Issue 613881 link

Starred by 4 users

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Oct 2016
Cc:	kojii@chromium.org
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	3
Type:	Bug

FATAL:BreakingContextInlineHeaders.h(624)] Check failed: m_width.fitsOnLine(rect.width() - 1).

Project Member Reported by ukai@chromium.org, May 23 2016

Issue description

Version: 53.0.2746.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux

What steps will reproduce the problem?
(1) go to https://google.kenpo.or.jp
(2) redirected to https://google.kenpo.or.jp/vc/google-kenpo/index.jsp
(3)

What is the expected output?

What do you see instead?
[1:1:0523/102316:FATAL:BreakingContextInlineHeaders.h(624)] Check failed: m_width.fitsOnLine(rect.width() - 1).
#0 0x7ffff7c8a88e base::debug::StackTrace::StackTrace()
#1 0x7ffff7cab17b logging::LogMessage::~LogMessage()
#2 0x7fffead18a88 blink::BreakingContext::handleText()
#3 0x7fffead14e95 blink::LineBreaker::nextLineBreak()
#4 0x7fffeac0c814 blink::LayoutBlockFlow::layoutRunsAndFloatsInRange()
#5 0x7fffeac0af9c blink::LayoutBlockFlow::layoutRunsAndFloats()
#6 0x7fffeac0fc97 blink::LayoutBlockFlow::layoutInlineChildren()
#7 0x7fffeabf7423 blink::LayoutBlockFlow::layoutBlockFlow()
#8 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#9 0x7fffeabe9c49 blink::LayoutBlock::layout()
#10 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#11 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#12 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#13 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#14 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#15 0x7fffeabe9c49 blink::LayoutBlock::layout()
#16 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#17 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#18 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#19 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#20 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#21 0x7fffeabe9c49 blink::LayoutBlock::layout()
#22 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#23 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#24 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#25 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#26 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#27 0x7fffeabe9c49 blink::LayoutBlock::layout()
#28 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#29 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#30 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#31 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#32 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#33 0x7fffeabe9c49 blink::LayoutBlock::layout()
#34 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#35 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#36 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#37 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#38 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#39 0x7fffeabe9c49 blink::LayoutBlock::layout()
#40 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#41 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#42 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#43 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#44 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#45 0x7fffeabe9c49 blink::LayoutBlock::layout()
#46 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#47 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#48 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#49 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#50 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#51 0x7fffeabe9c49 blink::LayoutBlock::layout()
#52 0x7fffeac0f8b1 blink::LayoutBlockFlow::layoutInlineChildren()
#53 0x7fffeabf7423 blink::LayoutBlockFlow::layoutBlockFlow()
#54 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#55 0x7fffeabe9c49 blink::LayoutBlock::layout()
#56 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#57 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#58 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#59 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#60 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#61 0x7fffeabe9c49 blink::LayoutBlock::layout()

Received signal 6
#0 0x7ffff7c8a417 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#1 0x7ffff01c7340 <unknown>
#2 0x7fffeeb89cc9 gsignal
#3 0x7fffeeb8d0d8 abort
#4 0x7ffff7c88d32 base::debug::BreakDebugger()
#5 0x7ffff7cab43a logging::LogMessage::~LogMessage()
#6 0x7fffead18a88 blink::BreakingContext::handleText()
#7 0x7fffead14e95 blink::LineBreaker::nextLineBreak()
#8 0x7fffeac0c814 blink::LayoutBlockFlow::layoutRunsAndFloatsInRange()
#9 0x7fffeac0af9c blink::LayoutBlockFlow::layoutRunsAndFloats()
#10 0x7fffeac0fc97 blink::LayoutBlockFlow::layoutInlineChildren()
#11 0x7fffeabf7423 blink::LayoutBlockFlow::layoutBlockFlow()
#12 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#13 0x7fffeabe9c49 blink::LayoutBlock::layout()
#14 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#15 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#16 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#17 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#18 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#19 0x7fffeabe9c49 blink::LayoutBlock::layout()
#20 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#21 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#22 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#23 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#24 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#25 0x7fffeabe9c49 blink::LayoutBlock::layout()
#26 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#27 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#28 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#29 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#30 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#31 0x7fffeabe9c49 blink::LayoutBlock::layout()
#32 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#33 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#34 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#35 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#36 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#37 0x7fffeabe9c49 blink::LayoutBlock::layout()
#38 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#39 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#40 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#41 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#42 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#43 0x7fffeabe9c49 blink::LayoutBlock::layout()
#44 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#45 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#46 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#47 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#48 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#49 0x7fffeabe9c49 blink::LayoutBlock::layout()
#50 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#51 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
#52 0x7fffeabfc69e blink::LayoutBlockFlow::layoutBlockChildren()
#53 0x7fffeabf7442 blink::LayoutBlockFlow::layoutBlockFlow()
#54 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#55 0x7fffeabe9c49 blink::LayoutBlock::layout()
#56 0x7fffeac0f8b1 blink::LayoutBlockFlow::layoutInlineChildren()
#57 0x7fffeabf7423 blink::LayoutBlockFlow::layoutBlockFlow()
#58 0x7fffeabf6d00 blink::LayoutBlockFlow::layoutBlock()
#59 0x7fffeabe9c49 blink::LayoutBlock::layout()
#60 0x7fffeabf8544 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#61 0x7fffeabf8865 blink::LayoutBlockFlow::layoutBlockChild()
  r8: ffffa5c114c30c08  r9: ffffa5c114c30bf8 r10: 0000000000000008 r11: 0000000000000202
 r12: 00007fffffff7210 r13: 0000000000000b80 r14: 00007fffffff5ff0 r15: 00007fffffff5fe0
  di: 0000000000000001  si: 0000000000000001  bp: 0000000000000004  bx: 0000000000000000
  dx: 0000000000000006  ax: 0000000000000000  cx: ffffffffffffffff  sp: 00007fffffff52c8
  ip: 00007fffeeb89cc9 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000001 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
[New Thread 0x7fffcc5a8700 (LWP 11255)]

Please use labels and text to provide additional information.
https://chromium.googlesource.com/chromium/src/+/ad66862296c227c1b74a15f96632a67d941b6643

Comment 1 by kojii@chromium.org, May 23 2016

Labels: OS-All
Status: Available (was: Untriaged)

Comment 2 by kojii@chromium.org, Jul 21 2016

 Issue 628200  has been merged into this issue.

Comment 3 by kyounga...@gmail.com, Aug 31 2016

Hi, I met the same problem on another site.
I have some questions while investigating.

in this function, 
================
ALWAYS_INLINE bool BreakingContext::rewindToFirstMidWordBreak(LineLayoutText text,
    const ComputedStyle& style, const Font& font, bool breakAll,
    WordMeasurement& wordMeasurement)
{
. . .
    // TODO(kojii): should be replaced with safe-to-break when hb is ready.
    float x = m_width.availableWidth() + LayoutUnit::epsilon() - m_width.currentWidth();
    if (run.rtl())
        x = wordMeasurement.width - x;
    len = font.offsetForPosition(run, x, false);
. . .
================

I saw the case that "x" has an negative value ( < 0).
so I guess font.offsetForPosition(run, x, false) returns wrong value.

Is it OK ? if "x" has an negative value.

Comment 4 by kyounga...@gmail.com, Sep 26 2016

I made a simple patch for this issue.
https://codereview.chromium.org/2363833003/
Could you review this? Welcome any comments.

Thanks in advance,
Kyounga

Project Member

Comment 5 by bugdroid1@chromium.org, Sep 29 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/47e23e263b551925dccd72e0b170f64cf7ab8b9a

commit 47e23e263b551925dccd72e0b170f64cf7ab8b9a
Author: kyounga.ra <kyounga.ra@gmail.com>
Date: Thu Sep 29 15:50:47 2016

FATAL:DCHECK failed on BreakingContext::rewindToMidWordBreak()

Fix for wrong line-breaking calculation on "word-break:break-all" case

BUG= 613881 

Review-Url: https://codereview.chromium.org/2363833003
Cr-Commit-Position: refs/heads/master@{#421830}

[add] https://crrev.com/47e23e263b551925dccd72e0b170f64cf7ab8b9a/third_party/WebKit/LayoutTests/fast/text/breaking-context-inline-crash.html
[modify] https://crrev.com/47e23e263b551925dccd72e0b170f64cf7ab8b9a/third_party/WebKit/Source/core/layout/line/BreakingContextInlineHeaders.h

Comment 6 by kojii@chromium.org, Oct 4 2016

Status: Fixed (was: Available)

Thank you for your work on this.

►

Issue 613881 link

Issue metadata

FATAL:BreakingContextInlineHeaders.h(624)] Check failed: m_width.fitsOnLine(rect.width() - 1).

Issue description

Comment 1 by kojii@chromium.org, May 23 2016

Comment 1 Deleted

Comment 2 by kojii@chromium.org, Jul 21 2016

Comment 2 Deleted

Comment 3 by kyounga...@gmail.com, Aug 31 2016

Comment 3 Deleted

Comment 4 by kyounga...@gmail.com, Sep 26 2016

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Sep 29 2016

Comment 5 Deleted

Comment 6 by kojii@chromium.org, Oct 4 2016

Comment 6 Deleted

Sign in to add a comment