!current->hasClipRelatedProperty() |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6430773439889408 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: !current->hasClipRelatedProperty() blink::findParentLayerOnClippingContainerChain blink::CompositingInputsUpdater::updateRecursive Minimized Testcase (4.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96QW4cgGqMIAD8xwzmDBhy62SbqqQ7KerDDi9vt-vtGQ-flcDdAff2GwFkAzFy1zMeEz60ObJqgpOzb6eIlKcute42eoPnqRKZ5gaZGK9PRzgmpIxQJWnnm-cnyzOXnTEagv00dOZ4SxML7nLB2DJJf0fxjVw Filer: ashejole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 13 2016
Do not assign to leviw@, he no longer works on Chrome.
,
Jun 13 2016
The root cause is the same as issue 613929, but a different code path.
,
Jun 13 2016
,
Jun 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/73a56783feab40c659c22a4e2d664f20b9e06198 commit 73a56783feab40c659c22a4e2d664f20b9e06198 Author: chrishtr <chrishtr@chromium.org> Date: Tue Jun 14 06:36:22 2016 Fix asserts to account for the fact that SVG may have contains: paint. BUG= 619032 Review-Url: https://codereview.chromium.org/2060273004 Cr-Commit-Position: refs/heads/master@{#399658} [modify] https://crrev.com/73a56783feab40c659c22a4e2d664f20b9e06198/third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp
,
Jun 14 2016
,
Jun 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/73a56783feab40c659c22a4e2d664f20b9e06198 commit 73a56783feab40c659c22a4e2d664f20b9e06198 Author: chrishtr <chrishtr@chromium.org> Date: Tue Jun 14 06:36:22 2016 Fix asserts to account for the fact that SVG may have contains: paint. BUG= 619032 Review-Url: https://codereview.chromium.org/2060273004 Cr-Commit-Position: refs/heads/master@{#399658} [modify] https://crrev.com/73a56783feab40c659c22a4e2d664f20b9e06198/third_party/WebKit/Source/core/layout/compositing/CompositingInputsUpdater.cpp
,
Jun 22 2016
ClusterFuzz has detected this issue as fixed in range 399276:400924. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6430773439889408 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: !current->hasClipRelatedProperty() blink::findParentLayerOnClippingContainerChain blink::CompositingInputsUpdater::updateRecursive Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=399276:400924 Minimized Testcase (4.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96QW4cgGqMIAD8xwzmDBhy62SbqqQ7KerDDi9vt-vtGQ-flcDdAff2GwFkAzFy1zMeEz60ObJqgpOzb6eIlKcute42eoPnqRKZ5gaZGK9PRzgmpIxQJWnnm-cnyzOXnTEagv00dOZ4SxML7nLB2DJJf0fxjVw?testcase_id=6430773439889408 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ashej...@chromium.org
, Jun 10 2016Components: Blink>Compositing Tools>Test>FindIt>CorrectResult
Labels: findit-for-crash Te-Logged
Owner: le...@chromium.org
Status: Assigned (was: Available)