Closed
Bug 1586470
Opened 5 years ago
Closed 5 years ago
Assertion failure: aContainingBlockISize >= 0 (inline-size less than zero), at src/layout/generic/nsFrame.cpp:6578
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
RESOLVED
DUPLICATE
of bug 1168921
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])
Attachments
(1 file)
|
163 bytes,
text/html
|
Details |
Reduced with m-c:
BuildID=20191004213811
SourceStamp=74c62117e3e5215f69a07e5ba0adddae33773060
This issue is hit frequently by fuzzers and can limit their effectiveness.
Assertion failure: aContainingBlockISize >= 0 (inline-size less than zero), at src/layout/generic/nsFrame.cpp:6578
#0 0x7f1cbaf3fb3e in nsIFrame::ComputeISizeValue(gfxContext*, int, int, int, mozilla::StyleLengthPercentage const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsFrame.cpp:6572:3
#1 0x7f1cbae41eef in int nsIFrame::ComputeISizeValue<mozilla::StyleGenericMaxSize<mozilla::StyleLengthPercentage> >(gfxContext*, int, int, int, mozilla::StyleGenericMaxSize<mozilla::StyleLengthPercentage> const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsIFrame.h:4181:14
#2 0x7f1cbaf39d0a in nsFrame::ComputeSize(gfxContext*, mozilla::WritingMode, mozilla::LogicalSize const&, int, mozilla::LogicalSize const&, mozilla::LogicalSize const&, mozilla::LogicalSize const&, nsIFrame::ComputeSizeFlags) src/layout/generic/nsFrame.cpp:5919:16
#3 0x7f1cbae21c9e in mozilla::ReflowInput::InitConstraints(nsPresContext*, mozilla::Maybe<mozilla::LogicalSize> const&, nsMargin const*, nsMargin const*, mozilla::LayoutFrameType) src/layout/generic/ReflowInput.cpp:2477:34
#4 0x7f1cbae1ba43 in mozilla::ReflowInput::Init(nsPresContext*, mozilla::Maybe<mozilla::LogicalSize> const&, nsMargin const*, nsMargin const*) src/layout/generic/ReflowInput.cpp:355:3
#5 0x7f1cbae1d69b in mozilla::ReflowInput::ReflowInput(nsPresContext*, mozilla::ReflowInput const&, nsIFrame*, mozilla::LogicalSize const&, mozilla::Maybe<mozilla::LogicalSize> const&, unsigned int) src/layout/generic/ReflowInput.cpp:229:5
#6 0x7f1cbae8395d in void mozilla::Maybe<mozilla::ReflowInput>::emplace<nsPresContext*&, mozilla::ReflowInput const&, nsIFrame*&, mozilla::LogicalSize, mozilla::Maybe<mozilla::LogicalSize>&>(nsPresContext*&, mozilla::ReflowInput const&, nsIFrame*&, mozilla::LogicalSize&&, mozilla::Maybe<mozilla::LogicalSize>&) src/obj-firefox/dist/include/mozilla/Maybe.h:526:32
#7 0x7f1cbae7c6b1 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3605:22
#8 0x7f1cbae77b00 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#9 0x7f1cbae6d8b2 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#10 0x7f1cbae677da in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#11 0x7f1cbaeaf1a7 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:910:14
#12 0x7f1cbaeb46e1 in nsColumnSetFrame::ReflowChildren(mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&, nsColumnSetFrame::ReflowConfig const&, bool) src/layout/generic/nsColumnSetFrame.cpp:795:7
#13 0x7f1cbaeb35e9 in nsColumnSetFrame::ReflowColumns(mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&, nsColumnSetFrame::ReflowConfig&, bool) src/layout/generic/nsColumnSetFrame.cpp:452:37
#14 0x7f1cbaeb8a4a in nsColumnSetFrame::FindBestBalanceBSize(mozilla::ReflowInput const&, nsPresContext*, nsColumnSetFrame::ReflowConfig&, nsColumnSetFrame::ColumnBalanceData, mozilla::ReflowOutput&, bool, nsReflowStatus&) src/layout/generic/nsColumnSetFrame.cpp:1226:9
#15 0x7f1cbaeb9dc6 in nsColumnSetFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsColumnSetFrame.cpp:1359:5
#16 0x7f1cbae8467d in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:291:11
#17 0x7f1cbae7ca15 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#18 0x7f1cbae77b00 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#19 0x7f1cbae6d8b2 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#20 0x7f1cbae677da in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#21 0x7f1cbae8467d in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:291:11
#22 0x7f1cbae7ca15 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#23 0x7f1cbae77b00 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#24 0x7f1cbae6d8b2 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#25 0x7f1cbae677da in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#26 0x7f1cbae8467d in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) src/layout/generic/nsBlockReflowContext.cpp:291:11
#27 0x7f1cbae7ca15 in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:3649:11
#28 0x7f1cbae77b00 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) src/layout/generic/nsBlockFrame.cpp:2994:5
#29 0x7f1cbae6d8b2 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) src/layout/generic/nsBlockFrame.cpp:2537:7
#30 0x7f1cbae677da in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsBlockFrame.cpp:1280:3
#31 0x7f1cbaeaf1a7 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:910:14
#32 0x7f1cbaeadd0a in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsCanvasFrame.cpp:729:5
#33 0x7f1cbaeaf1a7 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:910:14
#34 0x7f1cbaf8896a in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*) src/layout/generic/nsGfxScrollFrame.cpp:644:3
#35 0x7f1cbaf8a0c2 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) src/layout/generic/nsGfxScrollFrame.cpp:758:3
#36 0x7f1cbaf8d5c2 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsGfxScrollFrame.cpp:1160:3
#37 0x7f1cbae58b6b in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:950:14
#38 0x7f1cbae58244 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:299:7
#39 0x7f1cbac6f2f5 in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) src/layout/base/PresShell.cpp:9219:11
#40 0x7f1cbac7ffd7 in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9389:24
#41 0x7f1cbac7eabd in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4158:11
#42 0x7f1cbac20621 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2014:20
#43 0x7f1cbac2c3d5 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:350:7
#44 0x7f1cbac2c140 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:367:5
#45 0x7f1cbac2f380 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:727:16
#46 0x7f1cbac2e6c0 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:622:9
#47 0x7f1cbb33b94b in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#48 0x7f1cb4daba03 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:187:54
#49 0x7f1cb4b43d4e in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:5876:32
#50 0x7f1cb475f157 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2185:25
#51 0x7f1cb475c634 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2109:9
#52 0x7f1cb475d3ae in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1954:3
#53 0x7f1cb475db55 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1985:13
#54 0x7f1cb386875a in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#55 0x7f1cb3870586 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#56 0x7f1cb4766c35 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#57 0x7f1cb467139c in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#58 0x7f1cb4671214 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#59 0x7f1cba80309a in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#60 0x7f1cbd9cb055 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#61 0x7f1cb4767949 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#62 0x7f1cb467139c in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#63 0x7f1cb4671214 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#64 0x7f1cbd9ca632 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#65 0x559d73d1ae3b in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#66 0x559d73d1b24b in main src/browser/app/nsBrowserApp.cpp:272:18
Flags: in-testsuite?
|
Reporter | |
Comment 1•5 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/sqOp58wU1LjwS16IBZMCVQ/index.html
Note: The session will expire in 7 days.
See Also: → 1460354
Whiteboard: [fuzzblocker]
|
||
Comment 2•5 years ago
|
||
Looks like the testcase uses multicol -- TYLin, mind taking a look?
Flags: needinfo?(aethanyc)
|
||
Comment 3•5 years ago
|
||
This also happens without "column-span" enabled.
The test case contains <dd> with "writing-mode:vertical-rl" and "RTL" on <dd>, it creates a orthogonal reflow with its parent <dl>. <dd> also has "box-decoration-break: clone", which is critical in the following analysis.
By default, html.css gives <dd> "margin-inline-start: 40px", so it effectively has a "margin-bottom" in its parent's writing-mode.
In this test case, when we compute the availale block-size for <dd> in BlockReflowInput::ComputeBlockAvailSpace, the result block-size can be negative given we subtract the block-end margin (because it has "box-decoration-break: clone"). Note the availBSize can be small even if <dl> has "height:auto" because we are trying to balance the columns.
Later on, when initializing ReflowInput for <dd> in ReflowInput::InitConstraints, it takes the nagative available block-size computed above (in its writing-mode, it become available inline-size), and use the nagtive result as its containing block's inline-size. Hance the assertion.
Maybe we can fix bug 1168921 that stops clone the block margin in BlockReflowInput::ComputeBlockAvailSpace to avoid producing negative available block-size.
Priority: -- → P3
|
|
||
Comment 4•5 years ago
|
||
This bug is fixed in bug 1168921 with the test case in comment 0 added there.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(aethanyc)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•