The attached testcase causes a panic in m-c rev 20170922-5a63d8457a2a thread '<unnamed>' panicked at 'dtoa may have changed its buffer size', /builds/worker/workspace/build/src/third_party/rust/dtoa-short/src/lib.rs:71 #0: mozalloc_abort, at memory/mozalloc/mozalloc_abort.cpp:33 #1: abort, at memory/mozalloc/mozalloc_abort.cpp:80 #2: panic_abort::__rust_start_panic, at src/libpanic_abort/lib.rs:61 #3: std::panicking::rust_panic, at src/libstd/panicking.rs:580 #4: std::panicking::rust_panic_with_hook, at src/libstd/panicking.rs:565 #5: std::panicking::begin_panic<&str>, at src/libstd/panicking.rs:511 #6: dtoa_short::restrict_prec, at third_party/rust/dtoa-short/src/lib.rs:71 #7: dtoa_short::write_with_prec<collections::string::String,f32>, at third_party/rust/dtoa-short/src/lib.rs:64 #8: cssparser::serializer::write_numeric<collections::string::String>, at third_party/rust/cssparser/src/serializer.rs:44 #9: cssparser::serializer::{{impl}}::to_css<collections::string::String>, at third_party/rust/cssparser/src/serializer.rs:84 #10: cssparser::serializer::ToCss::to_css_string<cssparser::tokenizer::Token>, at third_party/rust/cssparser/src/serializer.rs:26 #11: geckoservo::error_reporter::ErrorString::into_str, at servo/ports/geckolib/error_reporter.rs:56 #12: geckoservo::error_reporter::{{impl}}::report_error::{{closure}}, at servo/ports/geckolib/error_reporter.rs:349 #13: core::option::Option<geckoservo::error_reporter::ErrorString>::map<geckoservo::error_reporter::ErrorString,cssparser::cow_rc_str::CowRcStr,closure>, at src/libcore/option.rs:398 #14: geckoservo::error_reporter::{{impl}}::report_error, at servo/ports/geckolib/error_reporter.rs:349 #15: style::parser::ParserContext::log_css_error<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/parser.rs:131 #16: style::properties::declaration_block::parse_property_declaration_list<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/properties/declaration_block.rs:1086 #17: style::stylesheets::rule_parser::{{impl}}::parse_block<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/stylesheets/rule_parser.rs:583 #18: style::stylesheets::rule_parser::{{impl}}::parse_block<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/stylesheets/rule_parser.rs:298 #19: cssparser::rules_and_declarations::parse_qualified_rule::{{closure}}<style::stylesheets::rule_parser::TopLevelRuleParser<geckoservo::error_reporter::ErrorReporter>,selectors::parser::SelectorParseError<style_traits::StyleParseError>>, at third_party/rust/cssparser/src/rules_and_declarations.rs:525 #20: cssparser::parser::Parser::parse_entirely<closure,style::stylesheets::CssRule,selectors::parser::SelectorParseError<style_traits::StyleParseError>>, at third_party/rust/cssparser/src/parser.rs:472 #21: cssparser::parser::parse_nested_block<closure,style::stylesheets::CssRule,selectors::parser::SelectorParseError<style_traits::StyleParseError>>, at third_party/rust/cssparser/src/parser.rs:857 #22: cssparser::rules_and_declarations::parse_qualified_rule<style::stylesheets::rule_parser::TopLevelRuleParser<geckoservo::error_reporter::ErrorReporter>,selectors::parser::SelectorParseError<style_traits::StyleParseError>>, at third_par ty/rust/cssparser/src/rules_and_declarations.rs:525 #23: cssparser::rules_and_declarations::{{impl}}::next<style::stylesheets::CssRule,style::stylesheets::rule_parser::TopLevelRuleParser<geckoservo::error_reporter::ErrorReporter>,selectors::parser::SelectorParseError<style_traits::StylePars eError>>, at third_party/rust/cssparser/src/rules_and_declarations.rs:378 #24: style::stylesheets::stylesheet::Stylesheet::parse_rules<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/stylesheets/stylesheet.rs:387 #25: style::stylesheets::stylesheet::StylesheetContents::from_str<geckoservo::error_reporter::ErrorReporter>, at servo/components/style/stylesheets/stylesheet.rs:83 #26: geckoservo::glue::Servo_StyleSheet_FromUTF8Bytes, at servo/ports/geckolib/glue.rs:920 #27: mozilla::ServoStyleSheet::ParseSheet, at layout/style/ServoStyleSheet.cpp:213 #28: mozilla::css::Loader::ParseSheet, at layout/style/Loader.cpp:1653 #29: mozilla::css::Loader::LoadInlineStyle, at layout/style/Loader.cpp:1912 #30: nsStyleLinkElement::DoUpdateStyleSheet, at dom/base/nsStyleLinkElement.cpp:551 #31: nsStyleLinkElement::UpdateStyleSheet, at dom/base/nsStyleLinkElement.cpp:336 #32: nsHtml5DocumentBuilder::UpdateStyleSheet, at parser/html/nsHtml5DocumentBuilder.cpp:85 #33: nsHtml5TreeOperation::Perform, at parser/html/nsHtml5TreeOperation.cpp:959 #34: nsHtml5TreeOpExecutor::RunFlushLoop, at parser/html/nsHtml5TreeOpExecutor.cpp:461 #35: nsHtml5ExecutorFlusher::Run, at parser/html/nsHtml5StreamParser.cpp:130 #36: mozilla::SchedulerGroup::Runnable::Run, at xpcom/threads/SchedulerGroup.cpp:396 #37: nsThread::ProcessNextEvent, at xpcom/threads/nsThread.cpp:1039 #38: NS_ProcessNextEvent, at xpcom/threads/nsThreadUtils.cpp:521 #39: mozilla::ipc::MessagePump::Run, at ipc/glue/MessagePump.cpp:125 #40: MessageLoop::RunInternal, at ipc/chromium/src/base/message_loop.cc:326 #41: MessageLoop::Run, at ipc/chromium/src/base/message_loop.cc:319 #42: nsBaseAppShell::Run, at widget/nsBaseAppShell.cpp:158 #43: XRE_RunAppShell, at toolkit/xre/nsEmbedFunctions.cpp:880 #44: mozilla::ipc::MessagePumpForChildProcess::Run, at ipc/glue/MessagePump.cpp:269 #45: MessageLoop::RunInternal, at ipc/chromium/src/base/message_loop.cc:326 #46: MessageLoop::Run, at ipc/chromium/src/base/message_loop.cc:319 #47: XRE_InitChildProcess, at toolkit/xre/nsEmbedFunctions.cpp:705 #48: content_process_main, at ipc/contentproc/plugin-container.cpp:63 #49: main, at browser/app/nsBrowserApp.cpp:285 #50: libc-2.26.so+0x20f6a #51: MOZ_ReportAssertionFailure, at mfbt/Assertions.h:165

INFO: Last good revision: fc5fc58f42a3ebab01c6e83901a2dde2435b0933 INFO: First bad revision: 61598569fcdf491c5ccbf24aa59683dc5e0e958e INFO: Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=fc5fc58f42a3ebab01c6e83901a2dde2435b0933&tochange=61598569fcdf491c5ccbf24aa59683dc5e0e958e

dtoa has *not* changed the buffer size, but this seems to be a bug in dtoa-short. Can be repro'd with ``` extern crate dtoa_short; fn main() { let f = -8192e17f32; let mut dest = "".to_owned(); let res = dtoa_short::write(&mut dest, f); println!("{:?} {:?}", dest, res); } ```

https://github.com/upsuper/dtoa-short/pull/2 should probably set up fuzz scripts for dtoa and other crates

Comment on attachment 8911343 [details] Bug 1402419 - Update dtoa-short ; https://reviewboard.mozilla.org/r/182818/#review188054 ::: commit-message-97282:1 (Diff revision 1) > +Bug 1402419 - Update dtoa ; r?xidorn dtoa-short. and you need a revendor

ah. revendor is automatic

Comment on attachment 8911344 [details] Bug 1402419 - Add crashtest ; https://reviewboard.mozilla.org/r/182820/#review188056

Comment on attachment 8911343 [details] Bug 1402419 - Update dtoa-short ; https://reviewboard.mozilla.org/r/182818/#review188058 I still think you should revendor here, though.

Comment on attachment 8911353 [details] Bug 1402419 - Revendor deps; https://reviewboard.mozilla.org/r/182832/#review188060

Pushed by manishearth@gmail.com: https://hg.mozilla.org/integration/autoland/rev/acd13a6b018c Update dtoa-short ; r=xidorn https://hg.mozilla.org/integration/autoland/rev/115aa813430b Add crashtest ; r=xidorn

https://hg.mozilla.org/mozilla-central/rev/acd13a6b018c https://hg.mozilla.org/mozilla-central/rev/115aa813430b

Please request Beta approval on this when you get a chance.

I'm not sure whether it's worth a beta uplift, actually... it is just a debug_assert which doesn't cause any harm even if violated. But maybe it isn't too troublesome to do beta uplift for such thing either :)

Yeah, it's not safety or correctness related, it's a future-proofing debug assert that happened to be incorrect. The crate still works fine with the assert violated.