New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 628108 link

Starred by 2 users
Status: Duplicate
Merged: issue 625436
Owner: ----
Closed: Jul 2016
Cc:
kojii@chromium.org
dominicc@chromium.org
dtapu...@chromium.org
e...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Malformed <font> tag in anchor crashes Chrome

Reported by chris.sh...@fairfaxmedia.com.au, Jul 14 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Steps to reproduce the problem:
I have cut down the pages to a reproducible test case. If you extract the testcase.zip file to a tempoary folder, open the index-bad.html file and hover the mouse  over the URL "2016/07/14" and Chrome crashes. 

Now open the file index-good.html and hover the mouse over the URL "2016/07/14" and notice that it doesn't crash Chrome.

What is the expected behavior?

What went wrong?
The difference between the two files is that I have closed the <font> tag that exists within the anchor tag used for that hyperlink. 

Crashed report ID: 

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 51.0.2704.103 m  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 22.0 r0

This is so ridiculously obscure it's ridiculous.
testcase.zip
5.8 KB Download

Comment 1 by cbiesin...@chromium.org, Jul 19 2016

Components: Blink>HTML

Comment 2 by dominicc@chromium.org, Jul 20 2016

Labels: Needs-Feedback
Thank you for the bug report, it looks like you've put some effort into reducing it.

Could you cut and paste the crash ID from chrome://crashes? Thanks!

I can't reproduce this on Linux 51.0.2704.106 (Official Build) (64-bit); it might be platform-specific.

Comment 3 by dominicc@chromium.org, Jul 20 2016

Owner: dominicc@chromium.org
Tentatively me.

Comment 4 by chris.sh...@fairfaxmedia.com.au, Jul 20 2016 

Thanks for looking at this folks. 

Crash ID: crash/0fb04c7600000000

I'm running Windows 7, winver.exe tells me the version is Version 6.1 (build 7601: Service Pack 1).

One of our Linux server admins loaded up the page on Windows 2008 R2 standard and couldn't reproduce the issue, and on Windows 7 it seems to happen to me about 90% of the time when I access the internal corporate PHP web app, and so far 100% of the time when I use the local test case. 

If you need me to get something further, let me know and I'll see what I can do!

Comment 5 by dominicc@chromium.org, Jul 20 2016

Cc: kojii@chromium.org dominicc@chromium.org
Components: -Blink>HTML Blink>Input>HitTesting Blink>Layout
Labels: -Needs-Feedback
Owner: ----
Thanks!

This looks like a problem with layout or hit testing.

Comment 6 by dtapu...@chromium.org, Jul 21 2016

Cc: dtapu...@chromium.org e...@chromium.org
Can the layout team look at the https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/layout/LayoutInline.cpp?sq=package:chromium&rcl=1469099736&l=791 and see if that makes sense. I wonder if we are running into a case where we are trying to hit test a culled inline but it shouldn't call https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/layout/LayoutInline.cpp?sq=package:chromium&rcl=1469099736&l=534

Comment 7 by dtapu...@chromium.org, Jul 21 2016 

Cannot reproduce on linux either will try windows layer.

Comment 8 by dtapu...@chromium.org, Jul 21 2016 

Looks to be a duplicate of 625436

Comment 9 by e...@chromium.org, Jul 22 2016

Mergedinto: 625436
Status: Duplicate (was: Unconfirmed)

Comment 10 by sshru...@google.com, Aug 25 2016

Components: -Blink>Input>HitTesting Blink>HitTesting
Moving Blink>Input>HitTesting to Blink>HitTesting

Sign in to add a comment