Assertion failure: !aRect.IsEmpty(), at /builds/worker/checkouts/gecko/gfx/2d/DrawEventRecorder.cpp:110
Categories
(Core :: Graphics: WebRender, defect, P2)
Tracking
()
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(3 files, 3 obsolete files)
Found while fuzzing m-c 20221108-76c244536f60 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Assertion failure: !aRect.IsEmpty(), at /builds/worker/checkouts/gecko/gfx/2d/DrawEventRecorder.cpp:110
#0 0x7ff6fa4707ac in mozilla::gfx::DrawEventRecorderMemory::FlushItem(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits>) /builds/worker/checkouts/gecko/gfx/2d/DrawEventRecorder.cpp:110:3
#1 0x7ff6fa80b96a in mozilla::layers::WebRenderCommandBuilder::GenerateFallbackData(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float>&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2585:17
#2 0x7ff6fa8051e2 in mozilla::layers::WebRenderCommandBuilder::PushItemAsImage(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2862:48
#3 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#4 0x7ff6feb739fb in CreateWebRenderCommandsNewClipListOption /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4628:30
#5 0x7ff6feb739fb in CreateWebRenderCommands /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.h:4975:12
#6 0x7ff6feb739fb in mozilla::nsDisplayBackdropFilters::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8284:22
#7 0x7ff6fa8050b4 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1823:41
#8 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#9 0x7ff6feb739fb in CreateWebRenderCommandsNewClipListOption /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4628:30
#10 0x7ff6feb739fb in CreateWebRenderCommands /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.h:4975:12
#11 0x7ff6feb739fb in mozilla::nsDisplayBackdropFilters::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8284:22
#12 0x7ff6fa8050b4 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1823:41
#13 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#14 0x7ff6feb6a89a in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6696:30
#15 0x7ff6fa8050b4 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1823:41
#16 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#17 0x7ff6feb739fb in CreateWebRenderCommandsNewClipListOption /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4628:30
#18 0x7ff6feb739fb in CreateWebRenderCommands /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.h:4975:12
#19 0x7ff6feb739fb in mozilla::nsDisplayBackdropFilters::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8284:22
#20 0x7ff6fa8050b4 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1823:41
#21 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#22 0x7ff6feb634c0 in CreateWebRenderCommandsNewClipListOption /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4628:30
#23 0x7ff6feb634c0 in CreateWebRenderCommands /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.h:4975:12
#24 0x7ff6feb634c0 in mozilla::nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5267:22
#25 0x7ff6fa8050b4 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1823:41
#26 0x7ff6fa803825 in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2086:7
#27 0x7ff6fa80209a in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1744:5
#28 0x7ff6fa816512 in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderLayerManager.cpp:364:30
#29 0x7ff6feb527c7 in mozilla::nsDisplayList::PaintRoot(mozilla::nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2300:18
#30 0x7ff6fe7c460c in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, mozilla::nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3472:9
#31 0x7ff6fe73679d in mozilla::PresShell::PaintInternal(nsView*, mozilla::PaintInternalFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6483:5
#32 0x7ff6fe33f1f6 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:434:18
#33 0x7ff6fe33ecdf in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:369:22
#34 0x7ff6fe34018c in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:942:5
#35 0x7ff6fe6f1006 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2773:11
#36 0x7ff6fe6f949d in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:375:13
#37 0x7ff6fe6f949d in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver>>&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
#38 0x7ff6fe6f93a3 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:369:5
#39 0x7ff6fe6f9280 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:913:5
#40 0x7ff6fe6f85ea in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:827:5
#41 0x7ff6fe6f7da6 in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:748:5
#42 0x7ff6fe6f78b9 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:594:14
#43 0x7ff6fe6f74cd in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:551:9
#44 0x7ff6fdbcd29b in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncMainChild.cpp:68:15
#45 0x7ff6fde51228 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:220:78
#46 0x7ff6fa05206a in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6306:32
#47 0x7ff6f9fe3f4a in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25
#48 0x7ff6f9fe0ba7 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9
#49 0x7ff6f9fe16f5 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3
#50 0x7ff6f9fe2a2f in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14
#51 0x7ff6f93ec625 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:538:16
#52 0x7ff6f93e7c0c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:851:26
#53 0x7ff6f93e67da in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:683:15
#54 0x7ff6f93e6b35 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:461:36
#55 0x7ff6f93eff99 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:190:37
#56 0x7ff6f93eff99 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5
#57 0x7ff6f94058b8 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#58 0x7ff6f940c02d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#59 0x7ff6f9fe97d3 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:107:5
#60 0x7ff6f9f0f898 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#61 0x7ff6f9f0f7a1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#62 0x7ff6f9f0f7a1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#63 0x7ff6fe3a5b28 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:150:27
#64 0x7ff7005d8b8b in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:884:20
#65 0x7ff6f9fea6e9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#66 0x7ff6f9f0f898 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#67 0x7ff6f9f0f7a1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#68 0x7ff6f9f0f7a1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#69 0x7ff7005d811c in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34
#70 0x56422615cbe0 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#71 0x56422615cbe0 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:359:18
#72 0x7ff70c850082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#73 0x564226133248 in _start (/home/worker/builds/m-c-20221108040931-fuzzing-debug/firefox-bin+0x5b248) (BuildId: 0b0ae42445e0b2ef27e8167ec4427b9e10a923e8)
|
||
Comment 2•2 years ago
|
||
Verified bug as reproducible on mozilla-central 20221118154632-3b5a8f67189b.
The bug appears to have been introduced in the following build range:
Start: 6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18 (20221101210634)
End: 7b61ac41f225470b2a045d7d80531e414db3ed86 (20221101235044)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18&tochange=7b61ac41f225470b2a045d7d80531e414db3ed86
|
||
Comment 3•2 years ago
|
||
That regression window doesn't seem very plausible.
|
Reporter | |
Comment 4•2 years ago
|
||
I am unable to reproduce the issue with debug builds that are built with -O0 or -O1. -O2 worked (same as build that was used to find the issue).
The Pernosco session is available here: https://pernos.co/debug/3wt6JstV3sB2FGVwYpUDPA/index.html
|
||
Comment 5•2 years ago
|
||
(In reply to Jeff Muizelaar [:jrmuizel] from comment #3)
That regression window doesn't seem very plausible.
Given that reproducing this apparently depends on the optimization level, I wonder if "Bug 1784202 - Update builders to clang 15" could have triggered it (although possibly just by exposing a pre-existing issue).
|
||
Comment 6•2 years ago
|
||
The severity field is not set for this bug.
:bhood, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
||
Comment 7•2 years ago
|
||
Tim, could you please have a look at this one when you have some time?
|
||
Comment 8•2 years ago
|
||
The testcase uses text stroke width which makes us use the fallback wr path
I can't reproduce locally (one needs to set the pref dom.security.sanitizer.enabled so that the setHTML call in the testcase works).
The pernosco is weird, I can't get the value of any variable or anywhere basically. Which means I can't inspect memory cause I'd need to get the address from some variable. I can tell the control flow but I need to see some numeric values or something somwhere to understand whats going on. I was unable to reproduce the assert condition locally.
|
|
Reporter | |
Comment 9•2 years ago
|
||
I cannot reproduce the issue on Windows and I don't have access to MacOS. It does reproduce consistently on Linux.
|
|
Reporter | |
Comment 10•2 years ago
|
||
stderr with layout.display-list.dump-content=true
|
|
||
Comment 11•2 years ago
|
||
Managed to reproduce.
This is weird. I save a local copy of the rect we pass to FlushItem, I print it out and whether it is empty or not. I print the same thing inside FlushItem. The values printed for the rect are the same before the FlushItem call and inside FlushItem, but IsEmpty starts returning true only inside FlushItem.
|
|
||
Comment 12•2 years ago
|
||
(In reply to Bugmon [:jkratzer for issues] from comment #2)
Verified bug as reproducible on mozilla-central 20221118154632-3b5a8f67189b.
The bug appears to have been introduced in the following build range:Start: 6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18 (20221101210634)
End: 7b61ac41f225470b2a045d7d80531e414db3ed86 (20221101235044)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18&tochange=7b61ac41f225470b2a045d7d80531e414db3ed86
I was able to reproduce in a build from the changeset immediately before this, so I confirmed this range is not valid.
|
|
||
Comment 13•2 years ago
|
||
Testcase crashes using the initial build (mozilla-central 20221108040931-76c244536f60) but not with tip (mozilla-central 20221223212957-abd20d4e1d24.)
The bug appears to have been fixed in the following build range:
Start: 6833706c10e20645fb36fd629052ee83df990100 (20221219153214)
End: 0468f7d935568f6b4e3584cfde616f00ddf9f853 (20221219162009)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6833706c10e20645fb36fd629052ee83df990100&tochange=0468f7d935568f6b4e3584cfde616f00ddf9f853
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
||
Comment 14•2 years ago
|
||
The testcase uses sethtml, and you need to enable it via pref. The fuzzer prefs do that. The changeset in that range
https://hg.mozilla.org/integration/autoland/rev/a0fa74e1375d48105fe9043add8818d56bb26753
changed the pref to enable that to dom.security.setHTML.enabled so this will still fail once the fuzzer prefs include enabling that again.
|
|
Reporter | |
Comment 15•2 years ago
|
||
(In reply to Timothy Nikkel (:tnikkel) from comment #14)
The testcase uses sethtml, and you need to enable it via pref. The fuzzer prefs do that. The changeset in that range
https://hg.mozilla.org/integration/autoland/rev/a0fa74e1375d48105fe9043add8818d56bb26753
changed the pref to enable that to dom.security.setHTML.enabled so this will still fail once the fuzzer prefs include enabling that again.
Thanks, I've opened PR for this: https://github.com/MozillaSecurity/prefpicker/pull/66
|
|
Reporter | |
Comment 16•2 years ago
|
||
prefs.js file for bugmon
|
|
Reporter | |
Updated•2 years ago
|
|
|
||
Comment 17•2 years ago
|
||
Verified bug as reproducible on mozilla-central 20221228213747-5dde89820aa5.
The bug appears to have been introduced in the following build range:
Start: 6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18 (20221101210634)
End: 1f668a84e0129a84f38bae01b2906212c1b53a40 (20221101235418)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6654b5c977a8e30b1c7f9f93fce72b4f7fda7c18&tochange=1f668a84e0129a84f38bae01b2906212c1b53a40
|
||
Updated•2 years ago
|
|
|
||
Comment 18•1 year ago
|
||
Bugmon was unable reproduce this issue.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
||
Comment 19•1 year ago
|
||
A change to the Taskcluster build definitions over the weekend caused Bugmon to fail when reproducing issues. This issue has been corrected. Re-enabling bugmon.
|
|
||
Comment 20•1 year ago
|
||
Testcase crashes using the initial build (mozilla-central 20221108040931-76c244536f60) but not with tip (mozilla-central 20230902093900-99eed791079c.)
The bug appears to have been fixed in the following build range:
Start: b5a2c9e3703b740b3dd3859a2083f66866f798ce (20230814150504)
End: 5b1987d52ae19ebe1b311fec0f664563b5bf198d (20230814165404)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b5a2c9e3703b740b3dd3859a2083f66866f798ce&tochange=5b1987d52ae19ebe1b311fec0f664563b5bf198d
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
Reporter | |
Comment 21•1 year ago
|
||
|
|
Reporter | |
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Comment 22•10 months ago
|
||
Verified bug as reproducible on mozilla-central 20240110213539-1c750a173258.
|
|
||
Comment 23•8 months ago
|
||
Testcase crashes using the initial build (mozilla-central 20230318212539-9bf85e2170e0) but not with tip (mozilla-central 20240315205819-eff5ebeb21a9.)
The bug appears to have been fixed in the following build range:
Start: 6b99c1c567b4980e32be17070dc0ef8e639013d9 (20240312171717)
End: d91b0606279d7c22a0119cdc8061cdeffe233787 (20240312193706)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6b99c1c567b4980e32be17070dc0ef8e639013d9&tochange=d91b0606279d7c22a0119cdc8061cdeffe233787
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
Reporter | |
Comment 24•7 months ago
|
||
I can trigger with this test case.
|
|
Reporter | |
Updated•7 months ago
|
|
|
||
Updated•7 months ago
|
|
|
||
Comment 25•6 months ago
|
||
Testcase crashes using the initial build (mozilla-central 20230429092024-8339bdf8fcc8) but not with tip (mozilla-central 20240426214429-c77d9ee9ea34.)
The bug appears to have been fixed in the following build range:
Start: 95255b6bb2d51d6c10d6a3471da82aeaf7512c0f (20230728225639)
End: 1c410aed156878dc739ffdb4343c315fb0bb0a00 (20230729091211)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=95255b6bb2d51d6c10d6a3471da82aeaf7512c0f&tochange=1c410aed156878dc739ffdb4343c315fb0bb0a00
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
||
Comment 26•6 months ago
|
||
That link is empty but if I change it to autoland
it's from july 2023. Seems weird.
|
|
Reporter | |
Comment 27•6 months ago
|
||
bugmon is incorrect the issue is still reproducible.
|
|
||
Comment 28•6 months ago
|
||
Testcase crashes using the initial build (mozilla-central 20230506092548-ca770a49d132) but not with tip (mozilla-central 20240504093449-e82e34aece59.)
The bug appears to have been fixed in the following build range:
Start: cf0ddbec5963b58732cc2ce17a8064ea31d45fb1 (20230926031150)
End: 844608487349450c789be0794a915bb90d90b133 (20230926002003)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=cf0ddbec5963b58732cc2ce17a8064ea31d45fb1&tochange=844608487349450c789be0794a915bb90d90b133
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
Reporter | |
Comment 29•6 months ago
|
||
An additional test case. Both of these work for me locally but this one requires running under Xvfb to be reliable.
Description
•