1877048 - Crash in on ucomiss instruction in qemu

Status: RESOLVED DUPLICATE of bug 1831370

(External Software Affecting Firefox :: Other, defect)

Description

[Paul Bone [:pbone]]

There is a steady background rate of crashes on ucomiss instructions when firefox is running in a virtual machine.

These are instructions that according the instruction set read only 4 bytes of memory. https://www.felixcloutier.com/x86/ucomiss However various different virtualisation systems are causing crashes due to buffer overflows when they interpret them as reading 16 bytes.

It's the virtualisation software that's in error, but we could consider modifying clang and rustc so they didn't generate these instructions.

Crash report: https://crash-stats.mozilla.org/report/index/dfb93c08-d155-41e4-8f06-1e9e70240125

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  mozilla::StyleAbsoluteColor::operator== const  layout/style/ServoStyleConsts.h:7493
0  xul.dll  mozilla::StyleGenericColor<mozilla::StylePercentage>::StyleAbsolute_Body::operator== const  layout/style/ServoStyleConsts.h:7642
0  xul.dll  mozilla::StyleGenericColor<mozilla::StylePercentage>::operator== const  layout/style/ServoStyleConsts.h:7718
1  xul.dll  mozilla::StyleGenericColor<mozilla::StylePercentage>::operator!= const  layout/style/ServoStyleConsts.h:7721
1  xul.dll  nsStyleBackground::CalcDifference const  layout/style/nsStyleStruct.cpp:1989
1  xul.dll  mozilla::ComputedStyle::CalcStyleDifference const  layout/style/ComputedStyle.cpp:177
2  xul.dll  Gecko_CalcStyleDifference  layout/style/GeckoBindings.cpp:332
3  xul.dll  style::gecko::restyle_damage::GeckoRestyleDamage::compute_style_difference  servo/components/style/gecko/restyle_damage.rs:53
3  xul.dll  style::matching::MatchMethods::compute_style_difference  servo/components/style/matching.rs:1124
3  xul.dll  style::matching::PrivateMatchMethods::accumulate_damage_for  servo/components/style/matching.rs:752

Comment 1

[Paul Bone [:pbone]]

Closing in favour of Bug 1831370.