This was found with a Firefox build built with -fsanitize=float-divide-by-zero,integer-divide-by-zero /mozilla-central/gfx/2d/BezierUtils.cpp:223:15: runtime error: division by zero #0 0x7fc7460e3146 in mozilla::gfx::FindBezierNearestPoint(mozilla::gfx::Bezier const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, float, float*) /mozilla-central/gfx/2d/BezierUtils.cpp:223:15 #1 0x7fc74b79dade in mozilla::DashedCornerFinder::FindNext(float) /mozilla-central/layout/painting/DashedCornerFinder.cpp:218:14 #2 0x7fc74b79d47b in mozilla::DashedCornerFinder::Next() /mozilla-central/layout/painting/DashedCornerFinder.cpp:164:13 #3 0x7fc74b80dd7e in nsCSSBorderRenderer::DrawDashedCornerSlow(mozilla::Side, mozilla::Corner) /mozilla-central/layout/painting/nsCSSRenderingBorders.cpp:2553:48 #4 0x7fc74b8073c3 in nsCSSBorderRenderer::DrawDashedOrDottedCorner(mozilla::Side, mozilla::Corner) /mozilla-central/layout/painting/nsCSSRenderingBorders.cpp:2397:7 #5 0x7fc74b805623 in nsCSSBorderRenderer::DrawBorderSides(int) /mozilla-central/layout/painting/nsCSSRenderingBorders.cpp #6 0x7fc74b7e1787 in nsCSSBorderRenderer::DrawBorders() /mozilla-central/layout/painting/nsCSSRenderingBorders.cpp:3506:11 #7 0x7fc74b7d8618 in nsCSSRendering::PaintBorderWithStyleBorder(nsPresContext*, gfxContext&, nsIFrame*, nsRect const&, nsRect const&, nsStyleBorder const&, nsStyleContext*, mozilla::PaintBorderFlags, mozilla::Sides) /mozilla-central/layout/painting/nsCSSRendering.cpp:973:6 #8 0x7fc74b7d7e67 in nsCSSRendering::PaintBorder(nsPresContext*, gfxContext&, nsIFrame*, nsRect const&, nsRect const&, nsStyleContext*, mozilla::PaintBorderFlags, mozilla::Sides) /mozilla-central/layout/painting/nsCSSRendering.cpp:646:12 #9 0x7fc74b846d57 in nsDisplayBorder::Paint(nsDisplayListBuilder*, gfxContext*) /mozilla-central/layout/painting/nsDisplayList.cpp:5513:5 #10 0x7fc74b7ced18 in mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float, int) /mozilla-central/layout/painting/FrameLayerBuilder.cpp:6038:21 #11 0x7fc74b7cfdc2 in mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) /mozilla-central/layout/painting/FrameLayerBuilder.cpp:6205:19 #12 0x7fc7467399c4 in mozilla::layers::ClientPaintedLayer::PaintThebes(nsTArray<mozilla::layers::ReadbackProcessor::Update>*) /mozilla-central/gfx/layers/client/ClientPaintedLayer.cpp:164:5 #13 0x7fc74673b442 in mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) /mozilla-central/gfx/layers/client/ClientPaintedLayer.cpp:301:3 #14 0x7fc746770240 in mozilla::layers::ClientContainerLayer::RenderLayer() /mozilla-central/gfx/layers/client/ClientContainerLayer.h:58:29 #15 0x7fc746770240 in mozilla::layers::ClientContainerLayer::RenderLayer() /mozilla-central/gfx/layers/client/ClientContainerLayer.h:58:29 #16 0x7fc746734c72 in mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /mozilla-central/gfx/layers/client/ClientLayerManager.cpp:362:13 #17 0x7fc746735450 in mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /mozilla-central/gfx/layers/client/ClientLayerManager.cpp:426:3 #18 0x7fc74b82b153 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) /mozilla-central/layout/painting/nsDisplayList.cpp:2594:17 #19 0x7fc74b135f86 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /mozilla-central/layout/base/nsLayoutUtils.cpp:3944:12 #20 0x7fc74b05bb92 in mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) /mozilla-central/layout/base/PresShell.cpp:6512:5 #21 0x7fc74a94932b in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /mozilla-central/view/nsViewManager.cpp:480:19 #22 0x7fc74a948a1d in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /mozilla-central/view/nsViewManager.cpp:412:33 #23 0x7fc74a94ac9b in nsViewManager::ProcessPendingUpdates() /mozilla-central/view/nsViewManager.cpp:1102:5 #24 0x7fc74afda77e in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /mozilla-central/layout/base/nsRefreshDriver.cpp:2027:11 #25 0x7fc74afe5003 in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /mozilla-central/layout/base/nsRefreshDriver.cpp:306:7 #26 0x7fc74afe4d4c in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /mozilla-central/layout/base/nsRefreshDriver.cpp:328:5 #27 0x7fc74afe92ca in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) /mozilla-central/layout/base/nsRefreshDriver.cpp:769:5 #28 0x7fc74afe7d20 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /mozilla-central/layout/base/nsRefreshDriver.cpp:682:35 #29 0x7fc74afe31dc in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /mozilla-central/layout/base/nsRefreshDriver.cpp:528:20 #30 0x7fc743a5cdb9 in nsThread::ProcessNextEvent(bool, bool*) /mozilla-central/xpcom/threads/nsThread.cpp:1037:14 #31 0x7fc743a95ed1 in NS_ProcessNextEvent(nsIThread*, bool) /mozilla-central/xpcom/threads/nsThreadUtils.cpp:513:10 #32 0x7fc744bc7e31 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /mozilla-central/ipc/glue/MessagePump.cpp:97:21 #33 0x7fc744a49d50 in MessageLoop::Run() /mozilla-central/ipc/chromium/src/base/message_loop.cc:299:3 #34 0x7fc74a9d70a4 in nsBaseAppShell::Run() /mozilla-central/widget/nsBaseAppShell.cpp:159:27 #35 0x7fc74f3268d9 in nsAppStartup::Run() /mozilla-central/toolkit/components/startup/nsAppStartup.cpp:288:30 #36 0x7fc74f4edafb in XREMain::XRE_mainRun() /mozilla-central/toolkit/xre/nsAppRunner.cpp:4685:22 #37 0x7fc74f4ef95c in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4847:8 #38 0x7fc74f4f0651 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4942:21 #39 0x518238 in do_main(int, char**, char**) /mozilla-central/browser/app/nsBrowserApp.cpp:231:22 #40 0x517aba in main /mozilla-central/browser/app/nsBrowserApp.cpp:304:16 #41 0x7fc77899d1c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308 #42 0x420589 in _start (firefox+0x420589)

I don't think this can actually happen, but I'll let Bas comment.

(In reply to Milan Sreckovic [:milan] from comment #1) > I don't think this can actually happen, but I'll let Bas comment. These (UBSan) are run time checks that show that is does happen and the attached testcase will reproduce the issue.