New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 364222 link

Starred by 3 users

Issue metadata

Status: Duplicate
Merged: issue 344300
Owner: ----
Closed: Apr 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

REM units in a CSS Transformation within an animation on a psuedo-element kills chromium

Reported by oph...@gmail.com, Apr 16 2014

Issue description

Chrome Version       : 	34.0.1847.116 (Official Build 260972) m
URLs (if applicable) :  http://codepen.io/OpherV/pen/xsemw
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
  Firefox 20: OK
  IE 9/10/11: OK

What steps will reproduce the problem?
1. Go to http://codepen.io/OpherV/pen/xsemw - relevant code to reproduce is there

Or

Use this CSS:


@-webkit-keyframes crashChrome {
		0%{ -webkit-transform: translateX(0rem);}	
}


.anim:before{
    content: "";    
    width: 3rem;
    height: 3rem;
    border-radius: 3rem;      
    position: absolute;
    left:5rem;  
    top: 5rem;
	    background-color: #06839f;  
  
	    -webkit-animation: crashChrome;  
}


with this HTML
<div class="anim"></div>


What is the expected result?
Chromium should render CSS properly

What happens instead?
Chrome crashes

 

Comment 1 by oph...@gmail.com, Apr 16 2014

Using PX units instead of REM in the transformation does not cause the crash
Cc: tasak@chromium.org eseidel@chromium.org
Labels: M-34 Cr-Blink-CSS
Status: Untriaged
Able to repro the crash on win8 chrome version 34.0.1847.116 with Crash ID 8bad5a6f15347acd

This is working fine on latest canary 36.0.1941.2 (Official Build 263931) and 35.0.1916.47 (Official Build 264041) m

Seems this issue got fixed in latest versions of chrome. COuld you please wait until Beta pushes to stable version.

eseidel@, Please let us know if further bisect is needed on the same.
Labels: Stability-Crash
Please find the stack Trace

Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x0000001c] MAGIC SIGNATURE THREAD
0x5c62f629	[chrome_child.dll -cssprimitivevalue.cpp:612 ]	WebCore::CSSPrimitiveValue::computeLengthDouble(WebCore::CSSToLengthConversionData const &)
0x5c62f4b5	[chrome_child.dll -cssprimitivevalue.cpp:564 ]	WebCore::CSSPrimitiveValue::computeLength<WebCore::Length>(WebCore::CSSToLengthConversionData const &)
0x5c8189a7	[chrome_child.dll -cssprimitivevaluemappings.h:4273 ]	WebCore::CSSPrimitiveValue::convertToLength<5>(WebCore::CSSToLengthConversionData const &)
0x5c82e96a	[chrome_child.dll -transformbuilder.cpp:175 ]	WebCore::TransformBuilder::createTransformOperations(WebCore::CSSValue *,WebCore::CSSToLengthConversionData const &,WebCore::TransformOperations &)
0x5c8168dd	[chrome_child.dll -stylebuildercustom.cpp:1391 ]	WebCore::StyleBuilder::oldApplyProperty(WebCore::CSSPropertyID,WebCore::StyleResolverState &,WebCore::CSSValue *,bool,bool)
0x5c625210	[chrome_child.dll -stylebuildercustom.cpp:1134 ]	WebCore::StyleBuilder::applyProperty(WebCore::CSSPropertyID,WebCore::StyleResolverState &,WebCore::CSSValue *)
0x5c62a9f7	[chrome_child.dll -styleresolver.cpp:1212 ]	WebCore::StyleResolver::applyProperties<2>(WebCore::StyleResolverState &,WebCore::StylePropertySet const *,WebCore::StyleRule *,bool,bool,WebCore::PropertyWhitelistType)
0x5c62a8a1	[chrome_child.dll -styleresolver.cpp:1238 ]	WebCore::StyleResolver::applyMatchedProperties<2>(WebCore::StyleResolverState &,WebCore::MatchResult const &,bool,int,int,bool)
0x5cc15f0a	[chrome_child.dll -styleresolver.cpp:783 ]	WebCore::StyleResolver::styleForKeyframe(WebCore::Element *,WebCore::RenderStyle const &,WebCore::RenderStyle *,WebCore::StyleKeyframe const *,WTF::AtomicString const &)
0x5ccb356a	[chrome_child.dll -cssanimations.cpp:116 ]	WebCore::`anonymous namespace'::resolveKeyframes
0x5c81a62c	[chrome_child.dll -cssanimations.cpp:411 ]	WebCore::CSSAnimations::calculateAnimationUpdate(WebCore::CSSAnimationUpdate *,WebCore::Element *,WebCore::Element const &,WebCore::RenderStyle const &,WebCore::RenderStyle *,WebCore::StyleResolver *)
0x5c81a1b3	[chrome_child.dll -cssanimations.cpp:351 ]	WebCore::CSSAnimations::calculateUpdate(WebCore::Element *,WebCore::Element const &,WebCore::RenderStyle const &,WebCore::RenderStyle *,WebCore::StyleResolver *)
0x5c62cfa6	[chrome_child.dll -styleresolver.cpp:1081 ]	WebCore::StyleResolver::applyAnimatedProperties(WebCore::StyleResolverState &,WebCore::Element *)
0x5c761e08	[chrome_child.dll -styleresolver.cpp:904 ]	WebCore::StyleResolver::pseudoStyleForElementInternal(WebCore::Element &,WebCore::PseudoStyleRequest const &,WebCore::RenderStyle *,WebCore::StyleResolverState &)
0x5c63332d	[chrome_child.dll -styleresolver.cpp:841 ]	WebCore::StyleResolver::createPseudoElementIfNeeded(WebCore::Element &,WebCore::PseudoId)
0x5c633189	[chrome_child.dll -element.cpp:2758 ]	WebCore::Element::createPseudoElementIfNeeded(WebCore::PseudoId)
0x5c6306f6	[chrome_child.dll -element.cpp:1408 ]	WebCore::Element::attach(WebCore::Node::AttachContext const &)
0x5c5ea68f	[chrome_child.dll -containernode.h:194 ]	WebCore::ContainerNode::attachChildren(WebCore::Node::AttachContext const &)
0x5c63074c	[chrome_child.dll -element.cpp:1418 ]	WebCore::Element::attach(WebCore::Node::AttachContext const &)
0x5c5ea68f	[chrome_child.dll -containernode.h:194 ]	WebCore::ContainerNode::attachChildren(WebCore::Node::AttachContext const &)
0x5c63074c	[chrome_child.dll -element.cpp:1418 ]	WebCore::Element::attach(WebCore::Node::AttachContext const &)
0x5c62ff90	[chrome_child.dll -element.cpp:1598 ]	WebCore::Element::recalcOwnStyle(WebCore::StyleRecalcChange)
0x5c62fe6f	[chrome_child.dll -element.cpp:1565 ]	WebCore::Element::recalcStyle(WebCore::StyleRecalcChange,WebCore::Text *)
0x5c6003f4	[chrome_child.dll -document.cpp:1793 ]	WebCore::Document::updateStyle(WebCore::StyleRecalcChange)
0x5c60009c	[chrome_child.dll -document.cpp:4448 ]	WebCore::Document::finishedParsing()
0x5c5fff59	[chrome_child.dll -htmldocumentparser.cpp:762 ]	WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
0x5c5f167f	[chrome_child.dll -htmldocumentparser.cpp:194 ]	WebCore::HTMLDocumentParser::prepareToStopParsing()
0x5c73250f	[chrome_child.dll -htmldocumentparser.cpp:444 ]	WebCore::HTMLDocumentParser::processParsedChunkFromBackgroundParser(WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)
0x5c732112	[chrome_child.dll -htmldocumentparser.cpp:474 ]	WebCore::HTMLDocumentParser::pumpPendingSpeculations()
0x5c731da5	[chrome_child.dll -htmldocumentparser.cpp:317 ]	WebCore::HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser(WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)
0x5c731c9b	[chrome_child.dll -functional.h:210 ]	WTF::FunctionWrapper<void ( WebCore::HTMLDocumentParser::*)(WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)>::operator()(WTF::WeakPtr<WebCore::HTMLDocumentParser> const &,WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)
0x5c731c36	[chrome_child.dll -functional.h:420 ]	WTF::BoundFunctionImpl<WTF::FunctionWrapper<void ( WebCore::HTMLDocumentParser::*)(WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)>,void (WTF::WeakPtr<WebCore::HTMLDocumentParser>,WTF::PassOwnPtr<WebCore::HTMLDocumentParser::ParsedChunk>)>::operator()()
0x5c7315de	[chrome_child.dll -mainthread.cpp:62 ]	WTF::callFunctionObject
0x5c52a152	[chrome_child.dll -bind_internal.h:1169 ]	base::internal::Invoker<1,base::internal::BindState<base::internal::RunnableAdapter<void (*)(void const *)>,void (void const *),void (void const *)>,void (void const *)>::Run(base::internal::BindStateBase *)
0x5c524d62	[chrome_child.dll -message_loop.cc:447 ]	base::MessageLoop::RunTask(base::PendingTask const &)
0x5c5248f1	[chrome_child.dll -message_loop.cc:573 ]	base::MessageLoop::DoWork()
0x5c526b4b	[chrome_child.dll -message_pump_default.cc:32 ]	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x5c524546	[chrome_child.dll -message_loop.cc:397 ]	base::MessageLoop::RunHandler()
0x5c52449d	[chrome_child.dll -run_loop.cc:49 ]	base::RunLoop::Run()
0x5c524446	[chrome_child.dll -message_loop.cc:290 ]	base::MessageLoop::Run()
0x5c590b78	[chrome_child.dll -renderer_main.cc:249 ]	content::RendererMain(content::MainFunctionParams const &)
0x5c51d944	[chrome_child.dll -content_main_runner.cc:474 ]	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x5c51d8a8	[chrome_child.dll -content_main_runner.cc:794 ]	content::ContentMainRunnerImpl::Run()
0x5c50b3ce	[chrome_child.dll -content_main.cc:35 ]	content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x5c50ae13	[chrome_child.dll -chrome_main.cc:33 ]	ChromeMain
0x00c56dfa	[chrome.exe -client_util.cc:283 ]	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00c562e1	[chrome.exe -chrome_exe_main_win.cc:68 ]	`anonymous namespace'::RunChrome(HINSTANCE__ *)
0x00c56369	[chrome.exe -chrome_exe_main_win.cc:142 ]	wWinMain
0x00c7744a	[chrome.exe -crt0.c:275 ]	__tmainCRTStartup
0x751d850c	[kernel32.dll + 0x0002850c ]	BaseThreadInitThunk
0x770bbf38	[ntdll.dll + 0x0005bf38 ]	__RtlUserThreadStart
0x770bbf0b	[ntdll.dll + 0x0005bf0b ]	_RtlUserThreadStart
Cc: alancutter@chromium.org
Alan would know who to talk to.

Comment 5 by timloh@chromium.org, Apr 22 2014

Mergedinto: 344300
Status: Duplicate
We decided this wouldn't be common enough to merge into 34.

Sign in to add a comment