Closed Bug 1356276 Opened 8 years ago Closed 8 years ago

stylo: heap write hazard reported in Gecko_CSSFontFaceRule_GetCssText

Categories

(Core :: CSS Parsing and Computation, defect, P1)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: sfink, Assigned: manishearth)

References

Details

Attachments

(1 file)

Bug 1356276: stylo: Assert that Gecko_CSSFontFaceRule_GetCssText is on the main thread to satisfy heap write analysis;
(deleted), text/x-review-board-request
bholley
: review+
Details
bholley: "I _think_ this function can MOZ_ASSERT(NS_IsMainThread()). xidorn would know for sure." Hazard report: [25.50s] #174 Analyzing Gecko_CSSFontFaceRule_GetCssText ... Error: Variable assignment _ZL21gKeywordTableRefCount$nsCSSKeywords.cpp:int32_t gKeywordTableRefCount Location: _ZN13nsCSSKeywords12ReleaseTableEv$void nsCSSKeywords::ReleaseTable() @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSKeywords.cpp#47 Stack Trace: _ZN10nsCSSProps12GetColorNameEiR9nsCString$uint8 nsCSSProps::GetColorName(int32, nsCString*) @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSProps.cpp#2565 ### SafeArguments: aResult _ZNK10nsCSSValue14AppendToStringE15nsCSSPropertyIDR9nsAStringNS_13SerializationE$void nsCSSValue::AppendToString(int32, nsAString*, uint32) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSValue.cpp#1680 ### SafeArguments: this aResult aSerialization _ZNK10nsCSSValue14AppendToStringE15nsCSSPropertyIDR9nsAStringNS_13SerializationE$void nsCSSValue::AppendToString(int32, nsAString*, uint32) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSValue.cpp#1755 ### SafeArguments: <arg1> <arg2> _ZNK12nsMediaQuery14AppendToStringER9nsAString$void nsMediaQuery::AppendToString(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsMediaList.cpp#427 ### SafeArguments: aMediaText _ZN11nsMediaList7GetTextER9nsAString$void nsMediaList::GetText(nsAString*) @ https://searchfox.org/mozilla-central/source/layout/style/nsMediaList.cpp#510 ### SafeArguments: aOutput _ZNK7mozilla3css9MediaRule19AppendConditionTextER9nsAString$void mozilla::css::MediaRule::AppendConditionText(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSRules.cpp#523 ### SafeArguments: aCssText _ZNK7mozilla3css9MediaRule14GetCssTextImplER9nsAString$void mozilla::css::MediaRule::GetCssTextImpl(nsAString*) const @ https://searchfox.org/mozilla-central/source/layout/style/nsCSSRules.cpp#465 ### SafeArguments: aCssText _ZNK7mozilla3css4Rule10GetCssTextER9nsAString$void mozilla::css::Rule::GetCssText(nsAString*) const @ https://searchfox.org/mozilla-central/source/obj-analyzed/dist/include/mozilla/css/Rule.h#121 ### SafeArguments: aRule Gecko_CSSFontFaceRule_GetCssText @ https://searchfox.org/mozilla-central/source/layout/style/ServoBindings.cpp#1744 ### SafeArguments: <arg1>
Yeah, I think it can assert in main thread.
Assignee: nobody → manishearth
Priority: -- → P1
Blocks: 1356458
Comment on attachment 8860159 [details] Bug 1356276: stylo: Assert that Gecko_CSSFontFaceRule_GetCssText is on the main thread to satisfy heap write analysis; https://reviewboard.mozilla.org/r/132188/#review135052
Attachment #8860159 - Flags: review?(bobbyholley) → review+
Pushed by manishearth@gmail.com: https://hg.mozilla.org/integration/autoland/rev/09634f2e9343 stylo: Assert that Gecko_CSSFontFaceRule_GetCssText is on the main thread to satisfy heap write analysis; r=bholley
https://hg.mozilla.org/mozilla-central/rev/09634f2e9343
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: