New issue
Advanced search Search tips

Issue 620235 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Aug 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

availableLogicalWidth >= 0

Project Member Reported by ClusterFuzz, Jun 15 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5212726486106112

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  availableLogicalWidth >= 0
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv969Kxz0dddouft7oG6oHrp9ZHJtX4gF5QV5wmjYUZbT29yArT3C0SA4oB-DeQoiiqntB-lhgWAj6-nijJLQ32-BLBSU71x1oiW3Ab0EbJkSxQNUk-hRCpC0EvriF2eJZ3_kUtejRG_JBXai0ONY2ZnLTHTwww
<div style="float:left; border:2px solid red"><input type=image>
            <style>
* { animation-name: cfpulse95; min-width: fit-content;</style>


Additional requirements: Requires Gestures

Filer: durga.behera

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Components: Tools>Test>FindIt>NoResult Blink
Labels: findit-wrong Te-Logged M-52
Owner: jfernan...@igalia.com
Suspected CLs:
================
Analysis of failed component others is not supported by Findit.

Suspected Project: others
=========================
This is impacting the latest Stable (51.0.2704.84) & Beta (52.0.2743.33).
From code search on the crashed file "LayoutBox.cpp", suspecting the recent changes made to this might be related.
Suspect : https://codereview.chromium.org/2022033003
jfernandez@ : Could you please take a look into this if its related to your change.
Status: Assigned (was: Available)
Sure, I'll take a look ASAP.
The issue reported here is totally unrelated to the change I did at https://codereview.chromium.org/2022033003. Actually, that patch solves a similar issue, reproducible using the regression tests provided in that patch.

I'll try to provide a patch for this issue, though.
Cc: cbiesin...@chromium.org
Components: -Blink Blink>Layout
Project Member

Comment 5 by sheriffbot@chromium.org, Jun 15 2016

Labels: -M-52 M-53 MovedFrom-52
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
there is already a patch pending of review to fix this issue.

https://codereview.chromium.org/2065243003/

Project Member

Comment 7 by sheriffbot@chromium.org, Jul 5 2016

Labels: -M-53 -Pri-1 M-54 MovedFrom-53 Pri-2
This issue is Pri-1 but has already been moved once. Lowering the priority and moving to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 8 by ClusterFuzz, Aug 1 2016

ClusterFuzz has detected this issue as fixed in range 408165:408183.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5212726486106112

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  availableLogicalWidth >= 0
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=352857:352959
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=408165:408183

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv969Kxz0dddouft7oG6oHrp9ZHJtX4gF5QV5wmjYUZbT29yArT3C0SA4oB-DeQoiiqntB-lhgWAj6-nijJLQ32-BLBSU71x1oiW3Ab0EbJkSxQNUk-hRCpC0EvriF2eJZ3_kUtejRG_JBXai0ONY2ZnLTHTwww?testcase_id=5212726486106112
<div style="float:left; border:2px solid red"><input type=image>
            <style>
* { animation-name: cfpulse95; min-width: fit-content;</style>


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 9 by ClusterFuzz, Aug 1 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
It's true that the issue is not reproducible anymore, using the original test case provided. However, the actual bug is still there, as it's been detected in bug #635019. 

I agree on keeping this bug as closed, which is duplicated anyway, and continue working on bug #635019.
Project Member

Comment 11 by bugdroid1@chromium.org, Aug 23 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be05bcdf2b257500dc1b24209583b323cc2b7461

commit be05bcdf2b257500dc1b24209583b323cc2b7461
Author: jfernandez <jfernandez@igalia.com>
Date: Tue Aug 23 09:24:05 2016

[css-grid] Only force full invalidation when grid item data change

We're currently comparing the rareData's m_gridItem pointer to decide
whether a style change should force a full paint invalidation or not.
This is causing that changes in CSS Alignment properties on a grid item
are identified as needing a full paint invalidation, since the mentioned
pointer has been changed, indeed. However, that change is not caused by
the style change, but due to reapplying the same CSS rules.

Even more, the tests ensuring the are no invalidations when there is
not a visual geometry change are failing because of that.

This change modifies the condition to inspect the grid item's style
data, in addition to the pointer itself, so we only trigger the full
invalidation if there is an actual change in the data.

BUG= 620235 

Review-Url: https://codereview.chromium.org/2261733002
Cr-Commit-Position: refs/heads/master@{#413700}

[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-content-distribution-change-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-content-position-change-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-items-overflow-change-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-grid-expected.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-grid.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-keeping-geometry-grid-expected.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-keeping-geometry-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-change-keeping-geometry-grid.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/align-self-overflow-change-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-content-distribution-change-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-content-position-change-grid-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-items-change-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-items-overflow-change-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change-expected.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change-keeping-geometry-expected.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change-keeping-geometry-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change-keeping-geometry.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-change.html
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/LayoutTests/fast/repaint/justify-self-overflow-change-expected.txt
[delete] https://crrev.com/de0dd9f4b9a81eb0f168fbf1311a6b315f092b68/third_party/WebKit/LayoutTests/platform/win7/fast/repaint/align-self-change-keeping-geometry-grid-expected.txt
[delete] https://crrev.com/de0dd9f4b9a81eb0f168fbf1311a6b315f092b68/third_party/WebKit/LayoutTests/platform/win7/fast/repaint/justify-self-change-keeping-geometry-expected.txt
[modify] https://crrev.com/be05bcdf2b257500dc1b24209583b323cc2b7461/third_party/WebKit/Source/core/style/ComputedStyle.cpp

The comment above, related to a change referring to this bug, is not correct and it was wrongly sent because of a mistake in the bug number specified in the codereview. 

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 14 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment