Open
Bug 1337960
Opened 8 years ago
Updated 2 years ago
Abort with -moz-appearance:radio on small element: "Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at widget/gtk/gtk3drawing.cpp:337"
Categories
(Core :: Layout: Form Controls, defect)
Core
Layout: Form Controls
Tracking
()
People
(Reporter: dholbert, Unassigned)
References
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
STR:
1. Load attached testcase in a debug build, on Linux.
ACTUAL RESULTS:
Abort (content-process crash), due to fatal assertion failure:
Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at widget/gtk/gtk3drawing.cpp:337
EXPECTED RESULTS:
No abort.
Note: there are no issues in opt builds, AFAICT.
BACKTRACE:
Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at $SRC/widget/gtk/gtk3drawing.cpp:337
#01: moz_gtk_widget_paint(WidgetNodeType, _cairo*, _cairo_rectangle_int*, GtkWidgetState*, int, GtkTextDirection) ($SRC/widget/gtk/gtk3drawing.cpp:2613)
#02: DrawThemeWithCairo(gfxContext*, mozilla::gfx::DrawTarget*, GtkWidgetState, WidgetNodeType, int, GtkTextDirection, int, bool, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, _cairo_rectangle_int&, nsITheme::Transparency) ($SRC/widget/gtk/nsNativeThemeGTK.cpp:956)
#03: nsNativeThemeGTK::DrawWidgetBackground(nsRenderingContext*, nsIFrame*, unsigned char, nsRect const&, nsRect const&) ($SRC/widget/gtk/nsNativeThemeGTK.cpp:1214)
#04: non-virtual thunk to nsNativeThemeGTK::DrawWidgetBackground(nsRenderingContext*, nsIFrame*, unsigned char, nsRect const&, nsRect const&) ($SRC/widget/gtk/nsNativeThemeGTK.cpp:1102)
#05: nsDisplayThemedBackground::PaintInternal(nsDisplayListBuilder*, nsRenderingContext*, nsRect const&, nsRect*) ($SRC/layout/painting/nsDisplayList.cpp:3701)
#06: mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float, int) ($SRC/layout/painting/FrameLayerBuilder.cpp:6031)
#07: mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) ($SRC/layout/painting/FrameLayerBuilder.cpp:6206)
#08: mozilla::layers::ClientPaintedLayer::PaintThebes() ($SRC/gfx/layers/client/ClientPaintedLayer.cpp:83)
#09: mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) ($SRC/gfx/layers/client/ClientPaintedLayer.cpp:138)
#10: mozilla::layers::ClientContainerLayer::RenderLayer() ($SRC/gfx/layers/client/ClientContainerLayer.h:59)
#11: mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) ($SRC/gfx/layers/client/ClientLayerManager.cpp:356)
#12: mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) ($SRC/gfx/layers/client/ClientLayerManager.cpp:410)
#13: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) ($SRC/layout/painting/nsDisplayList.cpp:2227)
#14: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) ($SRC/layout/base/nsLayoutUtils.cpp:3677)
#15: mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) ($SRC/layout/base/PresShell.cpp:6453)
#16: nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) ($SRC/view/nsViewManager.cpp:484 (discriminator 2))
#17: nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) ($SRC/view/nsViewManager.cpp:412)
#18: nsViewManager::ProcessPendingUpdates() ($SRC/view/nsViewManager.cpp:1106)
#19: nsRefreshDriver::Tick(long, mozilla::TimeStamp) ($SRC/layout/base/nsRefreshDriver.cpp:2000)
#20: mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) ($SRC/layout/base/nsRefreshDriver.cpp:295 (discriminator 1))
#21: mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) ($SRC/layout/base/nsRefreshDriver.cpp:319)
#22: mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) ($SRC/layout/base/nsRefreshDriver.cpp:669)
#23: mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::TimeStamp) ($SRC/layout/base/nsRefreshDriver.cpp:506 (discriminator 1))
#24: mozilla::layout::VsyncChild::RecvNotify(mozilla::TimeStamp const&) ($SRC/layout/ipc/VsyncChild.cpp:66)
#25: mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) ($OBJ/ipc/ipdl/PVsyncChild.cpp:160)
#26: mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ($SRC/ipc/glue/MessageChannel.cpp:1795)
#27: mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) ($SRC/ipc/glue/MessageChannel.cpp:1732)
#28: mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) ($SRC/ipc/glue/MessageChannel.cpp:1604 (discriminator 2))
#29: mozilla::ipc::MessageChannel::MessageTask::Run() ($SRC/ipc/glue/MessageChannel.cpp:1636)
#30: nsThread::ProcessNextEvent(bool, bool*) ($SRC/xpcom/threads/nsThread.cpp:1261 (discriminator 1))
#31: NS_ProcessNextEvent(nsIThread*, bool) ($SRC/xpcom/threads/nsThreadUtils.cpp:389 (discriminator 3))
#32: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ($SRC/ipc/glue/MessagePump.cpp:96 (discriminator 1))
#33: MessageLoop::Run() ($SRC/ipc/chromium/src/base/message_loop.cc:212)
#34: nsBaseAppShell::Run() ($SRC/widget/nsBaseAppShell.cpp:158)
#35: XRE_RunAppShell() ($SRC/toolkit/xre/nsEmbedFunctions.cpp:852 (discriminator 1))
#36: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ($SRC/ipc/glue/MessagePump.cpp:269 (discriminator 1))
#37: MessageLoop::Run() ($SRC/ipc/chromium/src/base/message_loop.cc:212)
#38: XRE_InitChildProcess(int, char**, XREChildData const*) ($SRC/toolkit/xre/nsEmbedFunctions.cpp:684)
#39: content_process_main(mozilla::Bootstrap*, int, char**) ($SRC/browser/app/../../ipc/contentproc/plugin-container.cpp:65)
#40: main ($SRC/browser/app/nsBrowserApp.cpp:284 (discriminator 2))
#41: __libc_start_main (/build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:325)
#42: _start ($OBJ/dist/bin/firefox)
#43: ??? (???:???)
|
Reporter | |
Updated•8 years ago
|
Summary: Abort with appearance:radio on small element: "Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at widget/gtk/gtk3drawing.cpp:337" → Abort with -moz-appearance:radio on small element: "Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at widget/gtk/gtk3drawing.cpp:337"
|
||
Comment 1•8 years ago
|
||
Note: bug 1333482 will disallow non-privileged content from styling any element
with 'appearance' other than 'none', which fixes the testcase here. I'm not
sure if there are other ways to trigger it though; probably not.
(BTW, it's a bit odd that our fuzzing hasn't found this bug yet.)
Depends on: 1333482
|
||
Comment 2•8 years ago
|
||
DOMFuzz was finding this from m-c rev e7b795db8b5b, I just hadn't logged it yet. This is the DOMFuzz test case stack from m-c rev 8d967436d696:
Assertion failure: rect->width >= indicator_size (GetMinimumWidgetSize was ignored), at /home/worker/workspace/build/src/widget/gtk/gtk3drawing.cpp:337
#01: nsNativeThemeGTK::DrawWidgetBackground at widget/gtk/nsNativeThemeGTK.cpp:956
#02: nsDisplayThemedBackground::PaintInternal at layout/painting/nsDisplayList.cpp:3725
#03: mozilla::FrameLayerBuilder::PaintItems at layout/painting/FrameLayerBuilder.cpp:6062
#04: mozilla::FrameLayerBuilder::DrawPaintedLayer at layout/painting/FrameLayerBuilder.cpp:6237
#05: mozilla::layers::ClientPaintedLayer::PaintThebes at mfbt/RefPtr.h:62
#06: mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback at gfx/src/nsRegion.h:75
#07: mozilla::layers::ClientContainerLayer::RenderLayer at gfx/layers/client/ClientContainerLayer.h:57
#08: mozilla::layers::ClientContainerLayer::RenderLayer at gfx/layers/client/ClientContainerLayer.h:57
#09: mozilla::layers::ClientLayerManager::EndTransactionInternal at gfx/layers/client/ClientLayerManager.cpp:358
#10: mozilla::layers::ClientLayerManager::EndTransaction at gfx/layers/client/ClientLayerManager.cpp:412
#11: nsDisplayList::PaintRoot at layout/painting/nsDisplayList.cpp:2256
#12: nsLayoutUtils::PaintFrame at mfbt/RefPtr.h:129
#13: mozilla::PresShell::Paint at layout/base/PresShell.cpp:6497
#14: nsViewManager::ProcessPendingUpdatesPaint at gfx/src/nsRegion.h:75
#15: nsViewManager::ProcessPendingUpdatesForView at view/nsViewManager.cpp:411
#16: nsViewManager::ProcessPendingUpdates at view/nsViewManager.cpp:1104
#17: nsRefreshDriver::Tick at layout/base/nsRefreshDriver.cpp:2031
|
|
||
Updated•8 years ago
|
|
||
Comment 3•7 years ago
|
||
Confirmed that this still reproduces on trunk. The assertion goes back more than a year, which is the furthest back mozregression can go with debug builds.
Has Regression Range: --- → no
status-firefox56:
--- → wontfix
status-firefox57:
--- → wontfix
status-firefox58:
--- → fix-optional
status-firefox-esr52:
--- → wontfix
|
||
Comment 4•7 years ago
|
||
status-firefox59:
--- → ?
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•