This was found by enabling the float-cast-overflow check in UBSan and running existing tests. This type of issue can create inconsistencies across platforms, architectures and optimization levels.

To enable this check add the following to your mozconfig:

ac_add_options --enable-undefined-sanitizer="float-cast-overflow"

This issue is found in the existing test: svg/animations/end-of-time-crash.html

INFO - TEST-START | /svg/animations/end-of-time-crash.html
INFO - PID 23181 | /builds/worker/checkouts/gecko/dom/svg/SVGSVGElement.cpp:203:38: runtime error: 1.84467e+22 is outside the range of representable values of type 'long'
INFO - PID 23181 |     #0 0x7faeb43541a6 in mozilla::dom::SVGSVGElement::SetCurrentTime(float) /builds/worker/checkouts/gecko/dom/svg/SVGSVGElement.cpp:203:38
INFO - PID 23181 |     #1 0x7faeb18f461e in mozilla::dom::SVGSVGElement_Binding::setCurrentTime(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/SVGSVGElementBinding.cpp:668:24
INFO - PID 23181 |     #2 0x7faeb26dcc2d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3306:13
INFO - PID 23181 |     #3 0x7faeb9464ce4 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:425:13
INFO - PID 23181 |     #4 0x7faeb9464ce4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:12
INFO - PID 23181 |     #5 0x7faeb9451159 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:576:10
INFO - PID 23181 |     #6 0x7faeb9451159 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3309:16
INFO - PID 23181 |     #7 0x7faeb9435ed1 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:394:13
INFO - PID 23181 |     #8 0x7faeb9468d83 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:767:13
INFO - PID 23181 |     #9 0x7faeb96c1d7b in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:515:10
INFO - PID 23181 |     #10 0x7faeb96c2085 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:539:10
INFO - PID 23181 |     #11 0x7faeb0bb91fa in mozilla::dom::JSExecutionContext::ExecScript() /builds/worker/checkouts/gecko/dom/base/JSExecutionContext.cpp:296:8
INFO - PID 23181 |     #12 0x7faeb4bcafa2 in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2311:16
INFO - PID 23181 |     #13 0x7faeb4bcafa2 in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2499:10
INFO - PID 23181 |     #14 0x7faeb4bc9101 in mozilla::dom::ScriptLoader::EvaluateScriptElement(mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2371:10
INFO - PID 23181 |     #15 0x7faeb4bc4226 in mozilla::dom::ScriptLoader::ProcessRequest(mozilla::dom::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2046:10
INFO - PID 23181 |     #16 0x7faeb4bc188f in mozilla::dom::ScriptLoader::ProcessInlineScript(nsIScriptElement*, mozilla::dom::ScriptKind) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1499:10
INFO - PID 23181 |     #17 0x7faeb4bab9be in mozilla::dom::ScriptLoader::ProcessScriptElement(nsIScriptElement*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1214:10
INFO - PID 23315 | console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/tmptgt6zqxs/search.json.mozlz4", (void 0)))
INFO - PID 23181 |     #18 0x7faeb4baab4a in mozilla::dom::ScriptElement::MaybeProcessScript() /builds/worker/checkouts/gecko/dom/script/ScriptElement.cpp:118:18
INFO - PID 23181 |     #19 0x7faeafd766ce in nsIScriptElement::AttemptToExecute() /builds/worker/workspace/obj-build/dist/include/nsIScriptElement.h:211:18
INFO - PID 23181 |     #20 0x7faeafd757d8 in nsHtml5TreeOpExecutor::RunScript(nsIContent*) /builds/worker/checkouts/gecko/parser/html/nsHtml5TreeOpExecutor.cpp:900:22
INFO - PID 23181 |     #21 0x7faeafd743e9 in nsHtml5TreeOpExecutor::RunFlushLoop() /builds/worker/checkouts/gecko/parser/html/nsHtml5TreeOpExecutor.cpp:693:7
INFO - PID 23181 |     #22 0x7faeafd7b787 in nsHtml5ExecutorFlusher::Run() /builds/worker/checkouts/gecko/parser/html/nsHtml5StreamParser.cpp:173:18
INFO - PID 23181 |     #23 0x7faeadd0a37f in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/checkouts/gecko/xpcom/threads/SchedulerGroup.cpp:144:20
INFO - PID 23181 |     #24 0x7faeadd55fa2 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:468:16
INFO - PID 23181 |     #25 0x7faeadd1d01d in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:771:26
INFO - PID 23181 |     #26 0x7faeadd1a8d8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:607:15
INFO - PID 23181 |     #27 0x7faeadd1afe9 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:391:36
INFO - PID 23181 |     #28 0x7faeadd5e461 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:124:37
INFO - PID 23181 |     #29 0x7faeadd5e461 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:531:5
INFO - PID 23181 |     #30 0x7faeadd3c9fb in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1195:16
INFO - PID 23181 |     #31 0x7faeadd47b5c in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:467:10
INFO - PID 23181 |     #32 0x7faeaeee9848 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
INFO - PID 23181 |     #33 0x7faeaedf7171 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:331:10
INFO - PID 23181 |     #34 0x7faeaedf7171 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:324:3
INFO - PID 23181 |     #35 0x7faeaedf7171 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:306:3
INFO - PID 23181 |     #36 0x7faeb4f3f8e7 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
INFO - PID 23181 |     #37 0x7faeb922d4cf in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:864:20
INFO - PID 23181 |     #38 0x7faeaedf7171 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:331:10
INFO - PID 23181 |     #39 0x7faeaedf7171 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:324:3
INFO - PID 23181 |     #40 0x7faeaedf7171 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:306:3
INFO - PID 23181 |     #41 0x7faeb922cef6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:701:34
INFO - PID 23181 |     #42 0x560ff68276dd in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
INFO - PID 23181 |     #43 0x560ff6827afd in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:327:18
INFO - PID 23181 |     #44 0x7faed066ab96 in __libc_start_main /tmp/glibc/csu/../csu/libc-start.c:310
INFO - PID 23181 |     #45 0x560ff67767cc in _start (/builds/worker/workspace/build/application/firefox/firefox+0x577cc)

As suggested by "end of time" in the test name, this test is intentionally using extremely-huge values, larger than values that we expect to handle "correctly" (but for which we'd nonetheless like to avoid crashing, hence the test existing).

Similar to bug 1751828, I don't think it's worth fixing this in our platform, but we probably want to add a suppression for it, since this is failing in CI and we want to enable UBSan by default.

ni=Tyson just to be sure he sees & it's on his radar to get a suppression added. (Reclassifying to match the component of the broader effort in bug 1749864, to take this out of layout triage queue.)

Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f37290bbf4d2dabf37772ec306fd0a17352dee7d

I'm making this rename so that I can create a modified copy of the test
with similar naming in the next patch.

Note that the number has to go before the crash, since "-crash" has to be right
before the file extension in order for it to be recognized as a crashtest, per
https://web-platform-tests.org/writing-tests/crashtest.html

The value that I'm using in the new copy is still large, but small enough that
it doesn't overflow our internal int64_t representation (when converted into
milliseconds by multiplying by 1000x).

This value makes the crashtest hang in Firefox (hence the included .ini
"expected: TIMEOUT" annotation). The original crashtest doesn't hang in
Firefox, but that's only because it uses a time that's substantially larger to
the extent that it overflows and produces a negative internal time
representation, and that happens to avoid the issue that causes the hang.

(Though, spoiler alert: the next patch in this series will prevent that
integer-overflow, which will make that original test start hanging Firefox as
well.)

Depends on D140770

https://hg.mozilla.org/mozilla-central/rev/46724dce76ac
https://hg.mozilla.org/mozilla-central/rev/e8504ee4342a
https://hg.mozilla.org/mozilla-central/rev/af390ca8be44

Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.