Closed Bug 1399941 Opened 8 years ago Closed 8 years ago

stylo: thread '<unnamed>' panicked at 'attempt to multiply with overflow', servo/components/style/gecko/media_queries.rs:732:17

Categories

(Core :: CSS Parsing and Computation, defect, P2)

Product:
Core
Component:
CSS Parsing and Computation
Version:
57 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- unaffected
firefox56 --- unaffected
firefox57 + fixed

People

(Reporter: bc, Assigned: bradwerth)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(2 files, 1 obsolete file)

Windows Debug Log
122.31 KB, text/plain
Details
Bug 1399941 Part 2: Add more aspect-ratios to a test of media queries, testing for overflow.
59 bytes, text/x-review-board-request
emilio
: review+
Details
Attached file Windows Debug Log
[Tracking Requested - why for this release]: stylo debug panic 1. https://chitranj.standardchess.com/play.html 2. thread '<unnamed>' panicked at 'attempt to multiply with overflow', /mozilla/builds/nightly/mozilla/servo/components/style/gecko/media_queries.rs:732:17 Nightly 57 Windows and Linux.
The big numbers in the integer ratio media queries are causing a multiplication overflow in our optimized ratio comparison. I'll change it to attempt the multiplication with overflow detection on, and if overflow occurs, instead do a slower test that calculates the ratios and compares them directly.
Assignee: nobody → bwerth
Thanks Brad!
Priority: -- → P2
(In reply to Brad Werth [:bradwerth] from comment #1) > The big numbers in the integer ratio media queries are causing a > multiplication overflow in our optimized ratio comparison. I'll change it to > attempt the multiplication with overflow detection on, and if overflow > occurs, instead do a slower test that calculates the ratios and compares > them directly. I worked up a solution that did this (checking for div by zero, etc.) and it was super-ugly Rust. Then I realized that the u32 values could be cast to u64s, making the existing multiplication safe. Attachment 8908365 [details] follows this approach. Also created some tests.
Attachment #8908365 - Flags: review?(emilio)
Attachment #8908366 - Flags: review?(emilio)
Comment on attachment 8908365 [details] Bug 1399941 Part 1: Prevent aspect-ratio media queries from causing multiplication overflow by extending values to u64. https://reviewboard.mozilla.org/r/179986/#review185226 r=me with the nits addressed. ::: servo/components/style/gecko/media_queries.rs:734 (Diff revision 1) > (&BoolInteger(one), &BoolInteger(ref other)) => one.cmp(other), > (&Float(one), &Float(ref other)) => one.partial_cmp(other).unwrap(), > (&IntRatio(one_num, one_den), &IntRatio(other_num, other_den)) => { > - (one_num * other_den).partial_cmp(&(other_num * one_den)).unwrap() > + // Large u32s may overflow in multiplication, so we up them > + // to u64s. This is safe because u32 max ^ 2 < u64 max. > + debug_assert!((<u32>::max_value() as u64) ^ 2 < <u64>::max_value()); There's no need to waste cycles in debug builds to know this is true, please remove. A comment saying something like: ``` // Extend to avoid overflow. ``` May be enough. ::: servo/components/style/gecko/media_queries.rs:735 (Diff revision 1) > (&Float(one), &Float(ref other)) => one.partial_cmp(other).unwrap(), > (&IntRatio(one_num, one_den), &IntRatio(other_num, other_den)) => { > - (one_num * other_den).partial_cmp(&(other_num * one_den)).unwrap() > + // Large u32s may overflow in multiplication, so we up them > + // to u64s. This is safe because u32 max ^ 2 < u64 max. > + debug_assert!((<u32>::max_value() as u64) ^ 2 < <u64>::max_value()); > + (one_num as u64 * other_den as u64).partial_cmp( While you're here, looks weird that this is using `partial_cmp(..).unwrap()` This can definitely use: (one_num as u64 * other_den as u64).cmp(&(other_num as u64 * one_den as u64))
Attachment #8908365 - Flags: review?(emilio) → review+
Comment on attachment 8908366 [details] Bug 1399941 Part 2: Add more aspect-ratios to a test of media queries, testing for overflow. https://reviewboard.mozilla.org/r/179988/#review185228 These are unnecessary. They're testing servo code, to begin with (because that's what test-unit tests with), and Servo and Gecko code for media-query parsing and evaluation is radically different. Also, servo doesn't support aspect-ratio media queries, so you're effectively just testing the behavior of parsing an invalid MediaList. Please add either a crashtest in Gecko, or a test to a style test like `test_media_queries.html`.
Attachment #8908366 - Flags: review?(emilio) → review-
Comment on attachment 8908366 [details] Bug 1399941 Part 2: Add more aspect-ratios to a test of media queries, testing for overflow. https://reviewboard.mozilla.org/r/179988/#review185626
Attachment #8908366 - Flags: review?(emilio) → review+
Attachment #8908365 - Attachment is obsolete: true
Brad, did this land?
Flags: needinfo?(bwerth)
(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #14) > Brad, did this land? Servo fix has landed; Gecko tests have not landed yet.
Flags: needinfo?(bwerth)
Pushed by bwerth@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c89b96997d04 Part 2: Add more aspect-ratios to a test of media queries, testing for overflow. r=emilio
https://hg.mozilla.org/mozilla-central/rev/c89b96997d04
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox57: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: