==73848==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7fbcf95a46a7 bp 0x7ffe9709cfd0 sp 0x7ffe9709cee0 T0) ==73848==The signal is caused by a READ memory access. ==73848==Hint: address points to the zero page. #0 0x7fbcf95a46a6 in get /src/obj-firefox/dist/include/nsCOMPtr.h:780:48 #1 0x7fbcf95a46a6 in operator nsIContent * /src/obj-firefox/dist/include/nsCOMPtr.h:788 #2 0x7fbcf95a46a6 in GetContent /src/layout/generic/nsIFrame.h:761 #3 0x7fbcf95a46a6 in mozilla::SVGGeometryFrame::GetCanvasTM() /src/layout/svg/SVGGeometryFrame.cpp:688 #4 0x7fbcf9630247 in nsSVGMarkerFrame::GetCanvasTM() /src/layout/svg/nsSVGMarkerFrame.cpp:81:38 #5 0x7fbcf964b3f2 in nsSVGUtils::GetCanvasTM(nsIFrame*) /src/layout/svg/nsSVGUtils.cpp:410:28 #6 0x7fbcf95f554a in nsFilterInstance::GetPreFilterNeededArea(nsIFrame*, nsRegion const&) /src/layout/svg/nsFilterInstance.cpp:134:18 #7 0x7fbcf9626228 in nsSVGIntegrationUtils::GetRequiredSourceForInvalidArea(nsIFrame*, nsRect const&) /src/layout/svg/nsSVGIntegrationUtils.cpp:379:10 #8 0x7fbcf9255160 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /src/layout/generic/nsFrame.cpp:2844:7 #9 0x7fbcf9182f07 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3678:12 #10 0x7fbcf921262d in nsContainerFrame::BuildDisplayListForNonBlockChildren(nsDisplayListBuilder*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsContainerFrame.cpp:382:5 #11 0x7fbcf9183bb1 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3744:14 #12 0x7fbcf921262d in nsContainerFrame::BuildDisplayListForNonBlockChildren(nsDisplayListBuilder*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsContainerFrame.cpp:382:5 #13 0x7fbcf963a96c in nsSVGOuterSVGFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/svg/nsSVGOuterSVGFrame.cpp:789:5 #14 0x7fbcf9257c3a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /src/layout/generic/nsFrame.cpp:2974:5 #15 0x7fbcf9182f07 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3678:12 #16 0x7fbcf91df355 in DisplayLine(nsDisplayListBuilder*, nsRect const&, nsLineList_iterator&, int, int&, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int) /src/layout/generic/nsBlockFrame.cpp:6665:13 #17 0x7fbcf91dcfc0 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/generic/nsBlockFrame.cpp:6760:7 #18 0x7fbcf9257c3a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /src/layout/generic/nsFrame.cpp:2974:5 #19 0x7fbcf9182f07 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3678:12 #20 0x7fbcf91df355 in DisplayLine(nsDisplayListBuilder*, nsRect const&, nsLineList_iterator&, int, int&, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int) /src/layout/generic/nsBlockFrame.cpp:6665:13 #21 0x7fbcf91dcfc0 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/generic/nsBlockFrame.cpp:6760:7 #22 0x7fbcf9257c3a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /src/layout/generic/nsFrame.cpp:2974:5 #23 0x7fbcf9182f07 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3678:12 #24 0x7fbcf92025ac in nsCanvasFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/generic/nsCanvasFrame.cpp:605:5 #25 0x7fbcf9183bb1 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3744:14 #26 0x7fbcf93001a2 in mozilla::ScrollFrameHelper::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/generic/nsGfxScrollFrame.cpp:3574:15 #27 0x7fbcf91815db in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, unsigned int) /src/layout/generic/nsFrame.cpp:3486:12 #28 0x7fbcf917f383 in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) /src/layout/generic/ViewportFrame.cpp:66:5 #29 0x7fbcf9257c3a in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) /src/layout/generic/nsFrame.cpp:2974:5 #30 0x7fbcf98e468e in RetainedDisplayListBuilder::AttemptPartialUpdate(unsigned int) /src/layout/painting/RetainedDisplayListBuilder.cpp:842:38 #31 0x7fbcf90a233e in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /src/layout/base/nsLayoutUtils.cpp:3863:35 #32 0x7fbcf8f87634 in mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) /src/layout/base/PresShell.cpp:6505:5 #33 0x7fbcf86d259a in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /src/view/nsViewManager.cpp:480:19 #34 0x7fbcf86d109c in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /src/view/nsViewManager.cpp:412:33 #35 0x7fbcf86d4fb6 in nsViewManager::ProcessPendingUpdates() /src/view/nsViewManager.cpp:1102:5 #36 0x7fbcf8ecfd53 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:2027:11 #37 0x7fbcf8edc37f in TickDriver /src/layout/base/nsRefreshDriver.cpp:336:13 #38 0x7fbcf8edc37f in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /src/layout/base/nsRefreshDriver.cpp:306 #39 0x7fbcf8edbf46 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:328:5 #40 0x7fbcf8ede7be in RunRefreshDrivers /src/layout/base/nsRefreshDriver.cpp:769:5 #41 0x7fbcf8ede7be in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:682 #42 0x7fbcf8ede3be in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:583:9 #43 0x7fbcf97cb15f in mozilla::layout::VsyncChild::RecvNotify(mozilla::TimeStamp const&) /src/layout/ipc/VsyncChild.cpp:68:16 #44 0x7fbcf28978f0 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) /src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:155:20 #45 0x7fbcf27491e8 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:1812:28 #46 0x7fbcf235c03e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /src/ipc/glue/MessageChannel.cpp:2110:25 #47 0x7fbcf23590b7 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /src/ipc/glue/MessageChannel.cpp:2040:17 #48 0x7fbcf235a7bc in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /src/ipc/glue/MessageChannel.cpp:1886:5 #49 0x7fbcf235ae18 in mozilla::ipc::MessageChannel::MessageTask::Run() /src/ipc/glue/MessageChannel.cpp:1919:15 #50 0x7fbcf14cbfae in nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1033:14 #51 0x7fbcf14e7d30 in NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:508:10 #52 0x7fbcf236415a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:97:21 #53 0x7fbcf22bb1e9 in RunInternal /src/ipc/chromium/src/base/message_loop.cc:326:10 #54 0x7fbcf22bb1e9 in RunHandler /src/ipc/chromium/src/base/message_loop.cc:319 #55 0x7fbcf22bb1e9 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:299 #56 0x7fbcf875baba in nsBaseAppShell::Run() /src/widget/nsBaseAppShell.cpp:157:27 #57 0x7fbcfce72f6b in XRE_RunAppShell() /src/toolkit/xre/nsEmbedFunctions.cpp:865:22 #58 0x7fbcf22bb1e9 in RunInternal /src/ipc/chromium/src/base/message_loop.cc:326:10 #59 0x7fbcf22bb1e9 in RunHandler /src/ipc/chromium/src/base/message_loop.cc:319 #60 0x7fbcf22bb1e9 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:299 #61 0x7fbcfce7295d in XRE_InitChildProcess(int, char**, XREChildData const*) /src/toolkit/xre/nsEmbedFunctions.cpp:691:34 #62 0x4ee9f5 in content_process_main /src/browser/app/../../ipc/contentproc/plugin-container.cpp:63:30 #63 0x4ee9f5 in main /src/browser/app/nsBrowserApp.cpp:280 #64 0x7fbd0ff9382f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #65 0x41e078 in _start (firefox+0x41e078)

really shouldn't build display lists for markers (or any non-display elements). Presumably this should be a memory win too.

I guess the BuildDisplayList overrides like: https://dxr.mozilla.org/mozilla-central/rev/6ff60a083701d08c52702daf50f28e8f46ae3a1c/layout/svg/nsSVGMarkerFrame.h#57 aren't enough then. :/ There are a lot of callers of BuildDisplayListForChild, so it looks like it would be better to add this check inside that method.

I guess the markerFrame overrides could be removed in a followup patch as they are likely dead code now.

Comment on attachment 8962170 [details] [diff] [review] address review comment Review of attachment 8962170 [details] [diff] [review]: ----------------------------------------------------------------- Sorry for the tariness, and thanks for this.

Pushed by longsonr@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/3d0b8735586f Don't build display lists for NONDISPLAY content. r=jwatt