug 1572252 Opened 6 years ago Closed 6 years ago

running Firefox with RUST_LOG="debug" results in a null pointer deref

Categories

(Core :: CSS Parsing and Computation, defect, P3)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- fixed

People

(Reporter: keeler, Assigned: emilio)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1572252 - Properly null-check a variable in debug-only code.
47 bytes, text/x-phabricator-request
Details | Review

STR:
RUST_LOG="debug" ./mach run

Results:

Assertion failure: mRawPtr != nullptr (You can't dereference a NULL nsCOMPtr with operator->().), at /home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/include/nsCOMPtr.h:843
#01: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0x7b78f64]
#02: _$LT$$LT$style..stylesheets..UrlExtraData$u20$as$u20$core..fmt..Debug$GT$..fmt..DebugReferrerInfo$u20$as$u20$core..fmt..Debug$GT$::fmt::he9ac570e2a66cdc1[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaeb190c]
#03: core::fmt::builders::DebugStruct::field::h25156107e87a29f6[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41c51e]
#04: _$LT$style..stylesheets..UrlExtraData$u20$as$u20$core..fmt..Debug$GT$::fmt::hafa2df12039c6ea4[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaeb0437]
#05: core::fmt::builders::DebugStruct::field::h25156107e87a29f6[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41c51e]
#06: _$LT$style..gecko..data..GeckoStyleSheet$u20$as$u20$core..fmt..Debug$GT$::fmt::h9b27db3b442207a4[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xad1bfc6]
#07: core::fmt::write::h8cfd01c67a4a46c9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41d1cc]
#08: _$LT$core..fmt..Arguments$u20$as$u20$core..fmt..Debug$GT$::fmt::hd46ba79a6aeeb364[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41ced1]
#09: core::fmt::write::h8cfd01c67a4a46c9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41d1cc]
#10: std::io::Write::write_fmt::h504f80f6d7d20b5a[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08aab2]
#11: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa089fe4]
#12: _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$core..ops..function..Fn$LT$A$GT$$GT$::call::h299d6bbca133cc1c[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08c8c7]
#13: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa095550]
#14: std::thread::local::LocalKey$LT$T$GT$::try_with::hc4f4fed81e138de9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa094e56]
#15: std::thread::local::LocalKey$LT$T$GT$::with::h3fa193c119cad24b[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa094dea]
#16: _$LT$env_logger..Logger$u20$as$u20$log..Log$GT$::log::h21f1c1347373c5ed[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08a51f]
#17: log::__private_api_log::h6f5d744fb0f52542[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb3adcea]
#18: style::stylist::CascadeData::collect_applicable_media_query_results_into::hb24c53ed69cbf1cd[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab0fbc1]
#19: style::stylist::UserAgentCascadeDataCache::lookup::he4314cf765fb2364[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab104f0]
#20: style::stylist::DocumentCascadeData::rebuild::hf62c4ec9b852bbef[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab100d2]
#21: style::stylist::Stylist::flush::ha6c69f1e7e4cc250[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab11d40]
#22: style::gecko::data::PerDocumentStyleDataImpl::flush_stylesheets::he3dd5195e1588022[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaad062a]

Program /home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/firefox (pid = 6399) received signal 11.
Stack:
#01: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0x9ccf8db]
#02: ???[/lib64/libpthread.so.0 +0x12e80]
#03: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0x4e39140]
#04: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0x7b78f64]
#05: _$LT$$LT$style..stylesheets..UrlExtraData$u20$as$u20$core..fmt..Debug$GT$..fmt..DebugReferrerInfo$u20$as$u20$core..fmt..Debug$GT$::fmt::he9ac570e2a66cdc1[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaeb190c]
#06: core::fmt::builders::DebugStruct::field::h25156107e87a29f6[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41c51e]
#07: _$LT$style..stylesheets..UrlExtraData$u20$as$u20$core..fmt..Debug$GT$::fmt::hafa2df12039c6ea4[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaeb0437]
#08: core::fmt::builders::DebugStruct::field::h25156107e87a29f6[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41c51e]
#09: _$LT$style..gecko..data..GeckoStyleSheet$u20$as$u20$core..fmt..Debug$GT$::fmt::h9b27db3b442207a4[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xad1bfc6]
#10: core::fmt::write::h8cfd01c67a4a46c9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41d1cc]
#11: _$LT$core..fmt..Arguments$u20$as$u20$core..fmt..Debug$GT$::fmt::hd46ba79a6aeeb364[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41ced1]
#12: core::fmt::write::h8cfd01c67a4a46c9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb41d1cc]
#13: std::io::Write::write_fmt::h504f80f6d7d20b5a[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08aab2]
#14: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa089fe4]
#15: _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$core..ops..function..Fn$LT$A$GT$$GT$::call::h299d6bbca133cc1c[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08c8c7]
#16: ???[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa095550]
#17: std::thread::local::LocalKey$LT$T$GT$::try_with::hc4f4fed81e138de9[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa094e56]
#18: std::thread::local::LocalKey$LT$T$GT$::with::h3fa193c119cad24b[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa094dea]
#19: _$LT$env_logger..Logger$u20$as$u20$log..Log$GT$::log::h21f1c1347373c5ed[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xa08a51f]
#20: log::__private_api_log::h6f5d744fb0f52542[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xb3adcea]
#21: style::stylist::CascadeData::collect_applicable_media_query_results_into::hb24c53ed69cbf1cd[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab0fbc1]
#22: style::stylist::UserAgentCascadeDataCache::lookup::he4314cf765fb2364[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab104f0]
#23: style::stylist::DocumentCascadeData::rebuild::hf62c4ec9b852bbef[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab100d2]
#24: style::stylist::Stylist::flush::ha6c69f1e7e4cc250[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xab11d40]
#25: style::gecko::data::PerDocumentStyleDataImpl::flush_stylesheets::he3dd5195e1588022[/home/keeler/mozilla-unified/obj-x86_64-pc-linux-gnu/dist/bin/libxul.so +0xaad062a]
Sleeping for 300 seconds.

The priority flag is not set for this bug.
:heycam, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(cam)

Ugh, I just ran into this. Sorry Dana, feel free to ni? me or others if you see nullptr derefs in the style system :)

Assignee: nobody → emilio
Flags: needinfo?(cam)
Priority: -- → P3
Regressed by: 1546334
Keywords: regression
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6e0106677f6d Properly null-check a variable in debug-only code.

Thanks!

https://hg.mozilla.org/mozilla-central/rev/6e0106677f6d

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox70: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: