Closed Bug 1855238 Opened 2 years ago Closed 2 years ago

Assertion failure: r2 >= -epsilon, at /gfx/2d/BezierUtils.cpp:319

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Version:
Firefox 119
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1795054

People

(Reporter: 1319794503, Unassigned)

Details

Attachments

(1 file)

2023-09-13-05-13-04-11822265-2023-09-21-09-13-16-9758199-2023-09-26-11-34-10-16446155.html
49.75 KB, text/html
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.15

Steps to reproduce:

open the html file attached below with Firefox 119.0a1 debug version

Actual results:

browser crashed
crash log:
Assertion failure: r2 >= -epsilon, at /home/wuyue/browser/mozilla-unified/gfx/2d/BezierUtils.cpp:319
#01: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xddd017b]
#02: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16ad0e0e]
#03: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16ad1f23]
#04: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16acfda2]
#05: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16acf524]
#06: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16aceb13]
#07: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b1d964]
#08: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b19211]
#09: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b171ae]
#10: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16aec7c5]
#11: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16ae3d2f]
#12: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16ae34ed]
#13: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b5bd6f]
#14: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe46fd3d]
#15: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe46db8a]
#16: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe466f4c]
#17: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe464f58]
#18: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b66e9d]
#19: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe466d87]
#20: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe464f58]
#21: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe462aa1]
#22: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xe47ccba]
#23: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16b44a91]
#24: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1634e136]
#25: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1620be3c]
#26: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x158fb470]
#27: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x158fab38]
#28: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x158fcf36]
#29: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x161795d6]
#30: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1618c86a]
#31: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1618c5e4]
#32: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1618c24e]
#33: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1618ada5]
#34: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16189963]
#35: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x16188d5d]
#36: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x161888a4]
#37: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x14952993]
#38: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x14df2738]
#39: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd556e11]
#40: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c36e5]
#41: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c1519]
#42: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c1e83]
#43: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c2a02]
#44: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbcf144d]
#45: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbcd8bb0]
#46: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbcd63db]
#47: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbcd6a2c]
#48: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbcdd015]
#49: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbd2261f]
#50: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xbd2cfab]
#51: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c9081]
#52: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd33bbf9]
#53: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd33b97b]
#54: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x15a13c13]
#55: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1a307ca6]
#56: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd4c9e9e]
#57: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd33bbf9]
#58: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0xd33b97b]
#59: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/libxul.so +0x1a3070ba]
#60: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/firefox +0x1b35e2]
#61: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/firefox +0x1b4014]
#62: __libc_start_main[/lib/x86_64-linux-gnu/libc.so.6 +0x24083]
#63: ???[/home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/firefox +0xdd9b9]
#64: ??? (???:???)
[Parent 289860, IPC I/O Parent] WARNING: [1.1]: Ignoring message 'EVENT_MESSAGE' to unknown peer 297C9C732D5248C8.457AECCBE200A5A5: file /home/wuyue/browser/mozilla-unified/ipc/glue/NodeController.cpp:344
[Parent 289860, IPC I/O Parent] WARNING: [1.1]: Ignoring message 'EVENT_MESSAGE' to unknown peer 297C9C732D5248C8.457AECCBE200A5A5: file /home/wuyue/browser/mozilla-unified/ipc/glue/NodeController.cpp:344
[Parent 289860, IPC I/O Parent] WARNING: [1.1]: Ignoring message 'EVENT_MESSAGE' to unknown peer 297C9C732D5248C8.457AECCBE200A5A5: file /home/wuyue/browser/mozilla-unified/ipc/glue/NodeController.cpp:344

Program /home/wuyue/browser/mozilla-unified/objdir-ff-asan/dist/bin/firefox (pid = 289954) received signal 11.

Expected results:

not crash

Component: Untriaged → Graphics
Product: Firefox → Core
See Also: → 1795054

I can reproduce. I also see this logging before the fatal assertion (including several non-fatal assertions):

[Child 166706, Main Thread] ###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || r->width == nscoord_MAX || r->height == nscoord_MAX || HasAnyStateBits(NS_FRAME_SVG_LAYOUT) || r->Contains(nsRect(nsPoint(0, 0), aNewSize))', file layout/generic/nsIFrame.cpp:9992
[Child 166706, Main Thread] ###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || r->width == nscoord_MAX || r->height == nscoord_MAX || HasAnyStateBits(NS_FRAME_SVG_LAYOUT) || r->Contains(nsRect(nsPoint(0, 0), aNewSize))', file layout/generic/nsIFrame.cpp:9992
nsBlockReflowContext: Block(div id=node_4)(0)@7fde8d3a7b38 metrics=61140,1073743260!
nsBlockReflowContext: Block(body)(1)@7fde8d3a7a20 metrics=61140,1073743260!
nsBlockReflowContext: Block(div id=app-container)(1)@7fde8d3a7c00 metrics=60240,1073742960!
[Child 166706, Main Thread] ###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || r->width == nscoord_MAX || r->height == nscoord_MAX || HasAnyStateBits(NS_FRAME_SVG_LAYOUT) || r->Contains(nsRect(nsPoint(0, 0), aNewSize))', file layout/generic/nsIFrame.cpp:9992
[Child 166706, Main Thread] ###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || r->width == nscoord_MAX || r->height == nscoord_MAX || HasAnyStateBits(NS_FRAME_SVG_LAYOUT) || r->Contains(nsRect(nsPoint(0, 0), aNewSize))', file layout/generic/nsIFrame.cpp:9992
nsBlockReflowContext: Block(div id=node_4)(0)@7fde8d3a7b38 metrics=60420,1073743260!
nsBlockReflowContext: Block(body)(1)@7fde8d3a7a20 metrics=60420,1073743260!

I think we might as well just mark as a duplicate of bug 1795054; once we've got a fix for bug 1795054, best-practice is to double-check dupes like this one to be sure they're fixed (and we can un-dupe at that point if it turns out they're not).

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1795054
Resolution: --- → DUPLICATE
See Also: 1795054
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: