false. Invalid first_layout (unset) for first_paint 3.153s in metrics_web_conten |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5180168197111808 Fuzzer: inferno_twister Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Invalid first_layout (unset) for first_paint 3.153s in metrics_web_conten page_load_metrics::IsValidPageLoadTiming page_load_metrics::PageLoadTracker::UpdateTiming Minimized Testcase (0.02 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94hcWHzb9MZ1BcPtujJSgCmpipFxbzpMrhLgyjQAQ2Txj5f70f5MzstJp3r0YHpSYr2NRFJWZ5wc7X57nowAONjD1fRu9fC913-3a7IB7vSOvZoOv8TrhdBWQUrgBAQYLOq3Zgf29UjSOSTn3b6jfhUqIwmVQ?testcase_id=5180168197111808 <title id="tCF1"> Additional requirements: Requires HTTP Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 13 2016
Sure - this is code I own. This is a dcheck (will not fire in release), and its failure doesn't cause any bad browser behavior, so I see this is somewhat low priority, but I will take a look when I get a chance.
,
Jul 15 2016
,
Jul 27 2016
,
Jul 27 2016
,
Jul 27 2016
,
Jul 28 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5350013492527104 Fuzzer: inferno_twister Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Invalid first_layout (unset) for first_paint 5.161s in metrics_web_conten page_load_metrics::IsValidPageLoadTiming page_load_metrics::PageLoadTracker::UpdateTiming Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=136954:136987 Minimized Testcase (0.09 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv979CE_tCZBuWCla0bfXa3eqgPw82GsAxw-iEwL6auPBz28bvsKA92ytBIrgxE8B5cgigdTmEbT2k3tBC2YKYsREY3zKi1A38Eek1kxDWmvN0kUUqOIpTLGauSi4F4vKW4j6mrvbvI6Tk72eQeW9u0Ic6_Slsg?testcase_id=5350013492527104 <html xmlns="http://www.w3.org/1999/xhtml" xlink="http://www.w3.org/1999/xlink"><head id="tCF0"> Additional requirements: Requires HTTP Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 28 2016
I took a look. This appears to happen for any XHTML page that generates an XML parsing error. Such pages display a warning message on the screen, which seems to cause a paint without a layout. To clarify, this poses no issues in release - we gracefully recover from the error case in a release build. So I'm marking as P3. I'm going to change the code so that this DCHECK no longer fires and add some code to track how often this happens in the field. Based on that data, we'll make a decision on how we want to handle this issue.
,
Jul 28 2016
Note that, if we decide to explicitly detect this case in the render process, Docment::wellFormed() will report false for these documents. This gets set right before the parser is detached (right before we record parse stop time).
,
Jul 29 2016
This is not P3. This is P1 since it blocks finding other real bugs with fuzzing on debug builds. Please remove the spurious DCHECK.
,
Jul 29 2016
Issue 627267 has been merged into this issue.
,
Jul 29 2016
Sure, sent a CL your way. Note that this is an interim fix to remove the DCHECK. The proper fix will special case non-well formed XHTML documents, but that's more involved.
,
Jul 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e0c18ae2e00183aaad8daaec74dd2e2ca869f673 commit e0c18ae2e00183aaad8daaec74dd2e2ca869f673 Author: bmcquade <bmcquade@chromium.org> Date: Fri Jul 29 21:25:58 2016 Remove NOTREACHED that gets hit for non well formed xhtml. BUG= 627607 Review-Url: https://codereview.chromium.org/2194893003 Cr-Commit-Position: refs/heads/master@{#408766} [modify] https://crrev.com/e0c18ae2e00183aaad8daaec74dd2e2ca869f673/chrome/browser/page_load_metrics/metrics_web_contents_observer.cc [modify] https://crrev.com/e0c18ae2e00183aaad8daaec74dd2e2ca869f673/chrome/browser/page_load_metrics/observers/core_page_load_metrics_observer.h [modify] https://crrev.com/e0c18ae2e00183aaad8daaec74dd2e2ca869f673/chrome/browser/page_load_metrics/page_load_metrics_browsertest.cc [add] https://crrev.com/e0c18ae2e00183aaad8daaec74dd2e2ca869f673/chrome/test/data/page_load_metrics/badxml.xhtml [add] https://crrev.com/e0c18ae2e00183aaad8daaec74dd2e2ca869f673/chrome/test/data/page_load_metrics/badxml.xhtml.mock-http-headers
,
Jul 29 2016
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408765:408781. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5350013492527104 Fuzzer: inferno_twister Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Invalid first_layout (unset) for first_paint 5.161s in metrics_web_conten page_load_metrics::IsValidPageLoadTiming page_load_metrics::PageLoadTracker::UpdateTiming Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=136954:136987 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=408765:408781 Minimized Testcase (0.09 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv979CE_tCZBuWCla0bfXa3eqgPw82GsAxw-iEwL6auPBz28bvsKA92ytBIrgxE8B5cgigdTmEbT2k3tBC2YKYsREY3zKi1A38Eek1kxDWmvN0kUUqOIpTLGauSi4F4vKW4j6mrvbvI6Tk72eQeW9u0Ic6_Slsg?testcase_id=5350013492527104 <html xmlns="http://www.w3.org/1999/xhtml" xlink="http://www.w3.org/1999/xlink"><head id="tCF0"> Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408765:408781. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5180168197111808 Fuzzer: inferno_twister Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. Invalid first_layout (unset) for first_paint 3.153s in metrics_web_conten page_load_metrics::IsValidPageLoadTiming page_load_metrics::PageLoadTracker::UpdateTiming Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=408765:408781 Minimized Testcase (0.02 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94hcWHzb9MZ1BcPtujJSgCmpipFxbzpMrhLgyjQAQ2Txj5f70f5MzstJp3r0YHpSYr2NRFJWZ5wc7X57nowAONjD1fRu9fC913-3a7IB7vSOvZoOv8TrhdBWQUrgBAQYLOq3Zgf29UjSOSTn3b6jfhUqIwmVQ?testcase_id=5180168197111808 <title id="tCF1"> Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmohammad@chromium.org
, Jul 12 2016Status: Assigned (was: Available)