Closed Bug 1800731 Opened 2 years ago Closed 2 years ago

crash near null in [@ _$LT$servo_arc..RawOffsetArc$LT$T$GT$$u20$as$u20$core..ops..deref..Deref$GT$::deref]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
109 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox107 --- unaffected
firefox108 --- unaffected
firefox109 --- fixed

People

(Reporter: tsmith, Assigned: Jamie)

References

(Blocks 1 open bug, Regression)

Details

(4 keywords, Whiteboard: [ctw-m4][bugmon:bisected,confirmed])

Crash Data

Attachments

(3 files)

testcase.html
222 bytes, text/html
Details
prefs.js
9.32 KB, application/x-javascript
Details
Bug 1800731: When a shadow root is attached, schedule removal of any unslotted a11y children in the host.
48 bytes, text/x-phabricator-request
Details | Review
Attached file testcase.html

Found while fuzzing m-c 20221115-1adc82d1eb96 (--enable-address-sanitizer --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html

==7540==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000050 (pc 0x7fe27fab14a8 bp 0x7fff9fef1e30 sp 0x7fff9feee340 T0)
==7540==The signal is caused by a READ memory access.
==7540==Hint: address points to the zero page.
    #0 0x7fe27fab14a8 in _$LT$servo_arc..RawOffsetArc$LT$T$GT$$u20$as$u20$core..ops..deref..Deref$GT$::deref::h3e172312e67ee8c6 /gecko/servo/components/servo_arc/lib.rs:1092:20
    #1 0x7fe27fab14a8 in style::gecko_properties::_$LT$impl$u20$style..gecko_bindings..structs..root..ServoComputedData$GT$::get_box::ha2807c11318f31cd /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/style-d283cc85f8e2fffb/out/gecko_properties.rs:571:9
    #2 0x7fe27fab14a8 in style::properties::_$LT$impl$u20$style..gecko_properties..ComputedValues$GT$::clone_display::hd4a08d93ce7b1bb8 /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/style-d283cc85f8e2fffb/out/properties.rs:64636:9
    #3 0x7fe27fab14a8 in style::properties::_$LT$impl$u20$style..gecko_properties..ComputedValues$GT$::get_resolved_value::h2e36465a0714260a /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/style-d283cc85f8e2fffb/out/properties.rs:68169:44
    #4 0x7fe27eac8c84 in Servo_GetPropertyValue /gecko/servo/ports/geckolib/glue.rs:6757:9
    #5 0x7fe27600ce4c in GetComputedPropertyValue /builds/worker/workspace/obj-build/dist/include/mozilla/ComputedStyle.h:69:5
    #6 0x7fe27600ce4c in mozilla::a11y::StyleInfo::Display() /gecko/accessible/base/StyleInfo.cpp:23:19
    #7 0x7fe2760ac698 in mozilla::a11y::LocalAccessible::DisplayStyle() const /gecko/accessible/generic/LocalAccessible.cpp:3831:17
    #8 0x7fe27607dc1c in mozilla::a11y::LocalAccessible::BundleFieldsForCache(unsigned long, mozilla::a11y::CacheUpdateType) /gecko/accessible/generic/LocalAccessible.cpp:3554:34
    #9 0x7fe27607984d in mozilla::a11y::DocAccessible::ProcessQueuedCacheUpdates() /gecko/accessible/generic/DocAccessible.cpp:1463:16
    #10 0x7fe275fef8ae in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) /gecko/accessible/base/NotificationController.cpp:890:16
    #11 0x7fe27237b515 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /gecko/layout/base/nsRefreshDriver.cpp:2525:12
    #12 0x7fe272389a76 in TickDriver /gecko/layout/base/nsRefreshDriver.cpp:375:13
    #13 0x7fe272389a76 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver>>&) /gecko/layout/base/nsRefreshDriver.cpp:353:7
    #14 0x7fe2723897de in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /gecko/layout/base/nsRefreshDriver.cpp:369:5
    #15 0x7fe272389565 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /gecko/layout/base/nsRefreshDriver.cpp:913:5
    #16 0x7fe2723887ff in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /gecko/layout/base/nsRefreshDriver.cpp:827:5
    #17 0x7fe272387a41 in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /gecko/layout/base/nsRefreshDriver.cpp:748:5
    #18 0x7fe27238725b in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /gecko/layout/base/nsRefreshDriver.cpp:594:14
    #19 0x7fe272386df8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /gecko/layout/base/nsRefreshDriver.cpp:551:9
    #20 0x7fe270fe0ecc in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /gecko/dom/ipc/VsyncMainChild.cpp:68:15
    #21 0x7fe27142b99f in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:220:78
    #22 0x7fe26ad5dda6 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6306:32
    #23 0x7fe26acc6999 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /gecko/ipc/glue/MessageChannel.cpp:1756:25
    #24 0x7fe26acc3a8f in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /gecko/ipc/glue/MessageChannel.cpp:1681:9
    #25 0x7fe26acc46be in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /gecko/ipc/glue/MessageChannel.cpp:1481:3
    #26 0x7fe26acc58ee in mozilla::ipc::MessageChannel::MessageTask::Run() /gecko/ipc/glue/MessageChannel.cpp:1579:14
    #27 0x7fe269545cb9 in mozilla::RunnableTask::Run() /gecko/xpcom/threads/TaskController.cpp:538:16
    #28 0x7fe26953cd77 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:851:26
    #29 0x7fe269539ff8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:683:15
    #30 0x7fe26953a720 in mozilla::TaskController::ProcessPendingMTTask(bool) /gecko/xpcom/threads/TaskController.cpp:461:36
    #31 0x7fe26954bdc1 in operator() /gecko/xpcom/threads/TaskController.cpp:187:37
    #32 0x7fe26954bdc1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_2>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5
    #33 0x7fe26956eff0 in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1204:16
    #34 0x7fe269579784 in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:465:10
    #35 0x7fe26acce18e in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:85:21
    #36 0x7fe26ab527c7 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:381:10
    #37 0x7fe26ab527c7 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:374:3
    #38 0x7fe26ab527c7 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:356:3
    #39 0x7fe271da1e19 in nsBaseAppShell::Run() /gecko/widget/nsBaseAppShell.cpp:150:27
    #40 0x7fe276cf8e38 in XRE_RunAppShell() /gecko/toolkit/xre/nsEmbedFunctions.cpp:884:20
    #41 0x7fe26ab527c7 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:381:10
    #42 0x7fe26ab527c7 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:374:3
    #43 0x7fe26ab527c7 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:356:3
    #44 0x7fe276cf7e05 in XRE_InitChildProcess(int, char**, XREChildData const*) /gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34
    #45 0x55f02f7fa2d4 in content_process_main(mozilla::Bootstrap*, int, char**) /gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
    #46 0x55f02f7fa797 in main /gecko/browser/app/nsBrowserApp.cpp:359:18
    #47 0x7fe28b7aa082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #48 0x55f02f738d58 in _start (/home/worker/builds/m-c-20221115051541-fuzzing-asan-opt/firefox+0x111d58) (BuildId: ef74a99f0a70754f91050574ec841287eb43c3a3)
Flags: in-testsuite?

Logs from debug build:

Assertion failure: mRawPtr != nullptr (You can't dereference a NULL RefPtr with operator->().), at /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:315

#0 0x7f65c4447265 in operator-> /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:314:5
#1 0x7f65c4447265 in mozilla::a11y::StyleInfo::Display() /builds/worker/checkouts/gecko/accessible/base/StyleInfo.cpp:23:3
#2 0x7f65c449c0a4 in mozilla::a11y::LocalAccessible::DisplayStyle() const /builds/worker/checkouts/gecko/accessible/generic/LocalAccessible.cpp:3831:17
#3 0x7f65c4483893 in mozilla::a11y::LocalAccessible::BundleFieldsForCache(unsigned long, mozilla::a11y::CacheUpdateType) /builds/worker/checkouts/gecko/accessible/generic/LocalAccessible.cpp:3554:34
#4 0x7f65c4480a8e in mozilla::a11y::DocAccessible::ProcessQueuedCacheUpdates() /builds/worker/checkouts/gecko/accessible/generic/DocAccessible.cpp:1463:16
#5 0x7f65c443b5ba in mozilla::a11y::NotificationController::WillRefresh(mozilla::TimeStamp) /builds/worker/checkouts/gecko/accessible/base/NotificationController.cpp:890:16
#6 0x7f65c2c48162 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2525:12
#7 0x7f65c2c51d2d in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:375:13
#8 0x7f65c2c51d2d in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver>>&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
#9 0x7f65c2c51c33 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:369:5
#10 0x7f65c2c51b10 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:913:5
#11 0x7f65c2c50e7a in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:827:5
#12 0x7f65c2c50636 in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:748:5
#13 0x7f65c2c50149 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:594:14
#14 0x7f65c2c4fd5d in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:551:9
#15 0x7f65c21255bb in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncMainChild.cpp:68:15
#16 0x7f65c23a92e8 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:220:78
#17 0x7f65c22bc7ab in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8700:32
#18 0x7f65be528d4a in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25
#19 0x7f65be5259a7 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9
#20 0x7f65be5264f5 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3
#21 0x7f65be52782f in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14
#22 0x7f65bd928e55 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:538:16
#23 0x7f65bd92443c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:851:26
#24 0x7f65bd92300a in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:683:15
#25 0x7f65bd923365 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:461:36
#26 0x7f65bd92c7c9 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:190:37
#27 0x7f65bd92c7c9 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5
#28 0x7f65bd9420e8 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#29 0x7f65bd94885d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#30 0x7f65be52e5d3 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:107:5
#31 0x7f65be4547e8 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#32 0x7f65be4546f1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#33 0x7f65be4546f1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#34 0x7f65c28fd898 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:150:27
#35 0x7f65c4b1640b in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:884:20
#36 0x7f65be52f4e9 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#37 0x7f65be4547e8 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#38 0x7f65be4546f1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#39 0x7f65be4546f1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#40 0x7f65c4b1599c in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34
#41 0x55e698ababe0 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#42 0x55e698ababe0 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:359:18
#43 0x7f65d0df7d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#44 0x7f65d0df7e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#45 0x55e698a91248 in _start (/home/user/workspace/browsers/m-c-20221115164451-fuzzing-debug/firefox-bin+0x5b248) (BuildId: 752a27655b0502ecb1e812921421ec6e7e9cb123)
Attached file prefs.js

prefs.js file to enable a11y for bugmon.

Blocks: a11y-ctw
Severity: -- → S2
Crash Signature: [@ servo_arc::impl$43::deref ]
Whiteboard: [ctw-m4]

We crash because we can't get a computed style from the element. But that's just a symptom of a much deeper problem.

It seems that if you attach a shadow root to an element that contains rendered content but leave the shadow root empty, the previously rendered content (no longer rendered because of the shadow root) never gets removed from the a11y tree. That means we have non-rendered elements in the a11y tree and those have no frame and no computed style.

PruneOrInsertSubtree is supposed to handle this removal, triggered by layout frame reconstruction. For some reason I haven't managed to fathom yet, that isn't happening.

Assignee: nobody → jteh
Attachment #9303811 - Attachment description: Bug 1800731 WIP: Add test; no fix yet. → Bug 1800731: When a shadow root is attached, remove the host's child nodes from the a11y tree.
Attachment #9303811 - Attachment description: Bug 1800731: When a shadow root is attached, remove the host's child nodes from the a11y tree. → Bug 1800731: When a shadow root is attached, schedule removal of any unslotted a11y children in the host.

Verified bug as reproducible on mozilla-central 20221118154632-3b5a8f67189b.
The bug appears to have been introduced in the following build range:

Start: 2d625e5d6ff86fda6d83464bb315478f94afc577 (20221114233128)
End: 1adc82d1eb960a8a6aac68b9abceaac3fd491abb (20221115021943)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2d625e5d6ff86fda6d83464bb315478f94afc577&tochange=1adc82d1eb960a8a6aac68b9abceaac3fd491abb

Keywords: regression
Whiteboard: [ctw-m4] → [ctw-m4][bugmon:bisected,confirmed]
Pushed by jteh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b9ddf2a70f6a When a shadow root is attached, schedule removal of any unslotted a11y children in the host. r=morgan,emilio

https://hg.mozilla.org/mozilla-central/rev/b9ddf2a70f6a

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox109: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 109 Branch

Testcase crashes using the initial build (mozilla-central 20221115051541-1adc82d1eb96) but not with tip (mozilla-central 20221119085828-f7eac47f5daa.)

The bug appears to have been fixed in the following build range:

Start: 01175db411656d9df143a23d3a7001ae0244f2cb (20221118212701)
End: b9ddf2a70f6ad9d984f5a054cb636a0a96bfe977 (20221119013418)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=01175db411656d9df143a23d3a7001ae0244f2cb&tochange=b9ddf2a70f6ad9d984f5a054cb636a0a96bfe977

Jamie, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Flags: needinfo?(jteh)
Keywords: bugmon

Yes, the patch here fixed this.

Flags: needinfo?(jteh)
See Also: → 1805545
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: