Closed Bug 1436775 Opened 7 years ago Closed 6 years ago

Graphite2: UBSan: addition of unsigned offset overflowed /gfx/graphite2/src/inc/Code.h:165

Categories

(Core :: Graphics: Text, defect, P3)

Product:
Core
Component:
Graphics: Text
Version:
60 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox60 --- fixed
firefox61 --- fixed

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-undefined, Whiteboard: [gfx-noted]) 

Found in mozilla-central changeset: 402372:3df7961bad2c. Built with -fsanitize=pointer-overflow

This can be consistently reproduced by opening gmail and google calendar.

/gfx/graphite2/src/inc/Code.h:165:15: runtime error: addition of unsigned offset to 0x6200000347d8 overflowed to 0x61d0006277d8
    #0 0x7fc3d21f985d in graphite2::vm::Machine::Code::externalProgramMoved(long) /gfx/graphite2/src/inc/Code.h:165:15
    #1 0x7fc3d21e72e3 in graphite2::Pass::readRules(unsigned char const*, unsigned long, unsigned char const*, unsigned short const*, unsigned short const*, unsigned char const*, unsigned short const*, unsigned char const*, graphite2::Face&, graphite2::passtype, graphite2::Error&) /gfx/graphite2/src/Pass.cpp:284:16
    #2 0x7fc3d21e4f34 in graphite2::Pass::readPass(unsigned char const*, unsigned long, unsigned long, graphite2::Face&, graphite2::passtype, unsigned int, graphite2::Error&) /gfx/graphite2/src/Pass.cpp:202:14
    #3 0x7fc3d2206665 in graphite2::Silf::readGraphite(unsigned char const*, unsigned long, graphite2::Face&, unsigned int) /gfx/graphite2/src/Silf.cpp:216:26
    #4 0x7fc3d21d7287 in graphite2::Face::readGraphite(graphite2::Face::Table const&) /gfx/graphite2/src/Face.cpp:149:25
    #5 0x7fc3d221adfc in (anonymous namespace)::load_face(graphite2::Face&, unsigned int) /gfx/graphite2/src/gr_face.cpp:59:47
    #6 0x7fc3d221ac48 in gr_make_face_with_ops /gfx/graphite2/src/gr_face.cpp:89:16
    #7 0x7fc3ca7f8fc2 in gfxFontEntry::GetGrFace() /gfx/thebes/gfxFontEntry.cpp:698:19
    #8 0x7fc3ca7e3006 in gfxFontEntry::HasGraphiteSpaceContextuals() /gfx/thebes/gfxFontEntry.cpp:745:25
    #9 0x7fc3ca819561 in bool gfxFont::SplitAndInitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, mozilla::gfx::ShapedTextFlags) /gfx/thebes/gfxFont.cpp:3140:9
    #10 0x7fc3ca8bbede in void gfxFontGroup::InitScriptRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, unsigned int, mozilla::unicode::Script, gfxMissingFontRecorder*) /gfx/thebes/gfxTextRun.cpp:2581:31
    #11 0x7fc3ca8a7d7e in void gfxFontGroup::InitTextRun<char16_t>(mozilla::gfx::DrawTarget*, gfxTextRun*, char16_t const*, unsigned int, gfxMissingFontRecorder*) /gfx/thebes/gfxTextRun.cpp:2481:17
    #12 0x7fc3ca884d0c in gfxFontGroup::MakeTextRun(char16_t const*, unsigned int, gfxTextRunFactory::Parameters const*, mozilla::gfx::ShapedTextFlags, nsTextFrameUtils::Flags, gfxMissingFontRecorder*) /gfx/thebes/gfxTextRun.cpp:2347:5
    #13 0x7fc3cf482b88 in BuildTextRunsScanner::BuildTextRunForFrames(void*) /layout/generic/nsTextFrame.cpp:2396:28
    #14 0x7fc3cf47f183 in BuildTextRunsScanner::FlushFrames(bool, bool) /layout/generic/nsTextFrame.cpp:1699:17
    #15 0x7fc3cf4895d0 in BuildTextRuns(mozilla::gfx::DrawTarget*, nsTextFrame*, nsIFrame*, nsLineList_iterator const*, nsTextFrame::TextRunType) /layout/generic/nsTextFrame.cpp:1625:11
    #16 0x7fc3cf487eaa in nsTextFrame::EnsureTextRun(nsTextFrame::TextRunType, mozilla::gfx::DrawTarget*, nsIFrame*, nsLineList_iterator const*, unsigned int*) /layout/generic/nsTextFrame.cpp:2871:7
    #17 0x7fc3cf4baf5a in nsTextFrame::ReflowText(nsLineLayout&, int, mozilla::gfx::DrawTarget*, mozilla::ReflowOutput&, nsReflowStatus&) /layout/generic/nsTextFrame.cpp:9427:5
    #18 0x7fc3cf3e905f in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /layout/generic/nsLineLayout.cpp:926:7
    #19 0x7fc3cf3e7f39 in nsInlineFrame::ReflowInlineFrame(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, nsIFrame*, nsReflowStatus&) /layout/generic/nsInlineFrame.cpp:727:15
    #20 0x7fc3cf3e6b3a in nsInlineFrame::ReflowFrames(nsPresContext*, mozilla::ReflowInput const&, nsInlineFrame::InlineReflowInput&, mozilla::ReflowOutput&, nsReflowStatus&) /layout/generic/nsInlineFrame.cpp:609:7
    #21 0x7fc3cf3e5d9e in nsInlineFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsInlineFrame.cpp:408:3
    #22 0x7fc3cf3e90db in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /layout/generic/nsLineLayout.cpp:923:13
    #23 0x7fc3cf26b7f5 in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) /layout/generic/nsBlockFrame.cpp:4157:15
    #24 0x7fc3cf26a4ae in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /layout/generic/nsBlockFrame.cpp:3957:5
    #25 0x7fc3cf264102 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3831:9
    #26 0x7fc3cf25f098 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2815:5
    #27 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #28 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #29 0x7fc3cf29181e in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:941:14
    #30 0x7fc3cf370891 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) /layout/generic/nsGfxScrollFrame.cpp:553:3
    #31 0x7fc3cf3724c5 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) /layout/generic/nsGfxScrollFrame.cpp:676:3
    #32 0x7fc3cf375715 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsGfxScrollFrame.cpp:1053:3
    #33 0x7fc3cf2684e8 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /layout/generic/nsBlockReflowContext.cpp:306:11
    #34 0x7fc3cf26258d in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3462:11
    #35 0x7fc3cf25f050 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2812:5
    #36 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #37 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #38 0x7fc3cf2684e8 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /layout/generic/nsBlockReflowContext.cpp:306:11
    #39 0x7fc3cf26258d in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3462:11
    #40 0x7fc3cf25f050 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2812:5
    #41 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #42 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #43 0x7fc3cf2684e8 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /layout/generic/nsBlockReflowContext.cpp:306:11
    #44 0x7fc3cf26258d in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3462:11
    #45 0x7fc3cf25f050 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2812:5
    #46 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #47 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #48 0x7fc3cf3e90db in nsLineLayout::ReflowFrame(nsIFrame*, nsReflowStatus&, mozilla::ReflowOutput*, bool&) /layout/generic/nsLineLayout.cpp:923:13
    #49 0x7fc3cf26b7f5 in nsBlockFrame::ReflowInlineFrame(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) /layout/generic/nsBlockFrame.cpp:4157:15
    #50 0x7fc3cf26a4ae in nsBlockFrame::DoReflowInlineFrames(mozilla::BlockReflowInput&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) /layout/generic/nsBlockFrame.cpp:3957:5
    #51 0x7fc3cf264102 in nsBlockFrame::ReflowInlineFrames(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3831:9
    #52 0x7fc3cf25f098 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2815:5
    #53 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #54 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #55 0x7fc3cf242fc6 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:985:14
    #56 0x7fc3cf2ad291 in nsFlexContainerFrame::MeasureAscentAndHeightForFlexItem(nsFlexContainerFrame::FlexItem&, nsPresContext*, mozilla::ReflowInput&) /layout/generic/nsFlexContainerFrame.cpp:1706:3
    #57 0x7fc3cf2b70d0 in nsFlexContainerFrame::SizeItemInCrossAxis(nsPresContext*, nsFlexContainerFrame::FlexboxAxisTracker const&, mozilla::ReflowInput&, nsFlexContainerFrame::FlexItem&) /layout/generic/nsFlexContainerFrame.cpp:4030:5
    #58 0x7fc3cf2b84e8 in nsFlexContainerFrame::DoFlexLayout(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&, int, int, nsTArray<nsFlexContainerFrame::StrutInfo>&, nsFlexContainerFrame::FlexboxAxisTracker const&) /layout/generic/nsFlexContainerFrame.cpp:4493:9
    #59 0x7fc3cf2b78e7 in nsFlexContainerFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsFlexContainerFrame.cpp:4161:3
    #60 0x7fc3cf2465ef in nsAbsoluteContainingBlock::ReflowAbsoluteFrame(nsIFrame*, nsPresContext*, mozilla::ReflowInput const&, nsRect const&, nsAbsoluteContainingBlock::AbsPosReflowFlags, nsIFrame*, nsReflowStatus&, nsOverflowAreas*) /layout/generic/nsAbsoluteContainingBlock.cpp:749:14
    #61 0x7fc3cf243e5c in nsAbsoluteContainingBlock::Reflow(nsContainerFrame*, nsPresContext*, mozilla::ReflowInput const&, nsReflowStatus&, nsRect const&, nsAbsoluteContainingBlock::AbsPosReflowFlags, nsOverflowAreas*) /layout/generic/nsAbsoluteContainingBlock.cpp:167:7
    #62 0x7fc3cf252a3c in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1439:26
    #63 0x7fc3cf242fc6 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:985:14
    #64 0x7fc3cf2ad291 in nsFlexContainerFrame::MeasureAscentAndHeightForFlexItem(nsFlexContainerFrame::FlexItem&, nsPresContext*, mozilla::ReflowInput&) /layout/generic/nsFlexContainerFrame.cpp:1706:3
    #65 0x7fc3cf2acf06 in nsFlexContainerFrame::MeasureFlexItemContentHeight(nsPresContext*, nsFlexContainerFrame::FlexItem&, bool, mozilla::ReflowInput const&) /layout/generic/nsFlexContainerFrame.cpp:1767:5
    #66 0x7fc3cf2ac1f9 in nsFlexContainerFrame::ResolveAutoFlexBasisAndMinSize(nsPresContext*, nsFlexContainerFrame::FlexItem&, mozilla::ReflowInput const&, nsFlexContainerFrame::FlexboxAxisTracker const&) /layout/generic/nsFlexContainerFrame.cpp:1620:9
    #67 0x7fc3cf2aba9c in nsFlexContainerFrame::GenerateFlexItemForChild(nsPresContext*, nsIFrame*, mozilla::ReflowInput const&, nsFlexContainerFrame::FlexboxAxisTracker const&) /layout/generic/nsFlexContainerFrame.cpp:1331:3
    #68 0x7fc3cf2b652e in nsFlexContainerFrame::GenerateFlexLines(nsPresContext*, mozilla::ReflowInput const&, int, int, nsTArray<nsFlexContainerFrame::StrutInfo> const&, nsFlexContainerFrame::FlexboxAxisTracker const&, nsTArray<nsIFrame*>&, mozilla::LinkedList<nsFlexContainerFrame::FlexLine>&) /layout/generic/nsFlexContainerFrame.cpp:3752:14
    #69 0x7fc3cf2b7ddc in nsFlexContainerFrame::DoFlexLayout(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&, int, int, nsTArray<nsFlexContainerFrame::StrutInfo>&, nsFlexContainerFrame::FlexboxAxisTracker const&) /layout/generic/nsFlexContainerFrame.cpp:4356:3
    #70 0x7fc3cf2b78e7 in nsFlexContainerFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsFlexContainerFrame.cpp:4161:3
    #71 0x7fc3cf2684e8 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /layout/generic/nsBlockReflowContext.cpp:306:11
    #72 0x7fc3cf26258d in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3462:11
    #73 0x7fc3cf25f050 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2812:5
    #74 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #75 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #76 0x7fc3cf2684e8 in nsBlockReflowContext::ReflowBlock(mozilla::LogicalRect const&, bool, nsCollapsingMargin&, int, bool, nsLineBox*, mozilla::ReflowInput&, nsReflowStatus&, mozilla::BlockReflowInput&) /layout/generic/nsBlockReflowContext.cpp:306:11
    #77 0x7fc3cf26258d in nsBlockFrame::ReflowBlockFrame(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:3462:11
    #78 0x7fc3cf25f050 in nsBlockFrame::ReflowLine(mozilla::BlockReflowInput&, nsLineList_iterator, bool*) /layout/generic/nsBlockFrame.cpp:2812:5
    #79 0x7fc3cf256882 in nsBlockFrame::ReflowDirtyLines(mozilla::BlockReflowInput&) /layout/generic/nsBlockFrame.cpp:2351:7
    #80 0x7fc3cf251c6a in nsBlockFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsBlockFrame.cpp:1224:3
    #81 0x7fc3cf29181e in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:941:14
    #82 0x7fc3cf290c0f in nsCanvasFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsCanvasFrame.cpp:761:5
    #83 0x7fc3cf29181e in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:941:14
    #84 0x7fc3cf370891 in nsHTMLScrollFrame::ReflowScrolledFrame(mozilla::ScrollReflowInput*, bool, bool, mozilla::ReflowOutput*, bool) /layout/generic/nsGfxScrollFrame.cpp:553:3
    #85 0x7fc3cf3724c5 in nsHTMLScrollFrame::ReflowContents(mozilla::ScrollReflowInput*, mozilla::ReflowOutput const&) /layout/generic/nsGfxScrollFrame.cpp:676:3
    #86 0x7fc3cf375715 in nsHTMLScrollFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/nsGfxScrollFrame.cpp:1053:3
    #87 0x7fc3cf242fc6 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, unsigned int, nsReflowStatus&, nsOverflowContinuationTracker*) /layout/generic/nsContainerFrame.cpp:985:14
    #88 0x7fc3cf24270d in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) /layout/generic/ViewportFrame.cpp:335:7
    #89 0x7fc3cf03b2a3 in mozilla::PresShell::DoReflow(nsIFrame*, bool) /layout/base/PresShell.cpp:8985:11
    #90 0x7fc3cf04b1ce in mozilla::PresShell::ProcessReflowCommands(bool) /layout/base/PresShell.cpp:9158:24
    #91 0x7fc3cf04a264 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /layout/base/PresShell.cpp:4272:11
    #92 0x7fc3cefdb401 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /layout/base/nsRefreshDriver.cpp:1949:16
    #93 0x7fc3cefdf4b8 in nsRefreshDriver::FinishedWaitingForTransaction() /layout/base/nsRefreshDriver.cpp:2177:5
    #94 0x7fc3ca4c2dac in mozilla::layers::ClientLayerManager::DidComposite(unsigned long, mozilla::TimeStamp const&, mozilla::TimeStamp const&) /gfx/layers/client/ClientLayerManager.cpp:532:32
    #95 0x7fc3ce2f451c in mozilla::dom::TabChild::DidComposite(unsigned long, mozilla::TimeStamp const&, mozilla::TimeStamp const&) /dom/ipc/TabChild.cpp:3188:7
    #96 0x7fc3ca5d1ef6 in mozilla::layers::CompositorBridgeChild::RecvDidComposite(unsigned long const&, unsigned long const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&) /gfx/layers/ipc/CompositorBridgeChild.cpp:547:14
    #97 0x7fc3c9297c0b in mozilla::layers::PCompositorBridgeChild::OnMessageReceived(IPC::Message const&) /objdir-ff-ubsan/ipc/ipdl/PCompositorBridgeChild.cpp:1441:20
    #98 0x7fc3c870168f in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /ipc/glue/MessageChannel.cpp:2110:25
    #99 0x7fc3c86ff6b3 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /ipc/glue/MessageChannel.cpp:2040:17
    #100 0x7fc3c87001d4 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /ipc/glue/MessageChannel.cpp:1886:5
    #101 0x7fc3c87008c3 in mozilla::ipc::MessageChannel::MessageTask::Run() /ipc/glue/MessageChannel.cpp:1919:15
    #102 0x7fc3c73334c0 in mozilla::SchedulerGroup::Runnable::Run() /xpcom/threads/SchedulerGroup.cpp:395:25
    #103 0x7fc3c7370301 in nsThread::ProcessNextEvent(bool, bool*) /xpcom/threads/nsThread.cpp:1040:14
    #104 0x7fc3c73ad37a in NS_ProcessNextEvent(nsIThread*, bool) /xpcom/threads/nsThreadUtils.cpp:517:10
    #105 0x7fc3c8708381 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:97:21
    #106 0x7fc3c8567090 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:299:3
    #107 0x7fc3ce981b95 in nsBaseAppShell::Run() /widget/nsBaseAppShell.cpp:157:27
    #108 0x7fc3d4a5a73d in XRE_RunAppShell() /toolkit/xre/nsEmbedFunctions.cpp:873:22
    #109 0x7fc3c87093a8 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:269:9
    #110 0x7fc3c8567090 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:299:3
    #111 0x7fc3d4a59c8e in XRE_InitChildProcess(int, char**, XREChildData const*) /toolkit/xre/nsEmbedFunctions.cpp:699:34
    #112 0x517a89 in content_process_main(mozilla::Bootstrap*, int, char**) /browser/app/../../ipc/contentproc/plugin-container.cpp:63:30
    #113 0x517c32 in main /browser/app/nsBrowserApp.cpp:280:18
    #114 0x7fc3ff3e81c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308
    #115 0x4207a9 in _start (/objdir-ff-ubsan/dist/bin/firefox+0x4207a9)
FYI. Jonathan
Flags: needinfo?(jfkthame)
Whiteboard: [gfx-noted]
Yep; we're expecting there to be a new graphite release Real Soon Now, at which point we'll pull it into mozilla-central.
Flags: needinfo?(jfkthame)
Depends on: 1443095
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60: affectedfixed
status-firefox61: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.