Open
Bug 1905260
Opened 5 months ago
Updated 5 months ago
Assertion failure: mAnimationState->LoopCount() == aMetadata.GetLoopCount(), at /builds/worker/checkouts/gecko/image/RasterImage.cpp:706
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox129 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: assertion, pernosco)
Found with m-c 20240626-272e255a9ef8 (--enable-debug --enable-fuzzing)
This was found by visiting a live website with a debug build.
STR:
- Launch browser and visit site
This issue was triggered by visiting http://lua.org/.
Assertion failure: mAnimationState->LoopCount() == aMetadata.GetLoopCount(), at /builds/worker/checkouts/gecko/image/RasterImage.cpp:706
#0 0x75398e48bfb6 in mozilla::image::RasterImage::SetMetadata(mozilla::image::ImageMetadata const&, bool) /builds/worker/checkouts/gecko/image/RasterImage.cpp:705:3
#1 0x75398e496814 in mozilla::image::RasterImage::NotifyDecodeComplete(mozilla::image::DecoderFinalStatus const&, mozilla::image::ImageMetadata const&, mozilla::image::DecoderTelemetry const&, unsigned int, mozilla::gfx::IntRectTyped<mozilla::OrientedPixel> const&, mozilla::Maybe<unsigned int> const&, mozilla::image::DecoderFlags, mozilla::image::SurfaceFlags) /builds/worker/checkouts/gecko/image/RasterImage.cpp:1630:21
#2 0x75398e468f13 in mozilla::image::IDecodingTask::NotifyDecodeComplete(mozilla::NotNull<mozilla::image::RasterImage*>, mozilla::NotNull<mozilla::image::Decoder*>)::$_0::operator()() const /builds/worker/checkouts/gecko/image/IDecodingTask.cpp:103:38
#3 0x75398e4684a8 in mozilla::detail::RunnableFunction<mozilla::image::IDecodingTask::NotifyDecodeComplete(mozilla::NotNull<mozilla::image::RasterImage*>, mozilla::NotNull<mozilla::image::Decoder*>)::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:548:5
#4 0x75398aef0d90 in mozilla::PrioritizableRunnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:135:21
#5 0x75398aeb2685 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:580:16
#6 0x75398aea546b in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:907:26
#7 0x75398aea3739 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:730:15
#8 0x75398aea3b84 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:516:36
#9 0x75398aec2dea in mozilla::TaskController::TaskController()::$_0::operator()() const /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:234:37
#10 0x75398aec2db8 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5
#11 0x75398aee178a in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#12 0x75398aee9d35 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#13 0x75398c2e27dc in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#14 0x75398c2e4149 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:268:30
#15 0x75398c199427 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:370:10
#16 0x75398c1993a4 in MessageLoop::RunHandler() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#17 0x75398c19935f in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#18 0x75399489cfdb in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27
#19 0x7539949b1fba in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:469:33
#20 0x753996044416 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:714:20
#21 0x75398c2e3eaa in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#22 0x75398c199427 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:370:10
#23 0x75398c1993a4 in MessageLoop::RunHandler() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#24 0x75398c19935f in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#25 0x7539960437f1 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:649:34
#26 0x753996057fd6 in mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:71:12
#27 0x6504129bc448 in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#28 0x6504129bc6e9 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:378:18
#29 0x7539a8629d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#30 0x7539a8629e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#31 0x650412992328 in _start (/home/user/workspace/browsers/m-c-20240627214131-fuzzing-noopt-debug/firefox-bin+0xc7328) (BuildId: beb91da5709693287704ae095959cd4169f01b2c)
|
Reporter | |
Comment 1•5 months ago
|
||
A Pernosco session is available here: https://pernos.co/debug/yFT5gSFsNOuNtlBfh0FsLg/index.html
Keywords: pernosco
|
||
Updated•5 months ago
|
Severity: -- → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•