Open
Bug 1712410
Opened 4 years ago
Updated 4 years ago
firefox: src/gfx/cairo/cairo/src/cairo-hash.c:217: void _cairo_hash_table_destroy(cairo_hash_table_t *): Assertion `hash_table->live_entries == 0' failed.
Categories
(Core :: Printing: Output, defect)
Core
Printing: Output
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
465 bytes,
text/html
|
Details |
Found while fuzzing m-c 20210429-c00df77af50e (--enable-debug --enable-fuzzing)
firefox: src/gfx/cairo/cairo/src/cairo-hash.c:217: void _cairo_hash_table_destroy(cairo_hash_table_t *): Assertion `hash_table->live_entries == 0' failed.
#0 0x7ffaf79e018b in raise /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
#1 0x7ffaf79bf858 in abort /build/glibc-eX1tMB/glibc-2.31/stdlib/abort.c:79:7
#2 0x7ffaf79bf728 in __assert_fail_base /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:92:3
#3 0x7ffaf79d0f35 in __assert_fail /build/glibc-eX1tMB/glibc-2.31/assert/assert.c:101:3
#4 0x7ffae6f695d8 in _cairo_hash_table_destroy src/gfx/cairo/cairo/src/cairo-hash.c:217:5
#5 0x7ffae6f91415 in _cairo_scaled_font_map_destroy src/gfx/cairo/cairo/src/cairo-scaled-font.c:441:5
#6 0x7ffae6f64048 in _moz_cairo_debug_reset_static_data src/gfx/cairo/cairo/src/cairo-debug.c:67:5
#7 0x7ffae32513bd in gfxPlatform::Shutdown() src/gfx/thebes/gfxPlatform.cpp:1304:14
#8 0x7ffae6814fe8 in nsLayoutModuleDtor() src/layout/build/nsLayoutModule.cpp:259:3
#9 0x7ffae19ff809 in nsComponentManagerImpl::Shutdown() src/xpcom/components/nsComponentManager.cpp:852:3
#10 0x7ffae1a752ba in mozilla::ShutdownXPCOM(nsIServiceManager*) src/xpcom/build/XPCOMInit.cpp:724:55
#11 0x7ffae7a1eed7 in ScopedXPCOMStartup::~ScopedXPCOMStartup() src/toolkit/xre/nsAppRunner.cpp:1672:5
#12 0x7ffae7a2b154 in operator() /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:463:5
#13 0x7ffae7a2b154 in reset /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:305:7
#14 0x7ffae7a2b154 in operator= /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:275:5
#15 0x7ffae7a2b154 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5454:16
#16 0x7ffae7a2b999 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5496:21
#17 0x55db1196ca60 in do_main src/browser/app/nsBrowserApp.cpp:224:22
#18 0x55db1196ca60 in main src/browser/app/nsBrowserApp.cpp:351:16
#19 0x7ffaf79c10b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#20 0x55db1194993c in _start (/home/worker/builds/m-c-20210519033212-fuzzing-debug/firefox-bin+0x1593c)
Flags: in-testsuite?
|
Reporter | |
Comment 1•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/t4n-z6Ez8ZNvkXCbCOKDWA/index.html
|
||
Updated•4 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•