Closed Bug 1617270 Opened 4 years ago Closed 1 year ago

division by zero in src/gfx/layers/LayersHelpers.cpp:53

Categories

(Core :: Graphics: Layers, defect, P3)

Product:
Core
Component:
Graphics: Layers
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox74 --- affected
firefox75 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: testcase)

Attachments

(1 file)

testcase.html
987 bytes, text/html
Details
Attached file testcase.html

Reduced with m-c 20200219-5bfe22b4bd0d

To enable this check add the following to your mozconfig:

ac_add_options --enable-undefined-sanitizer="float-divide-by-zero"

src/gfx/layers/LayersHelpers.cpp:53:25: runtime error: division by zero

#0 0x7fe88810528e in mozilla::layers::ComputeBackdropCopyRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float>*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float>*) src/gfx/layers/LayersHelpers.cpp:53:25
#1 0x7fe8880827c7 in mozilla::layers::Compositor::ComputeBackdropCopyRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float>*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float>*) src/gfx/layers/Compositor.cpp:544:10
#2 0x7fe8882160d4 in void mozilla::layers::CompositorOGL::DrawGeometry<mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> >(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::EffectChain const&, float, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) src/gfx/layers/opengl/CompositorOGL.cpp:1567:27
#3 0x7fe88820cd03 in mozilla::layers::CompositorOGL::DrawQuad(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::EffectChain const&, float, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) src/gfx/layers/opengl/CompositorOGL.cpp:1395:3
#4 0x7fe88807c7ff in mozilla::layers::Compositor::DrawGeometry(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::EffectChain const&, float, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/Compositor.cpp:240:5
#5 0x7fe8886978e7 in mozilla::layers::Compositor::DrawGeometry(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::EffectChain const&, float, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/objdir-ff-ubsan/dist/include/mozilla/layers/Compositor.h:319:5
#6 0x7fe8886eac74 in void mozilla::layers::RenderWithAllMasks<void mozilla::layers::ContainerRender<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&)::'lambda'(mozilla::layers::EffectChain&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&)>(mozilla::layers::Layer*, mozilla::layers::Compositor*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::ContainerLayerComposite) src/gfx/layers/composite/LayerManagerComposite.h:739:5
#7 0x7fe8886908a0 in void mozilla::layers::ContainerRender<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:633:5
#8 0x7fe8886ec5bc in void mozilla::layers::RenderLayers<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:474:22
#9 0x7fe8886905ee in void mozilla::layers::ContainerRender<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:646:5
#10 0x7fe8886ec5bc in void mozilla::layers::RenderLayers<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:474:22
#11 0x7fe8886905ee in void mozilla::layers::ContainerRender<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:646:5
#12 0x7fe8886ec5bc in void mozilla::layers::RenderLayers<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:474:22
#13 0x7fe8886ea1d1 in void mozilla::layers::RenderIntermediate<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, RefPtr<mozilla::layers::CompositingRenderTarget>) src/gfx/layers/composite/ContainerLayerComposite.cpp:589:3
#14 0x7fe888691a85 in void mozilla::layers::ContainerPrepare<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:270:9
#15 0x7fe88869131f in void mozilla::layers::ContainerPrepare<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:229:20
#16 0x7fe88869391f in void mozilla::layers::ContainerPrepare<mozilla::layers::RefLayerComposite>(mozilla::layers::RefLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:229:20
#17 0x7fe88869131f in void mozilla::layers::ContainerPrepare<mozilla::layers::ContainerLayerComposite>(mozilla::layers::ContainerLayerComposite*, mozilla::layers::LayerManagerComposite*, mozilla::gfx::IntRectTyped<mozilla::RenderTargetPixel> const&) src/gfx/layers/composite/ContainerLayerComposite.cpp:229:20
#18 0x7fe88871780c in mozilla::layers::LayerManagerComposite::Render(mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&) src/gfx/layers/composite/LayerManagerComposite.cpp:1180:18
#19 0x7fe888716385 in mozilla::layers::LayerManagerComposite::UpdateAndRender() src/gfx/layers/composite/LayerManagerComposite.cpp:645:19
#20 0x7fe888715b28 in mozilla::layers::LayerManagerComposite::EndTransaction(mozilla::TimeStamp const&, mozilla::layers::LayerManager::EndTransactionFlags) src/gfx/layers/composite/LayerManagerComposite.cpp:564:5
#21 0x7fe8887a3089 in mozilla::layers::CompositorBridgeParent::CompositeToTarget(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::gfx::DrawTarget*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) src/gfx/layers/ipc/CompositorBridgeParent.cpp:1047:18
#22 0x7fe8887cb368 in mozilla::layers::CompositorVsyncScheduler::Composite(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/gfx/layers/ipc/CompositorVsyncScheduler.cpp:250:27
#23 0x7fe88884f44b in mozilla::detail::RunnableMethodImpl<mozilla::layers::CompositorVsyncScheduler*, void (mozilla::layers::CompositorVsyncScheduler::*)(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp), true, (mozilla::RunnableKind)1, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp>::Run() src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:1212:13
#24 0x7fe885e75f8a in MessageLoop::RunTask(already_AddRefed<nsIRunnable>) src/ipc/chromium/src/base/message_loop.cc:442:9
#25 0x7fe885e76acf in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) src/ipc/chromium/src/base/message_loop.cc:450:5
#26 0x7fe885e76e63 in MessageLoop::DoWork() src/ipc/chromium/src/base/message_loop.cc:523:13 
#27 0x7fe885e783d2 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) src/ipc/chromium/src/base/message_pump_default.cc:35:31
#28 0x7fe885e75b24 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#29 0x7fe885ead129 in base::Thread::ThreadMain() src/ipc/chromium/src/base/thread.cc:192:16
#30 0x7fe885e81757 in ThreadFunc(void*) src/ipc/chromium/src/base/platform_thread_posix.cc:40:13
#31 0x7fe8b0f626da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#32 0x7fe8aff4088e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?

A Pernosco session is available here: https://pernos.co/debug/zElZ42Sbko2ihQQMTIRziA/index.html

The priority flag is not set for this bug.
:jbonisteel, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(jbonisteel)
Flags: needinfo?(jbonisteel)
Priority: -- → P3
Severity: normal → S3

This code was removed in bug 1735261. Is it alright to close this?

Flags: needinfo?(twsmith)

Yes, thank you for pointing this out.

Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(twsmith)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: