Closed Bug 1693032 Opened 3 years ago Closed 3 years ago

Assertion failure: SVGUtils::OuterSVGIsCallingReflowSVG(this) (This call is probaby a wasteful mistake), at /builds/worker/checkouts/gecko/layout/svg/SVGTextFrame.cpp:3298

Categories

(Core :: SVG, defect)

defect

Tracking

()

VERIFIED FIXED
87 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox85 --- unaffected
firefox86 --- unaffected
firefox87 --- verified

People

(Reporter: jkratzer, Assigned: longsonr)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(2 files)

Attached file testcase.html

Testcase found while fuzzing mozilla-central rev fc74eb2c7b84 (built with --enable-debug).

Assertion failure: SVGUtils::OuterSVGIsCallingReflowSVG(this) (This call is probaby a wasteful mistake), at /builds/worker/checkouts/gecko/layout/svg/SVGTextFrame.cpp:3298

    #0 0x7f9061350070 in mozilla::SVGTextFrame::ReflowSVG() /builds/worker/checkouts/gecko/layout/svg/SVGTextFrame.cpp:3297:3
    #1 0x7f906135d477 in mozilla::SVGSwitchFrame::AlwaysReflowSVGTextFrameDoForOneKid(nsIFrame*) /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:168:9
    #2 0x7f906135d477 in mozilla::SVGSwitchFrame::AlwaysReflowSVGTextFrameDoForOneKid(nsIFrame*) /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:168:9
    #3 0x7f906135d477 in mozilla::SVGSwitchFrame::AlwaysReflowSVGTextFrameDoForOneKid(nsIFrame*) /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:168:9
    #4 0x7f906135d477 in mozilla::SVGSwitchFrame::AlwaysReflowSVGTextFrameDoForOneKid(nsIFrame*) /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:168:9
    #5 0x7f906135d5e5 in ReflowAllSVGTextFramesInsideNonActiveChildren /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:189:5
    #6 0x7f906135d5e5 in mozilla::SVGSwitchFrame::ReflowSVG() /builds/worker/checkouts/gecko/layout/svg/SVGSwitchFrame.cpp:223:3
    #7 0x7f90613336d4 in mozilla::SVGDisplayContainerFrame::ReflowSVG() /builds/worker/checkouts/gecko/layout/svg/SVGContainerFrame.cpp:319:17
    #8 0x7f90613577f0 in mozilla::SVGOuterSVGFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/svg/SVGOuterSVGFrame.cpp:453:14
    #9 0x7f906125c526 in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /builds/worker/checkouts/gecko/layout/generic/nsLineLayout.cpp:875:13
    #10 0x7f906114da5f in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4531:15
    #11 0x7f906114cfc6 in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4333:5
    #12 0x7f9061148c10 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:4218:9
    #13 0x7f90611451e0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:3190:5
    #14 0x7f906113ffd7 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:2724:7
    #15 0x7f906113c59e in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsBlockFrame.cpp:1375:3
    #16 0x7f90611744c0 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1078:14
    #17 0x7f9061162689 in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsCanvasFrame.cpp:812:7
    #18 0x7f90611744c0 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1078:14
    #19 0x7f90611af0fc in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:758:3
    #20 0x7f90611afc39 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:882:3
    #21 0x7f90611b3cf6 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/nsGfxScrollFrame.cpp:1301:3
    #22 0x7f9061174918 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) /builds/worker/checkouts/gecko/layout/generic/nsContainerFrame.cpp:1118:14
    #23 0x7f9061133a35 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /builds/worker/checkouts/gecko/layout/generic/ViewportFrame.cpp:372:7
    #24 0x7f906103fe70 in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9644:11
    #25 0x7f9061049a0e in mozilla::PresShell::ProcessReflowCommands(bool) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:9817:24
    #26 0x7f9061048fb4 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4258:11
    #27 0x7f90610b7c21 in FlushPendingNotifications /builds/worker/workspace/obj-build/dist/include/mozilla/PresShell.h:1413:5
    #28 0x7f90610b7c21 in nsDocumentViewer::LoadComplete(nsresult) /builds/worker/checkouts/gecko/layout/base/nsDocumentViewer.cpp:965:16
    #29 0x7f906207e1e0 in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:6520:20
    #30 0x7f906207db92 in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:5876:7
    #31 0x7f906207eb1f in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp
    #32 0x7f905d8cf96c in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:1332:3
    #33 0x7f905d8cef1a in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:938:14
    #34 0x7f905d8cd457 in nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:757:9
    #35 0x7f905d8ce39d in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:640:5
    #36 0x7f905d8ceb3c in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp
    #37 0x7f905c80af86 in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:616:22
    #38 0x7f905c80c493 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:523:10
    #39 0x7f905e293ff1 in mozilla::dom::Document::DoUnblockOnload() /builds/worker/checkouts/gecko/dom/base/Document.cpp:11065:18
    #40 0x7f905e272810 in mozilla::dom::Document::UnblockOnload(bool) /builds/worker/checkouts/gecko/dom/base/Document.cpp:10995:9
    #41 0x7f905e28354c in mozilla::dom::Document::DispatchContentLoadedEvents() /builds/worker/checkouts/gecko/dom/base/Document.cpp:7559:3
    #42 0x7f905e2f47f6 in applyImpl<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1148:12
    #43 0x7f905e2f47f6 in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1154:12
    #44 0x7f905e2f47f6 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1201:13
    #45 0x7f905c660d92 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:146:20
    #46 0x7f905c66730f in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:472:16
    #47 0x7f905c665886 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:753:26
    #48 0x7f905c6646e4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:611:15
    #49 0x7f905c664897 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:395:36
    #50 0x7f905c66b126 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:133:37
    #51 0x7f905c66b126 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
    #52 0x7f905c67c617 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1158:16
    #53 0x7f905c682a6a in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #54 0x7f905cf98f46 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #55 0x7f905cf04563 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #56 0x7f905cf0447d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #57 0x7f905cf0447d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #58 0x7f9060d63858 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #59 0x7f90625a45d3 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:902:20
    #60 0x7f905cf99e2c in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
    #61 0x7f905cf04563 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #62 0x7f905cf0447d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #63 0x7f905cf0447d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #64 0x7f90625a41a8 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:733:34
    #65 0x555d171b8f86 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #66 0x555d171b8f86 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:306:18
    #67 0x7f90716fd0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
Flags: in-testsuite?

This was recently turned into a MOZ_ASSERT.

Flags: needinfo?(longsonr)

Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210216094005-fc74eb2c7b84.
The bug appears to have been introduced in the following build range:

Start: 6c32d769ff9a1ad140d62f94dc4f7af97fa3f696 (20210213095234)
End: 8e185d82ec0fb93d61cfd697636f5444b39a96cd (20210213074756)
Pushlog: https://hg.mozilla.org/mozilla-unified/pushloghtml?fromchange=6c32d769ff9a1ad140d62f94dc4f7af97fa3f696&tochange=8e185d82ec0fb93d61cfd697636f5444b39a96cd

Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
Assignee: nobody → longsonr
Status: NEW → ASSIGNED
Flags: needinfo?(longsonr)
Pushed by longsonr@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/4b9a80f187e8
SVG text reflow can flow through multiple outer svg elements r=emilio

:longsonr, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.

Flags: needinfo?(longsonr)
Flags: needinfo?(longsonr)
Regressed by: 1691659
Has Regression Range: --- → yes
Pushed by longsonr@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/25ee1c78e1e9
SVG text reflow can flow through multiple outer svg elements r=emilio
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch

Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20210217213226-6d7590bfd8d3.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.

Status: RESOLVED → VERIFIED
Keywords: bugmon

Set release status flags based on info from the regressing bug 1691659

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: