New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 628504 link

Starred by 1 user
Status: Duplicate
Merged: issue 591877
Owner:
meade@chromium.org
Not working on Chrome any more
Closed: Aug 2016
Cc:
xiaoche...@chromium.org
yosin@chromium.org
joone....@intel.com
style-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocking:
issue 590369



Sign in to add a comment

Check failure in !start.document()->needsLayoutTreeUpdate() in TextIterator.cpp

Project Member Reported by ClusterFuzz, Jul 15 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6566499838066688

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !start.document()->needsLayoutTreeUpdate() in TextIterator.cpp
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::createPlainText<>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=389343:389363

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv974sfr2uLFEkuXG0qe7csb_LIiRHFiFzq-bhnIIHr3xAVrpB_c3zdcVLsk5lYoz3n0kjOsL-fHXSaXvFKUCkH0p4K7s0VmsltQrDLk14nf3m4lmn8Xu3tUx4pSuyWeptQ-u0huhj7he1Wrt5DshDqwZvhaIdw?testcase_id=6566499838066688

Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@chromium.org, Jul 15 2016

Cc: joone....@intel.com
Components: Tools>Test>FindIt>NoResult
Labels: findit-wrong Te-Logged M-52
Owner: yosin@chromium.org
Status: Assigned (was: Available)
providing findit resutls for internal purpose:

Suspected CLs	Findit could not determine the memory tool from the stacktrace. Is it in a new format?
--------------
using cosesearch, seeing some changes to 'TextIterator.cpp' in https://chromium.googlesource.com/chromium/src/+/3564239b151f615afca39cfd886d225a2b4740f8

joone.hur@intel.com - Could you please check the above issue & help us in finding an owner it its not yours.

Comment 2 by yosin@chromium.org, Jul 20 2016

Blocking: 590369
Components: Blink>Editing
Owner: xiaoche...@chromium.org
Is DOM tree modified in InPreLayout or AfterPerformLayout?

Comment 3 Deleted

Comment 4 by xiaoche...@chromium.org, Jul 25 2016 

It seems to be an issue of |updateStyleAndLayoutIgnorePendingStylesheets|.

In the crash site, |createPlainText| already calls |updateStyleAndLayoutIgnorePendingStylesheets|, but immediately after that, the DCHECK is hit in TextIterator's constructor saying that layout still needs update.

Triage to some other component?

Comment 5 by xiaoche...@chromium.org, Jul 26 2016

Cc: yosin@chromium.org xiaoche...@chromium.org
Components: -Blink>Editing Blink>CSS
Owner: ----
Status: Untriaged (was: Assigned)
Triaging to CSS team according to #4.

Comment 6 by bugsnash@chromium.org, Jul 27 2016

Status: Available (was: Untriaged)

Comment 7 by nainar@chromium.org, Jul 27 2016

Owner: meade@chromium.org
Status: Assigned (was: Available)
Assigning to TL

Comment 8 by meade@chromium.org, Aug 7 2016

Summary: Check failure in !start.document()->needsLayoutTreeUpdate() in TextIterator.cpp (was: !start.document()->needsLayoutTreeUpdate() in TextIterator.cpp)

Comment 9 by meade@chromium.org, Aug 7 2016

Mergedinto: 591877
Status: Duplicate (was: Assigned)
Project Member

Comment 10 by ClusterFuzz, Aug 27 2016 

ClusterFuzz has detected this issue as fixed in range 414808:414879.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6566499838066688

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !start.document()->needsLayoutTreeUpdate() in TextIterator.cpp
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::createPlainText<>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=389343:389363
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=414808:414879

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv974sfr2uLFEkuXG0qe7csb_LIiRHFiFzq-bhnIIHr3xAVrpB_c3zdcVLsk5lYoz3n0kjOsL-fHXSaXvFKUCkH0p4K7s0VmsltQrDLk14nf3m4lmn8Xu3tUx4pSuyWeptQ-u0huhj7he1Wrt5DshDqwZvhaIdw?testcase_id=6566499838066688

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 11 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 12 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment