Closed
Bug 1577669
Opened 6 years ago
Closed 6 years ago
left shift of 255 by 24 places cannot be represented in type 'int'
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
FIXED
mozilla70
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | disabled |
People
(Reporter: tsmith, Assigned: jfkthame)
References
(Blocks 3 open bugs)
Details
(Keywords: csectype-undefined, testcase)
Attachments
(2 files)
Reduced with 20190829-8edbf8fe48bf
This was built with undefined behavior sanitizer checks enabled via mozconfig.
ac_add_options --enable-undefined-sanitizer="shift"
This testcase requires:
layout.css.column-span.enabled=true
layout.css.individual-transform.enabled=true
src/gfx/cairo/libpixman/src/pixman-sse2.c:6447:20: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x7f067b096eb5 in sse2_fetch_a8 src/gfx/cairo/libpixman/src/pixman-sse2.c
#1 0x7f067afe889a in general_composite_rect src/gfx/cairo/libpixman/src/pixman-general.c:211:6
#2 0x7f067b09e173 in _moz_pixman_image_composite32 src/gfx/cairo/libpixman/src/pixman.c:707:2
#3 0x7f067ae4eb13 in _composite_boxes src/gfx/cairo/cairo/src/cairo-image-surface.c:3051:3
#4 0x7f067ae4eb13 in _clip_and_composite_boxes src/gfx/cairo/cairo/src/cairo-image-surface.c:3090
#5 0x7f067ae3da5b in _cairo_image_surface_paint src/gfx/cairo/cairo/src/cairo-image-surface.c:3338:11
#6 0x7f067aeb3dab in _cairo_surface_paint src/gfx/cairo/cairo/src/cairo-surface.c:2110:11
#7 0x7f067ae2dc2b in _cairo_gstate_paint src/gfx/cairo/cairo/src/cairo-gstate.c:1049:14
#8 0x7f067aedc2f1 in _moz_cairo_paint src/gfx/cairo/cairo/src/cairo.c:2252:14
#9 0x7f067aedc5b4 in _moz_cairo_paint_with_alpha src/gfx/cairo/cairo/src/cairo.c:2280:2
#10 0x7f0672c82b62 in mozilla::gfx::DrawTargetCairo::DrawSurface(mozilla::gfx::SourceSurface*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::DrawSurfaceOptions const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetCairo.cpp:828:3
#11 0x7f0672d277c7 in mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1206:7
#12 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#13 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#14 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#15 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#16 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#17 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#18 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#19 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#20 0x7f0672d3cfd6 in mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:3166:10
#21 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#22 0x7f0672d1df7d in mozilla::gfx::FilterNodeSoftware::Draw(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/FilterNodeSoftware.cpp:572:14
#23 0x7f0672ce8d2b in mozilla::gfx::DrawFilterCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const src/gfx/2d/DrawCommands.h:223:10
#24 0x7f0672de929c in mozilla::gfx::SourceSurfaceCapture::ResolveImpl(mozilla::gfx::BackendType) src/gfx/2d/SourceSurfaceCapture.cpp:140:10
#25 0x7f0672de8919 in mozilla::gfx::SourceSurfaceCapture::Resolve(mozilla::gfx::BackendType) src/gfx/2d/SourceSurfaceCapture.cpp:97:15
#26 0x7f0672de99ba in mozilla::gfx::SourceSurfaceCapture::GetDataSurface() src/gfx/2d/SourceSurfaceCapture.cpp:158:35
#27 0x7f0672d1f229 in mozilla::gfx::GetDataSurfaceInRect(mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::ConvolveMatrixEdgeMode) src/gfx/2d/FilterNodeSoftware.cpp:402:33
#28 0x7f0672d22d96 in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:803:7
#29 0x7f0672d26f3c in mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1169:7
#30 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#31 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#32 0x7f0672d2ec28 in mozilla::gfx::FilterNodeComponentTransferSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1846:7
#33 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#34 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#35 0x7f0672d390f3 in mozilla::gfx::FilterNodeBlurXYSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2997:12
#36 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#37 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#38 0x7f0672d26f3c in mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1169:7
#39 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#40 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#41 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#42 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#43 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#44 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#45 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#46 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#47 0x7f0672d3cfd6 in mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:3166:10
#48 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#49 0x7f0672d1df7d in mozilla::gfx::FilterNodeSoftware::Draw(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/FilterNodeSoftware.cpp:572:14
#50 0x7f0672ce8d2b in mozilla::gfx::DrawFilterCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const src/gfx/2d/DrawCommands.h:223:10
#51 0x7f0672de929c in mozilla::gfx::SourceSurfaceCapture::ResolveImpl(mozilla::gfx::BackendType) src/gfx/2d/SourceSurfaceCapture.cpp:140:10
#52 0x7f0672de8919 in mozilla::gfx::SourceSurfaceCapture::Resolve(mozilla::gfx::BackendType) src/gfx/2d/SourceSurfaceCapture.cpp:97:15
#53 0x7f0672de99ba in mozilla::gfx::SourceSurfaceCapture::GetDataSurface() src/gfx/2d/SourceSurfaceCapture.cpp:158:35
#54 0x7f0672d1f229 in mozilla::gfx::GetDataSurfaceInRect(mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::ConvolveMatrixEdgeMode) src/gfx/2d/FilterNodeSoftware.cpp:402:33
#55 0x7f0672d22d96 in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:803:7
#56 0x7f0672d26f3c in mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1169:7
#57 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#58 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#59 0x7f0672d2ec28 in mozilla::gfx::FilterNodeComponentTransferSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1846:7
#60 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#61 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#62 0x7f0672d390f3 in mozilla::gfx::FilterNodeBlurXYSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2997:12
#63 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#64 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#65 0x7f0672d26f3c in mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:1169:7
#66 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#67 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#68 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#69 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#70 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#71 0x7f0672d3807f in mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:2908:37
#72 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#73 0x7f0672d22aba in mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/2d/FilterNodeSoftware.cpp:770:25
#74 0x7f0672d3cfd6 in mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:3166:10
#75 0x7f0672d1ed1c in mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/2d/FilterNodeSoftware.cpp:638:20
#76 0x7f0672d1df7d in mozilla::gfx::FilterNodeSoftware::Draw(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/FilterNodeSoftware.cpp:572:14
#77 0x7f0672ce8d2b in mozilla::gfx::DrawFilterCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const src/gfx/2d/DrawCommands.h:223:10
#78 0x7f0672c7db65 in mozilla::gfx::DrawTargetCaptureImpl::ReplayToDrawTarget(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const&) src/gfx/2d/DrawTargetCapture.cpp:330:10
#79 0x7f0672c7d995 in mozilla::gfx::DrawTarget::DrawCapturedDT(mozilla::gfx::DrawTargetCapture*, mozilla::gfx::BaseMatrix<float> const&) src/gfx/2d/DrawTarget.cpp:168:9
#80 0x7f067308821c in mozilla::layers::PaintThread::AsyncPaintTask(mozilla::layers::CompositorBridgeChild*, mozilla::layers::PaintTask*) src/gfx/layers/PaintThread.cpp:206:13
#81 0x7f06730d0473 in operator() src/gfx/layers/PaintThread.cpp:178:38
#82 0x7f06730d0473 in mozilla::detail::RunnableFunction<mozilla::layers::PaintThread::QueuePaintTask(mozilla::UniquePtr<mozilla::layers::PaintTask, mozilla::DefaultDelete<mozilla::layers::PaintTask> >&&)::$_7>::Run() src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:564
#83 0x7f066fbd0092 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#84 0x7f066fbd6bb6 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#85 0x7f06710f626c in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:333:5
#86 0x7f0670f677a7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#87 0x7f0670f677a7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#88 0x7f0670f677a7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#89 0x7f066fbc9339 in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:458:11
#90 0x7f0694a4dff9 in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:198:5
#91 0x7f069469f6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#92 0x7f069367d88e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
Assignee | |
Comment 1•6 years ago
|
||
This must be coming from one of the two lines in sse2_fetch_a8 that does
*dst++ = *(src++) << 24;
where src is a uint8_t*.
Makes sense, IIUC, because integer promotion is applied to the operands of the << operator: the uint8_t will be promoted to (signed) int, as that is large enough to hold all possible values of uint8_t. Then the shift is applied, but overflows.
To avoid this, the value should be explicitly cast to uint32_t before shifting.
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
|
Assignee | |
Comment 3•6 years ago
|
||
FTR, I also submitted this upstream at https://gitlab.freedesktop.org/pixman/pixman/merge_requests/12.
Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b541c2200a39
Cast to uint32_t before left-shifting byte value by 24 bits. r=jrmuizel
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
|
||
Updated•6 years ago
|
Assignee: nobody → jfkthame
|
|
||
Comment 6•6 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•