Testcase found while fuzzing mozilla-central rev 47f7b6c64265.

Requesting tracking on all outstanding p2 stylo bugs.

I can't reproduce this on a recent linux64 debug build (with domFuzzLite3 installed). Any tips?

Me neither, fwiw.

(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #3) > I can't reproduce this on a recent linux64 debug build (with domFuzzLite3 > installed). Any tips? It appears that this testcase only reproduces in it's current form using xvfb. My guess is that it's due to Firefox's starting window size.

I can't repro even if I change the starting window size.

Neither can I, even when I use Xvfb (or Xnest). I just did "xvfb-run ./mach run /tmp/trigger.html". (I had trouble installing domFuzzLite3, but I added some C++/WebIDL functions to call that did the same window resize / font zoom stuff the test is doing.)

(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #2) > Requesting tracking on all outstanding p2 stylo bugs. This isn't very helpful, when making a tracking decision it's useful to know the reasoning for the request and impact of each bug.

(In reply to Cameron McCormack (:heycam) from comment #7) > (I had trouble installing domFuzzLite3, but I added > some C++/WebIDL functions to call that did the same window resize / font > zoom stuff the test is doing.) For future reference, you can do the following: > git clone https://github.com/MozillaSecurity/domfuzz.git > cd domfuzz/dom/extension > make That should generate an XPI file. You'll then need to twiddle |extension.legacy.enabled| and |xpinstall.signatures.required|, and then you can install the addon.

So I, along with three other engineers in this bug, can't reproduce this. Here's what I've done: * Checked out the latest m-c rev: https://hg.mozilla.org/mozilla-central/rev/33b7b8e81b4b * built with the following .mozconfig https://pastebin.mozilla.org/9068253 * Installed domFuzzLite per comment 9. * Downloaded the attached testcases, put it in a directory, and launched |python -m SimpleHTTPServer|. * ./mach run http://localhost:8000/testcase.html * Whitelisted localhost for popups, ran the above again * xvfb-run ./mach run http://localhost:8000/testcase.html This bug was similar to bug 1400936, which landed recently along with a followup (bug 1402684). So it's possible that the fix for those bugs, or other recent fuzz bugs also fixed this. Jason, can you try reproducing on today's nightly? If you can, can you give some more tips of what we should be doing beyond the above?

(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #10) > So I, along with three other engineers in this bug, can't reproduce this. > > Here's what I've done: > > * Checked out the latest m-c rev: > https://hg.mozilla.org/mozilla-central/rev/33b7b8e81b4b > * built with the following .mozconfig https://pastebin.mozilla.org/9068253 > * Installed domFuzzLite per comment 9. > * Downloaded the attached testcases, put it in a directory, and launched > |python -m SimpleHTTPServer|. > * ./mach run http://localhost:8000/testcase.html > * Whitelisted localhost for popups, ran the above again > * xvfb-run ./mach run http://localhost:8000/testcase.html > > This bug was similar to bug 1400936, which landed recently along with a > followup (bug 1402684). So it's possible that the fix for those bugs, or > other recent fuzz bugs also fixed this. > > Jason, can you try reproducing on today's nightly? If you can, can you give > some more tips of what we should be doing beyond the above? I just tested this against mc-debug rev bc5672989895 and was unable to reproduce the issue.