Closed
Bug 1554804
Opened 6 years ago
Closed 5 years ago
crash near null [@ mozilla::ReflowInput::InitConstraints]
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
VERIFIED
DUPLICATE
of bug 1555757
| Tracking | Status | |
|---|---|---|
| firefox69 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(1 file)
|
(deleted),
text/html
|
Details |
Reduced with m-c:
BuildID=20190527141836
SourceStamp=944c410b7e9185a0cb90a4fbc0970299f1ff3e2b
==75824==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x7f90d7eeddab bp 0x7ffe578c7ee0 sp 0x7ffe578c7c40 T0)
==75824==The signal is caused by a READ memory access.
==75824==Hint: address points to the zero page.
#0 0x7f90d7eeddaa in mozilla::ReflowInput::InitConstraints(nsPresContext*, mozilla::Maybe<mozilla::LogicalSize> const&, nsMargin const*, nsMargin const*, mozilla::LayoutFrameType) src/layout/generic/ReflowInput.cpp:2266:17
#1 0x7f90d7ee4b32 in mozilla::ReflowInput::Init(nsPresContext*, mozilla::Maybe<mozilla::LogicalSize> const&, nsMargin const*, nsMargin const*) src/layout/generic/ReflowInput.cpp:380:3
#2 0x7f90d84e3889 in nsTableWrapperFrame::InitChildReflowInput(nsPresContext&, mozilla::ReflowInput const&, mozilla::ReflowInput&) src/layout/tables/nsTableWrapperFrame.cpp:257:16
#3 0x7f90d84e8f18 in nsTableWrapperFrame::OuterBeginReflowChild(nsPresContext*, nsIFrame*, mozilla::ReflowInput const&, mozilla::Maybe<mozilla::ReflowInput>&, int) src/layout/tables/nsTableWrapperFrame.cpp:742:3
#4 0x7f90d84ea03a in nsTableWrapperFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/tables/nsTableWrapperFrame.cpp:831:5
#5 0x7f90d7c70e8f in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) src/layout/base/PresShell.cpp:9252:11
#6 0x7f90d7c920b0 in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9422:24
#7 0x7f90d7c8f1c0 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4231:11
#8 0x7f90d7bf443a in FlushPendingNotifications src/obj-firefox/dist/include/mozilla/PresShell.h:1453:5
#9 0x7f90d7bf443a in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:1979
#10 0x7f90d7c098c9 in TickDriver src/layout/base/nsRefreshDriver.cpp:349:13
#11 0x7f90d7c098c9 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:326
#12 0x7f90d7c09162 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:343:5
#13 0x7f90d7c0d69f in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:789:5
#14 0x7f90d7c0d69f in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:709
#15 0x7f90d7c0c6f3 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:604:9
#16 0x7f90d8781985 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#17 0x7f90cec4c2a4 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:187:54
#18 0x7f90ce7cdcf5 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:4717:32
#19 0x7f90ce002a26 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2158:25
#20 0x7f90cdffe43b in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2082:9
#21 0x7f90ce0009f7 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1939:3
#22 0x7f90ce001787 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1970:13
#23 0x7f90ccc2f517 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1176:14
#24 0x7f90ccc37154 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#25 0x7f90ce00be3f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#26 0x7f90cdee437e in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#27 0x7f90cdee437e in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#28 0x7f90cdee437e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#29 0x7f90d7511733 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#30 0x7f90dbb3584e in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:911:20
#31 0x7f90cdee437e in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#32 0x7f90cdee437e in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#33 0x7f90cdee437e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#34 0x7f90dbb349bc in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:749:34
#35 0x55bfaf7b272e in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#36 0x55bfaf7b272e in main src/browser/app/nsBrowserApp.cpp:263
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
The test contains contain: strict and an inline-table. I think this duplicates bug 1555757.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
|
||
Comment 2•5 years ago
|
||
Thanks! Agreed that this is a dupe. I suspected bug 1555757 should be reproducible with normal (non-MathML) tables, but hadn't been able to construct a testcase for that scenario yet.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•