Closed Bug 1691205 Opened 3 years ago Closed 3 years ago

Crash with failed assertion "height should not be NS_UNCONSTRAINEDSIZE after reflow" when trying to hide webrtc indicator window

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
87 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox85 --- unaffected
firefox86 --- unaffected
firefox87 --- fixed

People

(Reporter: matias, Assigned: MatsPalmgren_bugz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1691205 - Initialize the intrinsic block-size to zero in case there is no :root frame. r=TYLin
48 bytes, text/x-phabricator-request
Details | Review

This issue started happening after Bug 1683126 was merged. I confirmed that reverting Bug 1683126 on current trunk fixes the issue.

Steps to reproduce:

  1. Create a userChrome.css file containing:
#webrtcIndicator {
  display: none !important;
}

  1. Activate it by setting toolkit.legacyUserProfileCustomizations.stylesheets to true.

  2. Access https://meet.google.com and try to start a new meeting.

I don't know if this is actually relevant to this bug, but I'm running on Sway. I like to hide the webrtc indicator window because it cannot be minimized on Sway and thus it is pretty annoying.

Expected results: no crash

Actual results:

Firefox crashes violating assertion "height should not be NS_UNCONSTRAINEDSIZE after reflow", at https://github.com/mozilla/gecko-dev/blob/d520574f5cf47766636a3a55415917d1341f786f/layout/base/PresShell.cpp#L2136-L2138

Keywords: regression
Regressed by: 1683126
Has Regression Range: --- → yes

Stacktrace:

Thread 1 "firefox" received signal SIGSEGV, Segmentation fault.
0x00007ffff2277355 in mozilla::PresShell::ResizeReflowIgnoreOverride(int, int, mozilla::ResizeReflowOptions) () from /usr/lib/firefox/libxul.so
(gdb) bt
#0  0x00007ffff2277355 in mozilla::PresShell::ResizeReflowIgnoreOverride(int, int, mozilla::ResizeReflowOptions) () at /usr/lib/firefox/libxul.so
#1  0x00007ffff22d387a in nsDocumentViewer::GetContentSizeInternal(int*, int*, int, int) () at /usr/lib/firefox/libxul.so
#2  0x00007ffff22d39d0 in nsDocumentViewer::GetContentSize(int*, int*) () at /usr/lib/firefox/libxul.so
#3  0x00007ffff07f3e16 in nsGlobalWindowOuter::SizeToContentOuter(mozilla::dom::CallerType, mozilla::ErrorResult&) () at /usr/lib/firefox/libxul.so
#4  0x00007ffff0fdc342 in mozilla::dom::Window_Binding::sizeToContent(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) () at /usr/lib/firefox/libxul.so
#5  0x00007ffff12cfdc9 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeCrossOriginObjectThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) () at /usr/lib/firefox/libxul.so
#6  0x00007ffff324828e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib/firefox/libxul.so
#7  0x00007ffff3241e8b in Interpret(JSContext*, js::RunState&) () at /usr/lib/firefox/libxul.so
#8  0x00007ffff32391f3 in js::RunScript(JSContext*, js::RunState&) () at /usr/lib/firefox/libxul.so
#9  0x00007ffff3248632 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib/firefox/libxul.so
#10 0x00007ffff3248ca0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /usr/lib/firefox/libxul.so
#11 0x00007ffff357045c in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /usr/lib/firefox/libxul.so
#12 0x00007ffff114e546 in mozilla::dom::EventListener::HandleEvent(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) () at /usr/lib/firefox/libxul.so
#13 0x00007ffff1561103 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) () at /usr/lib/firefox/libxul.so
#14 0x00007ffff1561927 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) ()
    at /usr/lib/firefox/libxul.so
#15 0x00007ffff155acd8 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) () at /usr/lib/firefox/libxul.so
#16 0x00007ffff155a496 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) () at /usr/lib/firefox/libxul.so
#17 0x00007ffff155c0cb in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) () at /usr/lib/firefox/libxul.so
#18 0x00007ffff22d04b9 in nsDocumentViewer::LoadComplete(nsresult) () at /usr/lib/firefox/libxul.so
#19 0x00007ffff2de6f1f in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) () at /usr/lib/firefox/libxul.so
#20 0x00007ffff2de6c1f in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) () at /usr/lib/firefox/libxul.so
#21 0x00007ffff2de7470 in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) () at /usr/lib/firefox/libxul.so
#22 0x00007ffff029d3d1 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) () at /usr/lib/firefox/libxul.so
#23 0x00007ffff029cf02 in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) () at /usr/lib/firefox/libxul.so
#24 0x00007ffff029be9c in nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) () at /usr/lib/firefox/libxul.so
#25 0x00007ffff029c9be in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) () at /usr/lib/firefox/libxul.so
#26 0x00007ffff029cded in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsresult) () at /usr/lib/firefox/libxul.so
#27 0x00007fffefad99b3 in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) () at /usr/lib/firefox/libxul.so
#28 0x00007fffefada6f2 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) () at /usr/lib/firefox/libxul.so
#29 0x00007ffff088af5a in mozilla::dom::Document::DoUnblockOnload() () at /usr/lib/firefox/libxul.so
#30 0x00007ffff08752bb in mozilla::dom::Document::UnblockOnload(bool) () at /usr/lib/firefox/libxul.so
#31 0x00007ffff087fdf1 in mozilla::dom::Document::DispatchContentLoadedEvents() () at /usr/lib/firefox/libxul.so
#32 0x00007ffff08804ac in mozilla::dom::Document::UnblockDOMContentLoaded() () at /usr/lib/firefox/libxul.so
#33 0x00007ffff08802f2 in mozilla::dom::Document::EndLoad() () at /usr/lib/firefox/libxul.so
#34 0x00007ffff1c8d7f8 in mozilla::dom::PrototypeDocumentContentSink::DoneWalking() () at /usr/lib/firefox/libxul.so
#35 0x00007ffff20339fd in L10nReadyHandler::ResolvedCallback(JSContext*, JS::Handle<JS::Value>) () at /usr/lib/firefox/libxul.so
#36 0x00007ffff1e41c1e in mozilla::dom::(anonymous namespace)::PromiseNativeHandlerShim::ResolvedCallback(JSContext*, JS::Handle<JS::Value>) () at /usr/lib/firefox/libxul.so
#37 0x00007ffff1e41f10 in mozilla::dom::NativeHandlerCallback(JSContext*, unsigned int, JS::Value*) () at /usr/lib/firefox/libxul.so
#38 0x00007ffff324828e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib/firefox/libxul.so
#39 0x00007ffff3248ca0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /usr/lib/firefox/libxul.so
#40 0x00007ffff3371a2e in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) () at /usr/lib/firefox/libxul.so
#41 0x00007ffff324828e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) () at /usr/lib/firefox/libxul.so
#42 0x00007ffff3248ca0 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) () at /usr/lib/firefox/libxul.so
#43 0x00007ffff357045c in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) () at /usr/lib/firefox/libxul.so
#44 0x00007ffff0c546fc in mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) () at /usr/lib/firefox/libxul.so
#45 0x00007fffef9608ba in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) () at /usr/lib/firefox/libxul.so
#46 0x00007fffef953164 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) () at /usr/lib/firefox/libxul.so
#47 0x00007fffef9536c2 in mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) () at /usr/lib/firefox/libxul.so
#48 0x00007ffff01f7908 in XPCJSContext::AfterProcessTask(unsigned int) () at /usr/lib/firefox/libxul.so
#49 0x00007fffef9f84aa in nsThread::ProcessNextEvent(bool, bool*) () at /usr/lib/firefox/libxul.so
#50 0x00007fffef9fbb78 in NS_ProcessNextEvent(nsIThread*, bool) () at /usr/lib/firefox/libxul.so
#51 0x00007fffefe40688 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) () at /usr/lib/firefox/libxul.so
#52 0x00007fffefe03226 in MessageLoop::Run() () at /usr/lib/firefox/libxul.so
#53 0x00007ffff2094589 in nsBaseAppShell::Run() () at /usr/lib/firefox/libxul.so
#54 0x00007ffff30be067 in nsAppStartup::Run() () at /usr/lib/firefox/libxul.so
#55 0x00007ffff318aed0 in XREMain::XRE_mainRun() () at /usr/lib/firefox/libxul.so
#56 0x00007ffff318b8fe in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) () at /usr/lib/firefox/libxul.so
#57 0x00007ffff318bcbf in XRE_main(int, char**, mozilla::BootstrapConfig const&) () at /usr/lib/firefox/libxul.so
#58 0x000055555557bf94 in main ()

It looks like there's a privacy.webrtc.hideGlobalIndicator pref to turn that UI off (in about:config):
https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js#1814
Can you try setting that to true and see if that works?

Flags: needinfo?(matias)

Setting privacy.webrtc.hideGlobalIndicator to true works. Thank you, mats.

Although my particular issue is solved, I have no knowledge about the layout engine to infer whether the assertion might fail under other circumstances. So I'm leaving the issue open so that you can decide whether more investigation is worth it.

Flags: needinfo?(matias)

Thanks for testing. I'll take a look...

Assignee: nobody → mats
Severity: -- → S3
Priority: -- → P3

Set release status flags based on info from the regressing bug 1683126

status-firefox85: --- → unaffected
status-firefox86: --- → unaffected
status-firefox-esr78: --- → unaffected

Note that this only happens for chrome: documents that have been
invasively styled by userChrome.css sheets. Content documents
are never intrinsically sized, and our own chrome: sheets that
use intrinsic sizing never set 'display:none' on the :root as
far as I know. I think this is an argument for removing support
for userChrome.css.

Pushed by mpalmgren@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b871fff62d98
Initialize the intrinsic block-size to zero in case there is no :root frame.  r=TYLin

https://hg.mozilla.org/mozilla-central/rev/b871fff62d98

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
status-firefox87: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: