Open
Bug 1681797
Opened 3 years ago
Updated 3 years ago
Assertion failure: jumps > 0 (`jumps` should be a positive integer), at /builds/worker/checkouts/gecko/dom/animation/ComputedTimingFunction.cpp:93
Categories
(Core :: DOM: Animation, defect)
Core
DOM: Animation
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox85 | --- | affected |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])
Attachments
(1 file)
|
554 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 73f050da7d20 (built with --enable-debug).
Assertion failure: jumps > 0 (jumps should be a positive integer), at /builds/worker/checkouts/gecko/dom/animation/ComputedTimingFunction.cpp:93
#0 0x7fc50fcd2b8e in StepTiming /builds/worker/checkouts/gecko/dom/animation/ComputedTimingFunction.cpp:93:3
#1 0x7fc50fcd2b8e in mozilla::ComputedTimingFunction::GetValue(double, mozilla::ComputedTimingFunction::BeforeFlag) const /builds/worker/checkouts/gecko/dom/animation/ComputedTimingFunction.cpp:145:10
#2 0x7fc50fcd264f in mozilla::dom::AnimationEffect::GetComputedTimingAt(mozilla::dom::Nullable<mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator> > const&, mozilla::TimingParams const&, double) /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:257:42
#3 0x7fc50fcd152c in GetComputedTiming /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:268:10
#4 0x7fc50fcd152c in mozilla::dom::AnimationEffect::IsCurrent() const /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:54:35
#5 0x7fc50fcc8efa in HasCurrentEffect /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1867:38
#6 0x7fc50fcc8efa in mozilla::dom::Animation::UpdateRelevance() /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1053:18
#7 0x7fc50fcd035f in UpdateEffect /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1616:5
#8 0x7fc50fcd035f in mozilla::dom::Animation::UpdateTiming(mozilla::dom::Animation::SeekFlag, mozilla::dom::Animation::SyncNotifyFlag) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1559:3
#9 0x7fc50fccbe3a in mozilla::dom::Animation::PlayNoUpdate(mozilla::ErrorResult&, mozilla::dom::Animation::LimitBehavior) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1430:3
#10 0x7fc512b209a8 in mozilla::dom::CSSTransition::PlayFromStyle() /builds/worker/workspace/obj-build/dist/include/mozilla/dom/CSSTransition.h:46:5
#11 0x7fc512b2038c in nsTransitionManager::ConsiderInitiatingTransition(nsCSSPropertyID, nsStyleDisplay const&, unsigned int, mozilla::dom::Element*, mozilla::PseudoStyleType, mozilla::AnimationCollection<mozilla::dom::CSSTransition>*&, mozilla::ComputedStyle const&, mozilla::ComputedStyle const&, nsCSSPropertyIDSet&) /builds/worker/checkouts/gecko/layout/style/nsTransitionManager.cpp:468:14
#12 0x7fc512b1f39b in nsTransitionManager::DoUpdateTransitions(nsStyleDisplay const&, mozilla::dom::Element*, mozilla::PseudoStyleType, mozilla::AnimationCollection<mozilla::dom::CSSTransition>*&, mozilla::ComputedStyle const&, mozilla::ComputedStyle const&) /builds/worker/checkouts/gecko/layout/style/nsTransitionManager.cpp:109:23
#13 0x7fc512b1f17c in nsTransitionManager::UpdateTransitions(mozilla::dom::Element*, mozilla::PseudoStyleType, mozilla::ComputedStyle const&, mozilla::ComputedStyle const&) /builds/worker/checkouts/gecko/layout/style/nsTransitionManager.cpp:66:10
#14 0x7fc512ab071d in Gecko_UpdateAnimations /builds/worker/checkouts/gecko/layout/style/GeckoBindings.cpp:557:39
#15 0x7fc516e3e3a3 in _$LT$style..gecko..wrapper..GeckoElement$u20$as$u20$style..dom..TElement$GT$::update_animations::h4d728183f5053fc1 /builds/worker/checkouts/gecko/servo/components/style/gecko/wrapper.rs:1533:13
#16 0x7fc5169a49a1 in style::context::SequentialTask$LT$E$GT$::execute::h0be9b58925fd87e5 /builds/worker/checkouts/gecko/servo/components/style/context.rs:499:17
#17 0x7fc5169a49a1 in _$LT$style..context..SequentialTaskList$LT$E$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::hdd9fe0ab06930839 /builds/worker/checkouts/gecko/servo/components/style/context.rs:627:13
#18 0x7fc5169a49a1 in core::ptr::drop_in_place::h09627a994aabe677 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:175:1
#19 0x7fc5169a49a1 in core::ptr::drop_in_place::h2d7bcee85311c8fc /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:175:1
#20 0x7fc516a7f267 in style::driver::traverse_dom::h029c72ab27f8e939 /builds/worker/checkouts/gecko/servo/components/style/driver.rs:193:1
#21 0x7fc516b84c31 in geckoservo::glue::traverse_subtree::h2099e1b08f28d924 /builds/worker/checkouts/gecko/servo/ports/geckolib/glue.rs:266:5
#22 0x7fc516b8509e in Servo_TraverseSubtree /builds/worker/checkouts/gecko/servo/ports/geckolib/glue.rs:326:5
#23 0x7fc512ade4c0 in mozilla::ServoStyleSet::StyleDocument(mozilla::ServoTraversalFlags) /builds/worker/checkouts/gecko/layout/style/ServoStyleSet.cpp:744:9
#24 0x7fc512b8c717 in mozilla::RestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags) /builds/worker/checkouts/gecko/layout/base/RestyleManager.cpp:2982:20
#25 0x7fc512b66ee7 in ProcessPendingRestyles /builds/worker/checkouts/gecko/layout/base/RestyleManager.cpp:3112:3
#26 0x7fc512b66ee7 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4204:39
#27 0x7fc512b30732 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2172:22
#28 0x7fc512b38251 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:357:13
#29 0x7fc512b38251 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:336:7
#30 0x7fc512b3813c in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:351:5
#31 0x7fc512b376e8 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:799:5
#32 0x7fc512b376e8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:722:16
#33 0x7fc512b37000 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:624:7
#34 0x7fc512b36a79 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:545:9
#35 0x7fc512344b06 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncChild.cpp:69:15
#36 0x7fc50f143600 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
#37 0x7fc50eeedc9c in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6286:32
#38 0x7fc50ebb1d2e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2153:25
#39 0x7fc50ebae32d in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2077:9
#40 0x7fc50ebaf7d6 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1925:3
#41 0x7fc50ebb051b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1956:13
#42 0x7fc50e29a55f in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:452:16
#43 0x7fc50e298baa in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:732:26
#44 0x7fc50e297c54 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:591:15
#45 0x7fc50e297e07 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:375:36
#46 0x7fc50e29deb9 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:125:37
#47 0x7fc50e29deb9 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
#48 0x7fc50e2af3f5 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1200:14
#49 0x7fc50e2b54aa in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
#50 0x7fc50ebb75b4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:109:5
#51 0x7fc50eb23b23 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#52 0x7fc50eb23a3d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#53 0x7fc50eb23a3d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#54 0x7fc51288bac8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#55 0x7fc514086063 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:902:20
#56 0x7fc50ebb84e9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
#57 0x7fc50eb23b23 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#58 0x7fc50eb23a3d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#59 0x7fc50eb23a3d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#60 0x7fc514085c48 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:733:34
#61 0x55df5a487d87 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#62 0x55df5a487d87 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:305:18
#63 0x7fc5228590b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
Flags: in-testsuite?
|
||
Updated•3 years ago
|
Flags: needinfo?(boris.chiou)
|
|
||
Updated•3 years ago
|
Severity: -- → S3
Flags: needinfo?(boris.chiou)
|
Reporter | |
Comment 1•3 years ago
|
||
Bugmon Analysis:
Unable to reproduce bug using the following builds:
mozilla-central 20201210155912-7a6d6b986a1e
mozilla-central 20201210034702-7b5facb4df3a
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
Whiteboard: [bugmon:confirm] → [bugmon:confirmed]
You need to log in
before you can comment on or make changes to this bug.
Description
•