Closed
Bug 1612891
Opened 5 years ago
Closed 5 years ago
Assertion failure: !Failed(), at /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/ErrorResult.h:545
Categories
(Core :: DOM: Animation, defect, P3)
Core
DOM: Animation
Tracking
()
RESOLVED
FIXED
mozilla75
People
(Reporter: jkratzer, Assigned: boris)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(3 files)
Testcase found while fuzzing mozilla-central rev f4e3917a0fa1.
Assertion failure: !Failed(), at /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/ErrorResult.h:545
rax = 0x000055fff01fc340 rdx = 0x0000000000000000
rcx = 0x00007fb26f70264d rbx = 0x00007fff535e1cb0
rsi = 0x00007fb27c2388b0 rdi = 0x00007fb27c237680
rbp = 0x00007fff535e1be0 rsp = 0x00007fff535e1be0
r8 = 0x00007fb27c2388b0 r9 = 0x00007fb27d39f780
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x0000000000000000 r13 = 0x00007fb262a18d08
r14 = 0x00007fff535e1ea0 r15 = 0x00007fff535e1d28
rip = 0x00007fb26a659a26
OS|Linux|0.0.0 Linux 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|8
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::AssertReportedOrSuppressed()|hg:hg.mozilla.org/mozilla-central:dom/bindings/ErrorResult.h:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|546|0x2f
0|1|libxul.so|mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::~TErrorResult()|hg:hg.mozilla.org/mozilla-central:dom/bindings/ErrorResult.h:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|142|0x8
0|2|libxul.so|mozilla::KeyframeUtils::GetKeyframesFromObject(JSContext*, mozilla::dom::Document*, JS::Handle<JSObject*>, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/animation/KeyframeUtils.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|219|0x45a
0|3|libxul.so|mozilla::dom::KeyframeEffect::SetKeyframes(JSContext*, JS::Handle<JSObject*>, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/animation/KeyframeEffect.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|226|0x5
0|4|libxul.so|mozilla::dom::KeyframeEffect::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/animation/KeyframeEffect.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|912|0x14b
0|5|libxul.so|mozilla::dom::Element::Animate(mozilla::dom::Nullable<mozilla::dom::ElementOrCSSPseudoElement> const&, JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/base/Element.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|3243|0x26
0|6|libxul.so|mozilla::dom::Element::Animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/base/Element.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|3211|0x5
0|7|libxul.so|mozilla::dom::Element_Binding::animate|s3:gecko-generated-sources:ce5f1b92c75a855fe229d4dbc21e14fc76fdee3aeac44f86d10ddb95f36143d16b4a748401867b14c2585b726294619723a2c64283a28ea569d1b97c7d4ec7a0/dom/bindings/ElementBinding.cpp:|5060|0x24
0|8|libxul.so|bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*)|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|3151|0x21
0|9|libxul.so|CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|469|0x19
0|10|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|561|0x12
0|11|libxul.so|InternalCall|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|624|0x10
0|12|libxul.so|Interpret|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|3036|0x16
0|13|libxul.so|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|405|0xfe
0|14|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|596|0xf
0|15|libxul.so|InternalCall|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|624|0x10
0|16|libxul.so|js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|641|0x8
0|17|libxul.so|JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|2797|0x1f
0|18|libxul.so|mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&)|s3:gecko-generated-sources:9ca8646d8042e9b4b76d2e1b358b984be17743b71b832c0897d61bb500e0fecbe38fa54273dc522878c87fcb2c9bfd274a8190c7bc56fbbb58cb3ca68462e527/dom/bindings/EventListenerBinding.cpp:|52|0x5
0|19|libxul.so|mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*)|s3:gecko-generated-sources:f3d9c01258576daaac3afc4fb3b283652e7f1168abb5287eff6775451ebd0ab6a0e4c8d88d3a67f7147042501bc091c6dfed25b4b8ccf4e4f420897b8d0ba906/dist/include/mozilla/dom/EventListenerBinding.h:|66|0x1c
0|20|libxul.so|mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool)|hg:hg.mozilla.org/mozilla-central:dom/events/EventListenerManager.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1271|0x1c
0|21|libxul.so|mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|326|0x6b
0|22|libxul.so|mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|558|0x12
0|23|libxul.so|mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1055|0x1a
0|24|libxul.so|nsDocumentViewer::LoadComplete(nsresult)|hg:hg.mozilla.org/mozilla-central:layout/base/nsDocumentViewer.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1143|0x1a
0|25|libxul.so|nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|6094|0x18
0|26|libxul.so|nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|5877|0x1c
0|27|libxul.so|nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1347|0x31
0|28|libxul.so|nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|906|0x2a
0|29|libxul.so|nsDocLoader::DocLoaderIsEmpty(bool)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|726|0x15
0|30|libxul.so|nsDocLoader::OnStopRequest(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|614|0x16
0|31|libxul.so|mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsLoadGroup.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|604|0x1a
0|32|libxul.so|mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult)|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsLoadGroup.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|511|0xe
0|33|libxul.so|mozilla::dom::Document::DoUnblockOnload()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|10683|0x4c
0|34|libxul.so|mozilla::dom::Document::UnblockOnload(bool)|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|10617|0x2a
0|35|libxul.so|mozilla::dom::Document::DispatchContentLoadedEvents()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|7312|0xd
0|36|libxul.so|mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1215|0x5
0|37|libxul.so|mozilla::SchedulerGroup::Runnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|282|0x14
0|38|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|1220|0xe
0|39|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|486|0x11
0|40|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|87|0xa
0|41|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|315|0x19
0|42|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|290|0x8
0|43|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|137|0xd
0|44|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|943|0x6
0|45|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|237|0x5
0|46|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|315|0x19
0|47|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|290|0x8
0|48|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|778|0x8
0|49|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|56|0x14
0|50|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|303|0x12
0|51|libc-2.27.so||||0x21b97
0|52|firefox-bin|__cxa_throw_bad_array_new_length|hg:hg.mozilla.org/mozilla-central:build/unix/stdc++compat/stdc++compat.cpp:f4e3917a0fa15fb009e0ec4403ea7d066ee0e3c0|82|0x12
0|53|firefox-bin||||0x10e30
0|54|ld-2.27.so||||0x10733
0|55|libdl-2.27.so||||0x202d80
0|56|libpthread-2.27.so||||0x219bb0
0|57|firefox-bin||||0x10e30
0|58|firefox-bin|_start|||0x29
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
We need to call MaybeSetPendingException in cases where we bail out from for loop in ConvertKeyframeSequence.
|
||
Updated•5 years ago
|
Priority: -- → P3
|
Assignee | |
Updated•5 years ago
|
Flags: needinfo?(boris.chiou)
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → boris.chiou
Flags: needinfo?(boris.chiou)
|
|
Assignee | |
Comment 2•5 years ago
|
||
Looks like we have an unhandled ErrorResult after parsing an invalid easing, so we hit this assertion. We have to handle all possible ErrorResult in each early return.
|
|
Assignee | |
Comment 3•5 years ago
|
||
(In reply to Boris Chiou [:boris] from comment #2)
Looks like we have an unhandled ErrorResult after parsing an invalid easing, so we hit this assertion. We have to handle all possible ErrorResult in each early return.
The early return line we hit in the test: https://searchfox.org/mozilla-central/rev/96f1457323cc598a36f5701f8e67aedaf97acfcf/dom/animation/KeyframeUtils.cpp#411
However, we have to do the same thing on all early returns.
|
|
Assignee | |
Comment 5•5 years ago
|
||
We shouldn't early return without handling the parseEasingResult in
ConvertKeyframeSequence().
|
||
Updated•5 years ago
|
Attachment #9129012 -
Attachment description: Bug 1612891 - Always handle ErrorResult in ConvertKeyframeSequence. → Bug 1612891 - Suppress parsing easing error in early returns of ConvertKeyframeSequence.
|
|
Assignee | |
Comment 6•5 years ago
|
||
Pushed by bchiou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9aad6bdfb58c
Suppress parsing easing error in early returns of ConvertKeyframeSequence. r=birtles
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/22089 for changes under testing/web-platform/tests
Upstream web-platform-tests status checks passed, PR will merge once commit reaches central.
|
||
Comment 10•5 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox75:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
Upstream PR merged by moz-wptsync-bot
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
status-firefox73:
--- → wontfix
status-firefox-esr68:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
|
||
Comment 12•5 years ago
|
||
Was there a reason to add a new suppressor class instead of just using an IgnoredErrorResult for parseEasingResult?
Flags: needinfo?(boris.chiou)
|
|
Assignee | |
Comment 13•5 years ago
|
||
(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #12)
Was there a reason to add a new suppressor class instead of just using an
IgnoredErrorResultforparseEasingResult?
No. I didn't notice IgnoredErrorResult works well for this case. I can upload a patch to use it instead and drop the suppressor class. Thanks for this reminder.
Flags: needinfo?(boris.chiou)
|
|
Assignee | |
Comment 14•5 years ago
|
||
IgnoredErrorResult works well as the auto suppressor class and it's
cleaner.
|
||
Comment 15•5 years ago
|
||
Pushed by bchiou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f3b4666175d6
Use IgnoredErrorResult as the parsing easing error result. r=bzbarsky
|
||
Comment 16•5 years ago
|
||
| bugherder | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•