Closed
Bug 1640248
Opened 5 years ago
Closed 4 years ago
null pointer passed as argument 1, which is declared to never be null in gfx/2d/RecordedEvent.h:176
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
DUPLICATE
of bug 1640247
| Tracking | Status | |
|---|---|---|
| firefox78 | --- | fixed |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
To enable this check add the following to your mozconfig:
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"
This can reproduced by running the test suite at https://www.antutu.com/html5/
src/gfx/2d/RecordedEvent.h:176:18: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
#0 0x7faa07c63d10 in mozilla::gfx::MemWriter::write(char const*, unsigned long) src/gfx/2d/RecordedEvent.h:176:5
#1 0x7faa07c63d10 in void mozilla::gfx::RecordedUnscaledFontCreation::Record<mozilla::gfx::MemWriter>(mozilla::gfx::MemWriter&) const src/gfx/2d/RecordedEventImpl.h:3529:11
#2 0x7faa07c42663 in mozilla::gfx::RecordedEventDerived<mozilla::gfx::RecordedUnscaledFontCreation>::RecordToStream(mozilla::gfx::MemStream&) const src/gfx/2d/RecordedEvent.h:448:40
#3 0x7faa07cb1855 in mozilla::gfx::DrawTargetRecording::FillGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetRecording.cpp:273:20
#4 0x7faa08517878 in GlyphBufferAzure::FlushGlyphs() src/gfx/thebes/gfxFont.cpp:1672:24
#5 0x7faa0850525d in GlyphBufferAzure::~GlyphBufferAzure() src/gfx/thebes/gfxFont.cpp:1561:7
#6 0x7faa084d5262 in gfxFont::Draw(gfxTextRun const*, unsigned int, unsigned int, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>*, TextRunDrawParams const&, mozilla::gfx::ShapedTextFlags) src/gfx/thebes/gfxFont.cpp:2292:3
#7 0x7faa08598335 in gfxTextRun::DrawGlyphs(gfxFont*, gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>*, gfxTextRun::PropertyProvider*, gfxTextRun::Range, TextRunDrawParams&, mozilla::gfx::ShapedTextFlags) const src/gfx/thebes/gfxTextRun.cpp:420:10
#8 0x7faa0859a56e in gfxTextRun::Draw(gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float>, gfxTextRun::DrawParams const&) const src/gfx/thebes/gfxTextRun.cpp:665:5
#9 0x7faa0d5ddab2 in DrawTextRun(gfxTextRun const*, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, gfxTextRun::Range, nsTextFrame::DrawTextRunParams const&, nsTextFrame*) src/layout/generic/nsTextFrame.cpp:6882:17
#10 0x7faa0d5dd09f in nsTextFrame::DrawTextRun(gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, nsTextFrame::DrawTextRunParams const&) src/layout/generic/nsTextFrame.cpp:6891:3
#11 0x7faa0d5d4866 in nsTextFrame::DrawText(gfxTextRun::Range, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&, nsTextFrame::DrawTextParams const&) src/layout/generic/nsTextFrame.cpp:7129:5
#12 0x7faa0d5dc7ca in nsTextFrame::PaintText(nsTextFrame::PaintTextParams const&, int, int, nsPoint const&, bool, float) src/layout/generic/nsTextFrame.cpp:6817:3
#13 0x7faa0d9f17ed in nsDisplayText::RenderToContext(gfxContext*, nsDisplayListBuilder*, bool) src/layout/painting/nsDisplayList.cpp:8912:6
#14 0x7faa0d9f0d03 in nsDisplayText::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:8798:3
#15 0x7faa0d940e8b in mozilla::FrameLayerBuilder::PaintItems(std::vector<mozilla::AssignedDisplayItem, std::allocator<mozilla::AssignedDisplayItem> >&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, gfxContext*, nsDisplayListBuilder*, nsPresContext*, mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const&, float, float) src/layout/painting/FrameLayerBuilder.cpp:7093:20
#16 0x7faa0d9429b3 in mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*) src/layout/painting/FrameLayerBuilder.cpp:7251:19
#17 0x7faa0828570e in mozilla::layers::BasicPaintedLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) src/gfx/layers/basic/BasicPaintedLayer.cpp:92:9
#18 0x7faa0827544b in mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) src/gfx/layers/basic/BasicLayerManager.cpp:700:13
#19 0x7faa08274899 in mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) src/gfx/layers/basic/BasicLayerManager.cpp
#20 0x7faa082752db in mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) src/gfx/layers/basic/BasicLayerManager.cpp:723:7
#21 0x7faa08274899 in mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*) src/gfx/layers/basic/BasicLayerManager.cpp
#22 0x7faa0827131a in mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) src/gfx/layers/basic/BasicLayerManager.cpp:609:5
#23 0x7faa0d9b46c4 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2484:19
#24 0x7faa0d22c7c1 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:4142:13
#25 0x7faa0d145539 in mozilla::PresShell::RenderDocument(nsRect const&, mozilla::RenderDocumentFlags, unsigned int, gfxContext*) src/layout/base/PresShell.cpp:4570:3
#26 0x7faa085edb28 in mozilla::gfx::PaintFragment::Record(nsIDocShell*, mozilla::Maybe<mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> > const&, float, unsigned int, mozilla::gfx::CrossProcessPaintFlags) src/gfx/ipc/CrossProcessPaint.cpp:133:26
#27 0x7faa0c4e11cd in mozilla::dom::WindowGlobalChild::RecvDrawSnapshot(mozilla::Maybe<mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> > const&, float const&, unsigned int const&, unsigned int const&, std::function<void (mozilla::gfx::PaintFragment&&)>&&) src/dom/ipc/WindowGlobalChild.cpp:421:12
#28 0x7faa071de72b in mozilla::dom::PWindowGlobalChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PWindowGlobalChild.cpp:802:61
#29 0x7faa06c1756b in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) src/objdir-ff-ubsan/ipc/ipdl/PContentChild.cpp:8245:32
#30 0x7faa06a02309 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2186:25
#31 0x7faa069fed46 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2110:9
#32 0x7faa06a002cd in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1958:3
#33 0x7faa06a00cde in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1989:13
#34 0x7faa05755815 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1211:14
#35 0x7faa0575dbfc in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:501:10
#36 0x7faa06a09599 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:109:5
#37 0x7faa068caa27 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#38 0x7faa068caa27 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:308:3
#39 0x7faa068caa27 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#40 0x7faa0cc65d08 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#41 0x7faa1095fb06 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:909:20
#42 0x7faa068caa27 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#43 0x7faa068caa27 in MessageLoop::RunHandler() src/ipc/chromium/src/base/message_loop.cc:308:3
#44 0x7faa068caa27 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#45 0x7faa1095ef41 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:740:34
#46 0x55fd76803644 in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#47 0x55fd76803644 in main src/browser/app/nsBrowserApp.cpp:303:18
|
||
Comment 1•4 years ago
|
||
Similar to bug 1640247 , let's fix this and not play with UB
Severity: -- → S2
|
|
||
Updated•4 years ago
|
Component: Graphics → Graphics: Text
|
||
Comment 2•4 years ago
|
||
S1 or S2 bugs need an assignee - could you find someone for this bug?
Flags: needinfo?(lsalzman)
|
||
Updated•4 years ago
|
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(lsalzman)
Resolution: --- → DUPLICATE
|
||
Updated•4 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•