Closed Bug 1758983 Opened 4 years ago Closed 3 years ago

src/objdir-ff-ubsan/dist/include/mozilla/gfx/Point.h:97:34: runtime error: -1.87351e+15 is outside the range of representable values of type 'int'

Categories

(Core :: Graphics: WebRender, defect, P2)

Product:
Core
Component:
Graphics: WebRender
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
103 Branch
Tracking Flags:
Tracking Status
firefox100 --- wontfix
firefox103 --- fixed

People

(Reporter: tsmith, Assigned: mikokm)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-undefined, testcase)

Attachments

(2 files)

testcase.html
106 bytes, text/html
Details
Bug 1758983 - Do not generate WR fallback data if translation overflows int32_t r=jrmuizel
48 bytes, text/x-phabricator-request
Details | Review
Attached file testcase.html

This was found by enabling the float-cast-overflow check in UBSan and fuzzing. This type of issue can create inconsistencies across platforms, architectures and optimization levels.

Found with m-c 20220309-ae667f73a8f1

To enable this check add the following to your mozconfig:

ac_add_options --enable-undefined-sanitizer="float-cast-overflow"

src/objdir-ff-ubsan/dist/include/mozilla/gfx/Point.h:97:34: runtime error: -1.87351e+15 is outside the range of representable values of type 'int'
    #0 0x7f61c5b794fa in mozilla::gfx::IntPointTyped<mozilla::LayerPixel>::Floor(float, float) src/objdir-ff-ubsan/dist/include/mozilla/gfx/Point.h:97:34
    #1 0x7f61c5b794fa in mozilla::gfx::IntPointTyped<mozilla::LayerPixel>::Floor(mozilla::gfx::PointTyped<mozilla::LayerPixel, float> const&) src/objdir-ff-ubsan/dist/include/mozilla/gfx/Point.h:213:10
    #2 0x7f61c5b86e2a in mozilla::layers::WebRenderCommandBuilder::GenerateFallbackData(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2287:23
    #3 0x7f61c5b7e783 in mozilla::layers::WebRenderCommandBuilder::PushItemAsImage(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2705:48
    #4 0x7f61c5b7e5ac in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1699:5
    #5 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #6 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #7 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #8 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #9 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #10 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #11 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #12 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #13 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #14 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #15 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #16 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #17 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #18 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #19 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #20 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #21 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #22 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #23 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #24 0x7f61cc52ea52 in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6718:30
    #25 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #26 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #27 0x7f61cc51c405 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) src/layout/painting/nsDisplayList.cpp:4655:30
    #28 0x7f61cc521dcb in mozilla::nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.h:4922:12
    #29 0x7f61cc521dcb in mozilla::nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5281:22
    #30 0x7f61c5b7e57f in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1695:41
    #31 0x7f61c5b7cae2 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1934:7
    #32 0x7f61c5b7a9b2 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1616:5
    #33 0x7f61c5b9b4f6 in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) src/gfx/layers/wr/WebRenderLayerManager.cpp:362:30
    #34 0x7f61cc501156 in mozilla::nsDisplayList::PaintRoot(mozilla::nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) src/layout/painting/nsDisplayList.cpp:2288:18
    #35 0x7f61cbe1ee94 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, mozilla::nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3446:9
    #36 0x7f61cbd47072 in mozilla::PresShell::PaintInternal(nsView*, mozilla::PaintInternalFlags) src/layout/base/PresShell.cpp:6362:5
    #37 0x7f61cbd46470 in mozilla::PresShell::PaintAndRequestComposite(nsView*, mozilla::PaintFlags) src/layout/base/PresShell.cpp:6233:3
    #38 0x7f61cb6aaf15 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:440:18
    #39 0x7f61cb6aa756 in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:375:22
    #40 0x7f61cb6ac1bb in nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:948:5
    #41 0x7f61cbcc5eb3 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) src/layout/base/nsRefreshDriver.cpp:2580:11
    #42 0x7f61cbcd5bb3 in mozilla::RefreshDriverTimer::TickDriver(nsRefreshDriver*, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:350:13
    #43 0x7f61cbcd5bb3 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:328:7
    #44 0x7f61cbcd5845 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:344:5
    #45 0x7f61cbcd5337 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:788:5
    #46 0x7f61cbcd4969 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:693:16
    #47 0x7f61cbcd3b58 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncOnMainThread() src/layout/base/nsRefreshDriver.cpp:610:7
    #48 0x7f61cbcd34e9 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:516:9
    #49 0x7f61caa3d87a in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) src/dom/ipc/VsyncMainChild.cpp:68:15
    #50 0x7f61cae40f6a in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PVsyncChild.cpp:220:54
    #51 0x7f61c4c85626 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PBackgroundChild.cpp:6370:32
    #52 0x7f61c4be5a48 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:1674:25
    #53 0x7f61c4be3436 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message&&) src/ipc/glue/MessageChannel.cpp:1599:9
    #54 0x7f61c4be3e66 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1462:3
    #55 0x7f61c4be4885 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1496:14
    #56 0x7f61c353aafa in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:467:16
    #57 0x7f61c34fb25f in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:770:26
    #58 0x7f61c34f88ae in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:606:15
    #59 0x7f61c34f9004 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:390:36
    #60 0x7f61c352c324 in mozilla::TaskController::InitializeInternal()::$_1::operator()() const src/xpcom/threads/TaskController.cpp:127:37
    #61 0x7f61c352c324 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_1>::Run() src/objdir-ff-ubsan/dist/include/nsThreadUtils.h:531:5
    #62 0x7f61c3517433 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1173:16
    #63 0x7f61c3520af4 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:467:10
    #64 0x7f61c4becb54 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:107:5
    #65 0x7f61c4bedee2 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:268:30
    #66 0x7f61c4a5cb11 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:331:10
    #67 0x7f61c4a5cb11 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:324:3
    #68 0x7f61c4a5cb11 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3
    #69 0x7f61cb7a2e08 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
    #70 0x7f61d0621d27 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:870:20
    #71 0x7f61c4bedec1 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:235:9
    #72 0x7f61c4a5cb11 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:331:10
    #73 0x7f61c4a5cb11 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:324:3
    #74 0x7f61c4a5cb11 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3
    #75 0x7f61d0620e7d in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:729:34
    #76 0x7f61d0636020 in mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/Bootstrap.cpp:67:12
    #77 0x5561a0203495 in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #78 0x5561a02038a5 in main src/browser/app/nsBrowserApp.cpp:327:18
    #79 0x7f61ec50ec86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
    #80 0x5561a0152578 in _start (src/objdir-ff-ubsan/dist/bin/firefox+0xf4578)
Flags: in-testsuite?

Please ni? me if a Pernosco session would be helpful.

Miko, looks like this might be related to DisplayLists. Could you please have a look?

Severity: -- → S2
Flags: needinfo?(mikokm)
Priority: -- → P1

This is WR pixel snapping code that I am not familiar with.

Flags: needinfo?(mikokm) → needinfo?(jmuizelaar)

The problem is this Floor. Here trans is x: -285098486267904.000000, y: 19.172901 and scale is {width = 32768, height = 2.96211929e-05} and we get a very big number.

I was initially a bit hesitant about just clamping this (because it can easily turn into whack-a-mole), but it's probably fine here.

Flags: needinfo?(jmuizelaar)

Well. This indeed happens with the testcase from bug 1758985. Fixing a similar issue there just results in an overflow further down the line in IntRectTyped::RoundOut():

145         return IntRectTyped(int32_t(tmp.X()), int32_t(tmp.Y()),
(rr) p tmp
$1 = {<mozilla::gfx::BaseRect<float, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float>, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, float>, mozilla::gfx::MarginTyped<mozilla::gfx::UnknownUnits, float> >> = {x = 0, y = 2.68213376e+09, width = <synthetic pointer>,
    height = <synthetic pointer>}, <mozilla::gfx::UnknownUnits> = {<No data fields>}, <No data fields>}
(rr) bt
#0  mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits>::RoundOut(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) (aRect=...)
    at /home/miko/Code/mu/obj-ff-dbg-opt/dist/include/mozilla/gfx/Rect.h:145
#1  0x00007fb17cb33fc7 in mozilla::gfx::RoundedOut<mozilla::gfx::UnknownUnits>(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) (aRect=...)
    at /home/miko/Code/mu/obj-ff-dbg-opt/dist/include/mozilla/gfx/Rect.h:329
#2  mozilla::layers::DIGroup::ToDeviceSpace(nsRect, mozilla::gfx::BaseMatrix<float>&, int) (aBounds=..., aMatrix=..., aAppUnitsPerDevPixel=<optimized out>, aAppUnitsPerDevPixel@entry=40)
    at /home/miko/Code/mu/gfx/layers/wr/WebRenderCommandBuilder.cpp:377
#3  0x00007fb17cb2e459 in mozilla::layers::DIGroup::ComputeGeometryChange(mozilla::nsDisplayItem*, mozilla::layers::BlobItemData*, mozilla::gfx::BaseMatrix<float>&, mozilla::nsDisplayListBuilder*)
    (this=this@entry=0x7fb162ae5a40, aItem=aItem@entry=0x7fb162af1270, aData=aData@entry=0x7fb162ae0b00, aMatrix=..., aBuilder=<optimized out>) at /home/miko/Code/mu/gfx/layers/wr/WebRenderCommandBuilder.cpp:417
#4  0x00007fb17cb089c2 in mozilla::layers::Grouper::ConstructItemInsideInactive(mozilla::layers::WebRenderCommandBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::DIGroup*, mozilla::nsDisplayItem*, mozilla::layers::StackingContextHelper const&) (this=this@entry=0x7ffe02a9a2e8, aCommandBuilder=aCommandBuilder@entry=0x7fb1888c9ff0,
    aBuilder=..., aResources=..., aGroup=aGroup@entry=0x7fb162ae5a40, aItem=aItem@entry=0x7fb162af1270, aSc=...) at /home/miko/Code/mu/gfx/layers/wr/WebRenderCommandBuilder.cpp:1341
#5  0x00007fb17cb08627 in mozilla::layers::Grouper::ConstructGroups(mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderCommandBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::DIGroup*, mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::layers::StackingContextHelper const&) (this=<optimized out>,
    this@entry=0x7ffe02a9a2e8, aDisplayListBuilder=aDisplayListBuilder@entry=0x7fb162aeb000, aCommandBuilder=aCommandBuilder@entry=0x7fb1888c9ff0, aBuilder=<optimized out>, aResources=<optimized out>, aGroup=aGroup@entry=0x7fb162ae5a40, aList=0x7fb162af3d30, aWrappingItem=0x7fb162af3c90, aSc=...) at /home/miko/Code/mu/gfx/layers/wr/WebRenderCommandBuilder.cpp:1302
#6  0x00007fb17cb091f0 in mozilla::layers::WebRenderCommandBuilder::DoGroupingForDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) (this=<optimized out>,
Assignee: nobody → mikokm
Status: NEW → ASSIGNED
Assignee: mikokm → nobody
Status: ASSIGNED → NEW

Should this be P1? And if so, what would be our next step to get this resolved?

Flags: needinfo?(mikokm)
Flags: needinfo?(mikokm)

Miko, thoughts on comment 5?

Flags: needinfo?(mikokm)
Flags: needinfo?(mikokm)
Priority: P1 → P2
Assignee: nobody → mikokm
Attachment #9267908 - Attachment description: Bug 1758983 - Clamp some float values r=jrmuizel → Bug 1758983 - Do not generate WR fallback data if translation overflows int32_t r=jrmuizel
Status: NEW → ASSIGNED
Pushed by mikokm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/c6461a158d55 Do not generate WR fallback data if translation overflows int32_t r=jrmuizel

https://hg.mozilla.org/mozilla-central/rev/c6461a158d55

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox103: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: