New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 617622 link

Starred by 0 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Sep 2016
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

m_compositedBounds.location() == flooredIntPoint(m_compositedBounds.location())

Project Member Reported by ClusterFuzz, Jun 6 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5757549295173632

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  m_compositedBounds.location() == flooredIntPoint(m_compositedBounds.location())
  blink::CompositedLayerMapping::updateAfterPartResize
  blink::CompositedLayerMapping::updateGraphicsLayerGeometry
  

Minimized Testcase (0.22 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Ws1ibYqm0gkYvo-DS-ipvApRU0e3fYzfdLQoXLjwihB-7--g0a6aYKyAgtfBr_Foze2BRSdkBeuo-oB-zq68UL1UjOYVq5cyk0OkAy9xjwDvfbKfjkVWrH82uOkgHHH25NuxxTGspI-kJ1FMHOCcIAbtXEg
<iframe onload="inject('frame1', 'html')"></iframe>
<style>
@keyframes cfpulse2 { 0% { opacity: 0.6553;  } 
 2% { opacity: 0.466; box-shadow: 25px 4294967101px 51px;  } }
* { animation-name: cfpulse2; animation-duration: 4s;


Filer: ashejole

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: ashej...@chromium.org
Labels: -Pri-1 Pri-2
Owner: vollick@chromium.org
Status: Assigned (was: Available)
Suspected CLs	Regression information is not available. The result is the blame information.

Author: vollick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/94c4b9c89d830b4bdf2dec60b7844859092618c2
Time: Wed Sep 03 17:56:36 2014
The CL last changed line 344 of file CompositedLayerMapping.cpp, which is stack frame 0.

Author: zeeshanq@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fc504b807ee20299b6b7d72d68c86c2a3a361e8b
Time: Tue Oct 14 16:49:44 2014
The CL last changed line 777 of file CompositedLayerMapping.cpp, which is stack frame 1.

Author: vollick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5c71784f502e13a7bdcf7f421d3061d5b661562d
Time: Sat Jul 26 05:14:17 2014
The CL last changed line 101 of file GraphicsLayerUpdater.cpp, which is stack frame 2.

Author: abarth@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dc46981faf924c3fbecf6aaffede85559364d3a9
Time: Tue Jun 24 20:03:35 2014
The CL last changed line 111 of file GraphicsLayerUpdater.cpp, which is stack frame 3.

Author: abarth@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dc46981faf924c3fbecf6aaffede85559364d3a9
Time: Tue Jun 24 20:03:35 2014
The CL last changed line 111 of file GraphicsLayerUpdater.cpp, which is stack frame 4.

Author: abarth@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dc46981faf924c3fbecf6aaffede85559364d3a9
Time: Tue Jun 24 20:03:35 2014
The CL last changed line 111 of file GraphicsLayerUpdater.cpp, which is stack frame 5.

Author: abarth@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dc46981faf924c3fbecf6aaffede85559364d3a9
Time: Tue Jun 24 20:03:35 2014
The CL last changed line 85 of file GraphicsLayerUpdater.cpp, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>Compositing


@vollick: Hey, would you mind checking the above issue as per the above suspected CL's. Feel free to re-assign to concern dev if that is not the case.

I really appreciate your help.

Thank you!
Components: Tools>Test>FindIt>CorrectResult
Labels: findit-for-crash Te-Logged
Project Member

Comment 3 by ClusterFuzz, Sep 18 2016

ClusterFuzz has detected this issue as fixed in range 419387:419391.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5757549295173632

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  m_compositedBounds.location() == flooredIntPoint(m_compositedBounds.location())
  blink::CompositedLayerMapping::updateAfterPartResize
  blink::CompositedLayerMapping::updateGraphicsLayerGeometry
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=321092:321111
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=419387:419391

Minimized Testcase (0.22 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95WLmVNkfh3RmtyIEJ0d1KqkevhEudVmtb2g_GO_c33A38gXNjWypfDgpVYF66HPksxBKrfBpWUtLEL8rqrIDPo3PJDWmI982W8XQhp6vpwmCGvuV_K628MtEt-tBL0RRjbMDWHDBa-qSQ16YvKWKY0U_Ps-Q?testcase_id=5757549295173632
<iframe onload="inject('frame1', 'html')"></iframe>
<style>
@keyframes cfpulse2 { 0% { opacity: 0.6553;  } 
 2% { opacity: 0.466; box-shadow: 25px 4294967101px 51px;  } }
* { animation-name: cfpulse2; animation-duration: 4s;


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Sep 18 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment