Closed Bug 1750668 Opened 3 years ago Closed 3 years ago

src/dom/animation/AnimationEffect.cpp:195:35: runtime error: -inf is outside the range of representable values of type 'unsigned long'

Categories

(Core :: DOM: Animation, defect)

Product:
Core
Component:
DOM: Animation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
99 Branch
Tracking Flags:
Tracking Status
firefox98 --- wontfix
firefox99 --- fixed

People

(Reporter: tsmith, Assigned: boris)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-undefined)

Attachments

(1 file)

Bug 1750668 - Clamp double value to avoid getting -inf when converting it into unsigned long.
(deleted), text/x-phabricator-request
Details

This was found by enabling the float-cast-overflow check in UBSan and running existing tests. This type of issue can create inconsistencies across platforms, architectures and optimization levels.

To enable this check add the following to your mozconfig:

ac_add_options --enable-undefined-sanitizer="float-cast-overflow"

INFO - TEST-START | devtools/client/inspector/animation/test/browser_animation_logic_overflowed_delay_end-delay.js
INFO - GECKO(2646) | /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:195:35: runtime error: -inf is outside the range of representable values of type 'unsigned long'
INFO - GECKO(2646) |     #0 0x7f74514a6378 in mozilla::dom::AnimationEffect::GetComputedTimingAt(mozilla::dom::Nullable<mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator> > const&, mozilla::TimingParams const&, double) /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:195:35
INFO - GECKO(2646) |     #1 0x7f74514934ae in mozilla::dom::AnimationEffect::GetComputedTiming(mozilla::TimingParams const*) const /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:268:10
INFO - GECKO(2646) |     #2 0x7f74514a443a in mozilla::dom::AnimationEffect::IsCurrent() const /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:54:35
INFO - GECKO(2646) |     #3 0x7f7451492e5e in HasCurrentEffect /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1906:38
INFO - GECKO(2646) |     #4 0x7f7451492e5e in mozilla::dom::Animation::UpdateRelevance() /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1060:18
INFO - GECKO(2646) |     #5 0x7f74514961ee in mozilla::dom::Animation::UpdateEffect(mozilla::PostRestyleMode) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1655:5
INFO - GECKO(2646) |     #6 0x7f74514a2867 in mozilla::dom::Animation::UpdateTiming(mozilla::dom::Animation::SeekFlag, mozilla::dom::Animation::SyncNotifyFlag) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1598:3
INFO - GECKO(2646) |     #7 0x7f7451499041 in mozilla::dom::Animation::PlayNoUpdate(mozilla::ErrorResult&, mozilla::dom::Animation::LimitBehavior) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:1454:3
INFO - GECKO(2646) |     #8 0x7f745149630d in mozilla::dom::Animation::Play(mozilla::ErrorResult&, mozilla::dom::Animation::LimitBehavior) /builds/worker/checkouts/gecko/dom/animation/Animation.cpp:641:3
INFO - GECKO(2646) |     #9 0x7f745182ca1a in mozilla::dom::Element::Animate(JSContext*, JS::Handle<JSObject*>, mozilla::dom::UnrestrictedDoubleOrKeyframeAnimationOptions const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Element.cpp:3526:14
INFO - GECKO(2646) |     #10 0x7f7452fe8b65 in mozilla::dom::Element_Binding::animate(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/ElementBinding.cpp:5532:76
INFO - GECKO(2646) |     #11 0x7f74533dcc2d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3306:13
INFO - GECKO(2646) |     #12 0x7f745a164ce4 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:425:13
INFO - GECKO(2646) |     #13 0x7f745a164ce4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:12
INFO - GECKO(2646) |     #14 0x7f745a151159 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:576:10
INFO - GECKO(2646) |     #15 0x7f745a151159 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3309:16
INFO - GECKO(2646) |     #16 0x7f745a135ed1 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:394:13
INFO - GECKO(2646) |     #17 0x7f745a168d83 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:767:13
INFO - GECKO(2646) |     #18 0x7f745a3c1d7b in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:515:10
INFO - GECKO(2646) |     #19 0x7f745a3c2085 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:539:10
INFO - GECKO(2646) |     #20 0x7f74518b91fa in mozilla::dom::JSExecutionContext::ExecScript() /builds/worker/checkouts/gecko/dom/base/JSExecutionContext.cpp:296:8
INFO - GECKO(2646) |     #21 0x7f74558cafa2 in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2311:16
INFO - GECKO(2646) |     #22 0x7f74558cafa2 in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2499:10
INFO - GECKO(2646) |     #23 0x7f74558c9101 in mozilla::dom::ScriptLoader::EvaluateScriptElement(mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2371:10
INFO - GECKO(2646) |     #24 0x7f74558c4226 in mozilla::dom::ScriptLoader::ProcessRequest(mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2046:10
INFO - GECKO(2646) |     #25 0x7f74558c188f in mozilla::dom::ScriptLoader::ProcessInlineScript(nsIScriptElement*, mozilla::dom::ScriptKind) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1499:10
INFO - GECKO(2646) |     #26 0x7f74558ab9be in mozilla::dom::ScriptLoader::ProcessScriptElement(nsIScriptElement*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1214:10
INFO - GECKO(2646) |     #27 0x7f74558aab4a in mozilla::dom::ScriptElement::MaybeProcessScript() /builds/worker/checkouts/gecko/dom/script/ScriptElement.cpp:118:18
INFO - GECKO(2646) |     #28 0x7f7450a766ce in nsIScriptElement::AttemptToExecute() /builds/worker/workspace/obj-build/dist/include/nsIScriptElement.h:211:18
INFO - GECKO(2646) |     #29 0x7f7450a757d8 in nsHtml5TreeOpExecutor::RunScript(nsIContent*) /builds/worker/checkouts/gecko/parser/html/nsHtml5TreeOpExecutor.cpp:900:22
INFO - GECKO(2646) |     #30 0x7f7450a743e9 in nsHtml5TreeOpExecutor::RunFlushLoop() /builds/worker/checkouts/gecko/parser/html/nsHtml5TreeOpExecutor.cpp:693:7
INFO - GECKO(2646) |     #31 0x7f7450a7b787 in nsHtml5ExecutorFlusher::Run() /builds/worker/checkouts/gecko/parser/html/nsHtml5StreamParser.cpp:173:18
INFO - GECKO(2646) |     #32 0x7f744ea0a37f in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:144:20
INFO - GECKO(2646) |     #33 0x7f744ea55fa2 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:468:16
INFO - GECKO(2646) |     #34 0x7f744ea1d01d in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:771:26
INFO - GECKO(2646) |     #35 0x7f744ea1a8d8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:607:15
INFO - GECKO(2646) |     #36 0x7f744ea1afe9 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:391:36
INFO - GECKO(2646) |     #37 0x7f744ea5e461 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:124:37
INFO - GECKO(2646) |     #38 0x7f744ea5e461 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:531:5
INFO - GECKO(2646) |     #39 0x7f744ea3c9fb in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1195:16
INFO - GECKO(2646) |     #40 0x7f744ea47b5c in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:467:10
INFO - GECKO(2646) |     #41 0x7f744fbe9848 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
INFO - GECKO(2646) |     #42 0x7f744faf7171 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:331:10
INFO - GECKO(2646) |     #43 0x7f744faf7171 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:324:3
INFO - GECKO(2646) |     #44 0x7f744faf7171 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:306:3
INFO - GECKO(2646) |     #45 0x7f7455c3f8e7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
INFO - GECKO(2646) |     #46 0x7f7459f2d4cf in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:864:20
INFO - GECKO(2646) |     #47 0x7f744faf7171 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:331:10
INFO - GECKO(2646) |     #48 0x7f744faf7171 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:324:3
INFO - GECKO(2646) |     #49 0x7f744faf7171 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:306:3
INFO - GECKO(2646) |     #50 0x7f7459f2cef6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:701:34
INFO - GECKO(2646) |     #51 0x5589f8e956dd in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
INFO - GECKO(2646) |     #52 0x5589f8e95afd in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:327:18
INFO - GECKO(2646) |     #53 0x7f7471360b96 in __libc_start_main /tmp/glibc/csu/../csu/libc-start.c:310
INFO - GECKO(2646) |     #54 0x5589f8de47cc in _start (/builds/worker/workspace/build/application/firefox/firefox+0x577cc)
INFO - GECKO(2646) | SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /builds/worker/checkouts/gecko/dom/animation/AnimationEffect.cpp:195:35 in

The severity field is not set for this bug.
:boris, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(boris.chiou)
Severity: -- → S3
Flags: needinfo?(boris.chiou)

This issue is currently triggered in CI when the 'float-cast-overflow' UBSan check is enabled. This issue will need to be addressed before the check can be enabled by default.

If it requires too much effort to fix immediately please ni? me and let me know. If necessary it will be added to a suppression list. Thank you :)

Flags: needinfo?(boris.chiou)
Assignee: nobody → boris.chiou
Flags: needinfo?(boris.chiou)

We got runtime error when enabling float-cast-overflow check in this
line, so let's clamp the value to pass the check.

Pushed by bchiou@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/14a6d2df4343 Clamp double value to avoid getting -inf when converting it into unsigned long. r=TYLin

https://hg.mozilla.org/mozilla-central/rev/14a6d2df4343

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox99: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: