Chrome tab crashes on super-massive image load
Reported by
sporkmon...@gmail.com,
Jul 14 2016
|
|||||||||||||||
Issue descriptionChrome Version : 51.0.2704.103 (Official Build) m (32-bit) URLs (if applicable) : https://dl.dropboxusercontent.com/u/69327240/screenshot.jpg Other browsers tested: Add OK or FAIL, along with the version, after other browsers where you have tested this issue: Safari: didn't test Firefox: OK, 43.01 IE: OK, Edge, 25.10586.0.0 What steps will reproduce the problem? (1) Load super-massive image What is the expected result? Image loads What happens instead? Tab crashes after partially loading, partially displaying image Please provide any additional information below. Attach a screenshot if possible. Windows 10 Running 2x 1080 GTX in SLI, PLENTY of video RAM 13600 x 13600 (resolution of example image)
,
Jul 14 2016
The latter could have trivial DoS implications on sites that don't thumbnail and cdn-proxy user-supplied images. Which obviously you should do, but...
,
Jul 15 2016
Unable to repro this issue on Windows 10 [Pro] for Google Chrome Stable Version - 51.0.2704.106 Screen-recording is attached. @sporkmonger: Could you please re-test the same on a clean profile [chrome://settings -> Add Person] and let us know your observations. Thank you.
,
Jul 16 2016
Oh, and I upgraded to 51.0.2704.106 and I could still reproduce. The 1080 GTX is pretty new, possible that it could be the differentiating factor between why I can reproduce consistently and you can't?
,
Jul 16 2016
Thank you for providing more feedback. Adding requester "rnimmagadda@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 18 2016
@MTV: Team, could you please verify this issue from your end. Since we are not able to repro this issue on the Windows 10 [Pro] system we have it here. Thank you.
,
Jul 19 2016
Do you have a crash ID in about:crashes?
,
Jul 19 2016
I can't reproduce on Linux either. But my guess is we're all using 64bit chrome, whereas the original bug report says 32bit. It wouldn't surprise me at all if that were the problem. Test team, can you look at this on a 32 bit build?
,
Jul 20 2016
Repro'd again: Crash ID 0ad0b80e00000000 (1e315d4a-5f3c-49fd-9892-6e3321b23f04) Automatically reported Tuesday, July 19, 2016 at 6:39:49 PM For the first time I just got the image to load all the way through without a crash. It crashed upon refresh however.
,
Jul 20 2016
Upgraded to 64-bit and can confirm that I can no longer repro. Definitely try 32-bit.
,
Jul 20 2016
==================================== Good Build: 47.0.2502.0 Base Position: 347539 Bad Build: 48.0.2527.0 Base Position: 352270 ===================================== Able to repro this issue only on 64 Bit - Windows 10 [Pro] for the Google Chrome Stable Version - 51.0.2704.106 This is a regression issue broken in M47, below mentioned is the bisect info: CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/47.0.2502.0..48.0.2527.0?pretty=fuller&n=10000 Suspecting Below: ======================================================= Commit: 2f62c75e637033340fb49cba533ffcf41736b4ad Review URL: https://codereview.chromium.org/1349473003 ------------------------------------------------------- Commit: 471f43787777abca532dab4424ab9157a43275d9 Review URL: https://codereview.chromium.org/1239773002 ======================================================= @jchaffraix/wangxianzhu: Could you please look into the issue, and if it has nothing to do with your changes and if possible please do assign it to the concerned owner. Thank you.
,
Jul 20 2016
jchaffraix@ no more works on blink. My CL is just a rebaseline of tests. The crash is an out-of-memory occurred during image decoding. 0x0f7af231 (chrome_child.dll -logging.cc:735 ) logging::LogMessage::~LogMessage() 0x100773f3 (chrome_child.dll -memory.cc:19 ) base::`anonymous namespace'::OnNoMemory 0x10d36e3a (chrome_child.dll -child_discardable_shared_memory_manager.cc:312 ) content::ChildDiscardableSharedMemoryManager::AllocateLockedDiscardableSharedMemory(unsigned int,int) 0x10d36c09 (chrome_child.dll -child_discardable_shared_memory_manager.cc:187 ) content::ChildDiscardableSharedMemoryManager::AllocateLockedDiscardableMemory(unsigned int) 0x1010e2f5 (chrome_child.dll -software_image_decode_controller.cc:406 ) cc::SoftwareImageDecodeController::DecodeImageInternal(cc::ImageDecodeControllerKey const &,cc::DrawImage const &) 0x1010f17c (chrome_child.dll -software_image_decode_controller.cc:574 ) cc::SoftwareImageDecodeController::GetDecodedImageForDrawInternal(cc::ImageDecodeControllerKey const &,cc::DrawImage const &) 0x1010e5e1 (chrome_child.dll -software_image_decode_controller.cc:451 ) cc::SoftwareImageDecodeController::DecodeImageInternal(cc::ImageDecodeControllerKey const &,cc::DrawImage const &) 0x1010def1 (chrome_child.dll -software_image_decode_controller.cc:353 ) cc::SoftwareImageDecodeController::DecodeImage(cc::ImageDecodeControllerKey const &,cc::DrawImage const &) 0x1010ce1e (chrome_child.dll -software_image_decode_controller.cc:75 ) cc::`anonymous namespace'::ImageDecodeTaskImpl::RunOnWorkerThread 0x10e02a03 (chrome_child.dll -raster_worker_pool.cc:361 ) content::RasterWorkerPool::RunTaskInCategoryWithLockAcquired(cc::TaskCategory) 0x10e02a86 (chrome_child.dll -raster_worker_pool.cc:336 ) content::RasterWorkerPool::RunTaskWithLockAcquired(std::vector<cc::TaskCategory,std::allocator<cc::TaskCategory> > const &) 0x10e02927 (chrome_child.dll -raster_worker_pool.cc:230 ) content::RasterWorkerPool::Run(std::vector<cc::TaskCategory,std::allocator<cc::TaskCategory> > const &,base::ConditionVariable *) 0x10e02962 (chrome_child.dll -raster_worker_pool.cc:34 ) content::`anonymous namespace'::RasterWorkerPoolThread::Run 0x0f7cecfc (chrome_child.dll -simple_thread.cc:66 ) base::SimpleThread::ThreadMain() 0x0f7c2ec6 (chrome_child.dll -platform_thread_win.cc:84 ) base::`anonymous namespace'::ThreadFunc
,
Jul 20 2016
I think this is WontFix. Out of memory is out of memory, so unless we can find some way to use less memory, there's nothing we can do.
,
Jul 20 2016
,
Jul 20 2016
I agree with #14. This image is pretty large and what happens is that we try to allocate enough memory to decode it, that's all... If that crashes, then there's isn't really anything we can do right now. One feature that maybe worth investigating is decoding to scale, so that we don't try and decode the original sized image. I'm not too sure what's involved in that though. And even if that's in place, zooming in to the screenshot would still cause the same crash (or rather it would cause us to allocate the same chunk of memory which here results in a crash).
,
Jul 20 2016
We have the huge-image-scale-down feature enabled on Android. Perhaps we can also enable the feature on other platforms but with different parameters. However, I'm curious about: - There is a regression range; - Before #11 the bug reproduced on 32-bit only, but in #12 it reproduced on 64-bit (windows or chrome?) only.
,
Jul 21 2016
It seems like when you zoom in that there's some kind of tile painting going on. Could that be used to limit the memory allocation on zoom in? i.e. don't allocate for the tiles in the area you're not zoomed in on?
,
Jul 21 2016
@wangxianzhu: Sorry for the typo. Able to repro this issue only on 32 Bit - Windows 10 [Pro] for the Google Chrome Stable Version - 51.0.2704.106 Verified it again and go the same bisect range as mentioned in the comment #12. Unable to find the exact owner. Thank you.
,
Jul 21 2016
Re #18 we do have algorithm to handle memory allocated for tiles, e.g. free memory for low priority tiles, but we do need a big buffer to store the decoded image. On Android, we down-sample huge images, for example, we may decode a 16000x16000 image to 2000x2000. Re #19: as this is out-of-memory on 32-bit windows only, I'm marking this bug WontFix.
,
Jul 21 2016
Since I've now upgraded to 64-bit, I'm cool with that. :-) |
|||||||||||||||
►
Sign in to add a comment |
|||||||||||||||
Comment 1 by sporkmon...@gmail.com
, Jul 14 2016Embedding image in HTML also crashes tab, e.g. <html> <body> <img src="https://dl.dropboxusercontent.com/u/69327240/screenshot.jpg" /> </body> </html>