==28488==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7f797546689a bp 0x7ffdce207b70 sp 0x7ffdce207b70 T0) ==28488==The signal is caused by a READ memory access. ==28488==Hint: address points to the zero page. #0 0x7f7975466899 in GetFirstChild /src/dom/base/nsINode.h:1279:46 #1 0x7f7975466899 in GetImmediateChild /src/dom/xbl/nsXBLPrototypeBinding.cpp:442 #2 0x7f7975466899 in nsXBLBinding::GetSourceDocURI() /src/dom/xbl/nsXBLBinding.cpp:429 #3 0x7f797680b789 in SVGObserverUtils::GetBaseURLForLocalRef(nsIContent*, nsIURI*) /src/layout/svg/SVGObserverUtils.cpp:979:34 #4 0x7f797680bb3d in ResolveURLUsingLocalRef(nsIFrame*, mozilla::css::URLValueData const*) /src/layout/svg/SVGObserverUtils.cpp:1016:5 #5 0x7f79768057ad in GetMaskURI /src/layout/svg/SVGObserverUtils.cpp:1078:10 #6 0x7f79768057ad in nsSVGMaskProperty::nsSVGMaskProperty(nsIFrame*) /src/layout/svg/SVGObserverUtils.cpp:398 #7 0x7f7976806dd5 in GetOrCreateMaskProperty /src/layout/svg/SVGObserverUtils.cpp:532:14 #8 0x7f7976806dd5 in SVGObserverUtils::GetEffectProperties(nsIFrame*) /src/layout/svg/SVGObserverUtils.cpp:622 #9 0x7f7976881d7b in nsSVGIntegrationUtils::ComputePostEffectsVisualOverflowRect(nsIFrame*, nsRect const&) /src/layout/svg/nsSVGIntegrationUtils.cpp:289:5 #10 0x7f79764d6678 in ComputeEffectsRect /src/layout/generic/nsFrame.cpp:7302:9 #11 0x7f79764d6678 in nsIFrame::FinishAndStoreOverflow(nsOverflowAreas&, nsSize, nsSize*, nsStyleDisplay const*) /src/layout/generic/nsFrame.cpp:9516 #12 0x7f79765fcac9 in nsLineLayout::RelativePositionFrames(nsLineLayout::PerSpanData*, nsOverflowAreas&) /src/layout/generic/nsLineLayout.cpp:3385:12 #13 0x7f79765fc500 in nsLineLayout::RelativePositionFrames(nsLineLayout::PerSpanData*, nsOverflowAreas&) /src/layout/generic/nsLineLayout.cpp:3332:7 #14 0x7f79764269bc in RelativePositionFrames /src/layout/generic/nsLineLayout.h:129:5 #15 0x7f79764269bc in nsBlockFrame::PlaceLine(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFloatManager::SavedState*, mozilla::LogicalRect&, int&, bool*) /src/layout/generic/nsBlockFrame.cpp:4631 #16 0x7f79764247dd in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /src/layout/generic/nsBlockFrame.cpp:4097:12 #17 0x7f797641b327 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:3843:9 #18 0x7f79764145b0 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:2827:5 #19 0x7f797640a35a in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /src/layout/generic/nsBlockFrame.cpp:2363:7 #20 0x7f7976402115 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/nsBlockFrame.cpp:1236:3 #21 0x7f7976421557 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /src/layout/generic/nsBlockReflowContext.cpp:306:11 #22 0x7f797641676b in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:3474:11 #23 0x7f7976414705 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:2824:5 #24 0x7f797640a35a in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /src/layout/generic/nsBlockFrame.cpp:2363:7 #25 0x7f7976402115 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/nsBlockFrame.cpp:1236:3 #26 0x7f7976421557 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /src/layout/generic/nsBlockReflowContext.cpp:306:11 #27 0x7f797641676b in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:3474:11 #28 0x7f7976414705 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /src/layout/generic/nsBlockFrame.cpp:2824:5 #29 0x7f797640a35a in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /src/layout/generic/nsBlockFrame.cpp:2363:7 #30 0x7f7976402115 in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/nsBlockFrame.cpp:1236:3 #31 0x7f79764627a6 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /src/layout/generic/nsContainerFrame.cpp:934:14 #32 0x7f7976460f4b in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/nsCanvasFrame.cpp:757:5 #33 0x7f79764627a6 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /src/layout/generic/nsContainerFrame.cpp:934:14 #34 0x7f7976536727 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) /src/layout/generic/nsGfxScrollFrame.cpp:552:3 #35 0x7f7976537929 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) /src/layout/generic/nsGfxScrollFrame.cpp:664:3 #36 0x7f797653bad6 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/nsGfxScrollFrame.cpp:1041:3 #37 0x7f79763e729e in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /src/layout/generic/nsContainerFrame.cpp:978:14 #38 0x7f79763e5d79 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /src/layout/generic/ViewportFrame.cpp:336:7 #39 0x7f79761b33e0 in mozilla::PresShell::DoReflow(nsIFrame*, bool) /src/layout/base/PresShell.cpp:9007:11 #40 0x7f79761ca653 in mozilla::PresShell::ProcessReflowCommands(bool) /src/layout/base/PresShell.cpp:9180:24 #41 0x7f79761c9414 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /src/layout/base/PresShell.cpp:4267:11 #42 0x7f7976129d94 in FlushPendingNotifications /src/obj-firefox/dist/include/nsIPresShell.h:580:5 #43 0x7f7976129d94 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:1901 #44 0x7f7976138f9f in TickDriver /src/layout/base/nsRefreshDriver.cpp:336:13 #45 0x7f7976138f9f in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /src/layout/base/nsRefreshDriver.cpp:306 #46 0x7f7976138b54 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:327:5 #47 0x7f797613b3de in RunRefreshDrivers /src/layout/base/nsRefreshDriver.cpp:769:5 #48 0x7f797613b3de in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:682 #49 0x7f7976136967 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /src/layout/base/nsRefreshDriver.cpp:528:20 #50 0x7f796e73920e in nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1033:14 #51 0x7f796e754f90 in NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:508:10 #52 0x7f796f5c700a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:97:21 #53 0x7f796f51dfa9 in RunInternal /src/ipc/chromium/src/base/message_loop.cc:326:10 #54 0x7f796f51dfa9 in RunHandler /src/ipc/chromium/src/base/message_loop.cc:319 #55 0x7f796f51dfa9 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:299 #56 0x7f79759b8a8a in nsBaseAppShell::Run() /src/widget/nsBaseAppShell.cpp:157:27 #57 0x7f7979ead66b in nsAppStartup::Run() /src/toolkit/components/startup/nsAppStartup.cpp:288:30 #58 0x7f797a0c5f38 in XREMain::XRE_mainRun() /src/toolkit/xre/nsAppRunner.cpp:4649:22 #59 0x7f797a0c8d6e in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4811:8 #60 0x7f797a0ca1e4 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4903:21 #61 0x4ee80b in do_main /src/browser/app/nsBrowserApp.cpp:231:22 #62 0x4ee80b in main /src/browser/app/nsBrowserApp.cpp:304 #63 0x7f798d1ea82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #64 0x41e078 in _start (firefox+0x41e078)

Can't reproduce anymore. Should have been fixed by bug 1425759.

Worth landing the test from this bug as a crashtest?

Pushed by ecoal95@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/fc7f512b30ec Crashtest. r=emilio

Agreed, thanks :)