Open
Bug 1415166
Opened 7 years ago
Updated 2 years ago
Assertion failure: !elem->GetParent()->IsHTMLElement() (HTML element should always be out-of-flow if in the top layer), at /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:166
Categories
(Core :: Layout, defect, P3)
Tracking
()
NEW
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
(deleted),
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev 923836aebbc3.
==26885==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f0a6fda80a0 bp 0x7ffc2c939650 sp 0x7ffc2c939540 T0)
==26885==The signal is caused by a WRITE memory access.
==26885==Hint: address points to the zero page.
#0 0x7f0a6fda809f in mozilla::ViewportFrame::BuildDisplayListForTopLayer(nsDisplayListBuilder*, nsDisplayList*) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:174:9
#1 0x7f0a6fda643d in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:70:3
#2 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
#3 0x7f0a6ff6dbe0 in nsSubDocumentFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/nsSubDocumentFrame.cpp:510:9
#4 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
#5 0x7f0a6fda731a in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3608:12
#6 0x7f0a701610a6 in nsStackFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsStackFrame.cpp:59:5
#7 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#8 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#9 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#10 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#11 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#12 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#13 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#14 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#15 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#16 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#17 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#18 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
#19 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#20 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#21 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#22 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#23 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#24 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#25 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#26 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#27 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#28 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#29 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#30 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#31 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#32 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#33 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
#34 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#35 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#36 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#37 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#38 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#39 0x7f0a7010bfca in nsDeckFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsDeckFrame.cpp:199:3
#40 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#41 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#42 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#43 0x7f0a70107a86 in nsBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1353:3
#44 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#45 0x7f0a70107f73 in nsBoxFrame::BuildDisplayListForChildren(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsBoxFrame.cpp:1392:5
#46 0x7f0a70141579 in nsRootBoxFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/xul/nsRootBoxFrame.cpp:190:3
#47 0x7f0a6fda7819 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:3660:14
#48 0x7f0a6fda641f in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /builds/worker/workspace/build/src/layout/generic/ViewportFrame.cpp:66:5
#49 0x7f0a6fe39c5a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /builds/worker/workspace/build/src/layout/generic/nsFrame.cpp:2917:5
#50 0x7f0a6fceab1a in nsLayoutUtils::GetFramesForArea(nsIFrame*, nsRect const&, nsTArray<nsIFrame*>&, unsigned int) /builds/worker/workspace/build/src/layout/base/nsLayoutUtils.cpp:3298:11
#51 0x7f0a6fcea763 in nsLayoutUtils::GetFrameForPoint(nsIFrame*, nsPoint, unsigned int) /builds/worker/workspace/build/src/layout/base/nsLayoutUtils.cpp:3258:8
#52 0x7f0a6fc02c07 in mozilla::FindFrameTargetedByInputEvent(mozilla::WidgetGUIEvent*, nsIFrame*, nsPoint const&, unsigned int) /builds/worker/workspace/build/src/layout/base/PositionedEventTargeting.cpp:544:5
#53 0x7f0a6fc3227c in mozilla::PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:7212:9
#54 0x7f0a6f631b8d in nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) /builds/worker/workspace/build/src/view/nsViewManager.cpp:812:14
#55 0x7f0a6fc1c27c in mozilla::PresShell::DispatchSynthMouseMove(mozilla::WidgetGUIEvent*, bool) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:3760:33
#56 0x7f0a6fc29999 in mozilla::PresShell::ProcessSynthMouseMoveEvent(bool) /builds/worker/workspace/build/src/layout/base/PresShell.cpp:5713:12
#57 0x7f0a6fc6240b in mozilla::PresShell::nsSynthMouseMoveEvent::WillRefresh(mozilla::TimeStamp) /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/PresShell.h:655:16
#58 0x7f0a6fbb1bfb in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:1843:12
#59 0x7f0a6fbbb2fe in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:306:7
#60 0x7f0a6fbbb0e6 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:328:5
#61 0x7f0a6fbbe5b5 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:769:5
#62 0x7f0a6fbbd656 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:682:35
#63 0x7f0a6fbb97d7 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /builds/worker/workspace/build/src/layout/base/nsRefreshDriver.cpp:528:20
#64 0x7f0a69f00e8f in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1037:14
#65 0x7f0a69f21aa0 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:513:10
#66 0x7f0a6aabdfe5 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
#67 0x7f0a6aa10137 in MessageLoop::RunInternal() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
#68 0x7f0a6aa0ffc9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299:3
#69 0x7f0a6f6a3eda in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27
#70 0x7f0a728c3e21 in nsAppStartup::Run() /builds/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:288:30
#71 0x7f0a72a389a8 in XREMain::XRE_mainRun() /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4675:22
#72 0x7f0a72a3a5ca in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4837:8
#73 0x7f0a72a3b4f9 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4932:21
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 1•7 years ago
|
||
Requesting fullscreen on <frame>... which should be denied I suppose.
|
|
||
Updated•7 years ago
|
Flags: needinfo?(xidorn+moz)
|
|
||
Comment 2•7 years ago
|
||
OK, so I guess the reason here is that <frame> cannot be out-of-flow, and thus this assertion.
The solution, I guess, is probably to forbid <frame> to enter fullscreen at all.
Filed spec issue whatwg/fullscreen#112 for this.
Flags: needinfo?(xidorn+moz)
|
|
||
Comment 3•7 years ago
|
||
Blocking bug 746437 since it potentially needs a change to the spec and we can track it from there.
Blocks: 746437
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•