/builds/worker/checkouts/gecko/gfx/skia/skia/include/core/SkPaint.h:603: fatal error: "assert(orig.isSorted())"
Categories
(Core :: Graphics, defect, P3)
Tracking
()
People
(Reporter: jkratzer, Assigned: lsalzman)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
358 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 32d6a3f1f83c (built with --enable-debug).
/builds/worker/checkouts/gecko/gfx/skia/skia/include/core/SkPaint.h:603: fatal error: "assert(orig.isSorted())"
rax = 0x00007f242c26f760 rdx = 0x00007f241297c128
rcx = 0x00007f241297c128 rbx = 0x00007f242c274680
rsi = 0x00007f24204dc11e rdi = 0x00007f2412979a48
rbp = 0x00007f241297c0f8 rsp = 0x00007f2412979a18
r8 = 0x00007f242c2758b0 r9 = 0x00007f24204dc11e
r10 = 0x0000000000000001 r11 = 0x0000000000000000
r12 = 0x00000000ffffffff r13 = 0x00007f2412cc9000
r14 = 0x00007f242c274680 r15 = 0x00000000fbad2887
rip = 0x00007f242bee666e
OS|Linux|0.0.0 Linux 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64
CPU|amd64|family 6 model 94 stepping 3|8
GPU|||
Crash|SIGSEGV|0x0|14
14|0|libc.so.6||||0x5e66e
14|1|libc.so.6||||0x132768
14|2|libxul.so|SkDebugf(char const*, ...)|hg:hg.mozilla.org/mozilla-central:gfx/skia/skia/src/ports/SkDebug_stdio.cpp:32d6a3f1f83cec54b8190f1993c7fa343406ce20|17|0x8
14|3|||||0x7f242bc692d0
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 1•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20200320173127-9dd52a62f5df.
The bug appears to have been introduced in the following build range:
> Start: 58bb9946f9ec43c3ffa7931a69b333a67ee6e904 (20191030221038)
> End: 5fe1e03dbfbca52dbaec0dc096ca1884a851203d (20191031095309)
> Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=58bb9946f9ec43c3ffa7931a69b333a67ee6e904&tochange=5fe1e03dbfbca52dbaec0dc096ca1884a851203d
|
||
Comment 2•4 years ago
|
||
Lee, this looks like it might have been caused by a Skia update in bug 1591996.
|
Assignee | |
Comment 3•4 years ago
|
||
Does this actually crash in release? Any fuzzing harness that is using debug builds should be using MOZ_SKIA_DISABLE_ASSERTS=1 in the environment to silence asymptomatic assertions like these.
|
|
Reporter | |
Comment 4•4 years ago
|
||
This only crashes on debug builds. MOZ_SKIA_DISABLE_ASSERTS=1 is being used in the fuzzing harness.
See also bug 1593135.
|
|
Reporter | |
Comment 5•4 years ago
|
||
Bugmon Analysis:
|
||
Comment 6•4 years ago
|
||
Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3 (Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3 (normal.)
|
|
Assignee | |
Comment 7•4 years ago
|
||
This is resolved by bug 1645123.
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 8•4 years ago
|
||
Bugmon Analysis: Verified bug as fixed on rev mozilla-central 20200803094100-84b257d07031. Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
||
Comment 9•3 years ago
|
||
:lsalzman, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
Description
•