New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 635019 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocked on:
issue 697252



Sign in to add a comment

availableLogicalWidth >= 0

Project Member Reported by ClusterFuzz, Aug 5 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5763023124037632

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  availableLogicalWidth >= 0
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=352857:352959

Minimized Testcase (0.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97n5vpc-lr2W76PUzGae08aT95SBT3aGFKltTRORTu2Itel5iHHbQ6mrfQewcqp-RFFAETLGXTa0Y0fw_1DlDl6bl60-daYKwY3ESetRKl2zeXrcXN4rO6Zdc5fomAbpoQW0hQmUzG01n5t7keowygg5uo8IA?testcase_id=5763023124037632

Issue manually filed by: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: msten...@opera.com
Labels: Te-Logged M-53
Owner: davve@opera.com
Status: Assigned (was: Untriaged)

From findit tool:

Author: davve
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99a0ad7eeaa0d05f7e7973f74536a5a9cdf9a730
Time: Tue Jan 26 12:33:23 2016
The CL last changed line 2849 of file LayoutBox.cpp, which is stack frame 4.

Comment 2 by msten...@opera.com, Aug 9 2016

Cc: davve@opera.com
Owner: msten...@opera.com

Comment 3 by msten...@opera.com, Aug 9 2016

Owner: davve@opera.com

Comment 4 by davve@opera.com, Aug 15 2016

Cc: cbiesin...@chromium.org
Cc: jfernan...@igalia.com
Components: Blink>Layout
note  bug 620235 
I'll take a look.

Comment 7 by davve@opera.com, Aug 16 2016

Owner: jfernan...@igalia.com
Thanks. Reassigning to you then. Feel free to assign back if there is something you think I can help out with.
It seems I don't have permissions to read the minimized test cases. Would it be possible to grant me access to it ?

Comment 9 by davve@opera.com, Aug 18 2016

What usually works for me is going through the detailed report (top link in the description) and following the link to testcases from there, while being the owner of the bug. YMMV.
Thanks @dawe, that worked. 

BTW, it seems that  bug #620235  was marked as fixed, but I didn't land the patch I had implemented for that. Both @cbiesigner and @rune want to go further on the approach to solve the issue. It seems there are several errors in the implementation of preferred width for replaced elements. 

I'll first try to verify whether  bug #620235  was actually fixed or not.
BTW, the ongoing discussion can be followed at issue #2065243003


Obviously, my patch for https://crrev.com/2065243003 fixes this bug. However, as I pointed out in a previous comment, we will probably need more time to figure out a more complete solution. 

Comment 13 by e...@chromium.org, Sep 8 2016

Ok, thanks for the update!
Project Member

Comment 14 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 15 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5763023124037632 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Status: Started (was: WontFix)
This big is still valid. As I said in comment #12, the test case used to reproduce the issue may be not valid anymore, but my patch on https://codereview.chromium.org/2065243003 is still needed. 

Comment 17 by e...@chromium.org, Jan 3 2017

Labels: -Pri-1 Pri-2
The proposed patch, already reviewed and approved, causes 2 browser tests to fail: 

  - PluginPowerSaverBrowserTest.SmallerThanPlayIcon
  - PluginPowerSaverBrowserTest.PosterTests

I haven't been able to find out why my patch causes those tests to fail, so far, so I had to move to other issues. 

Recently, I retake the issue and found out that my patch might have discovered an Flexbox issue with affecting LayoutImages aspect ratio. 

I still think my patch for crrev.com/2065243003 is still valid, so I ll continue working to figure out a solution for the flexbox related issues.
Blockedon: 697252

Comment 20 by davve@opera.com, Mar 28 2017

Cc: davve@chromium.org

Comment 21 by davve@opera.com, Mar 28 2017

Cc: -davve@opera.com
Status: Available (was: Started)
I'm blocked on this issue and need time to re-think the whole approach. I put it on hold for some time because I've got other things more urgent at this moment.
Project Member

Comment 23 by sheriffbot@chromium.org, Jun 5 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 24 by e...@chromium.org, Jun 7 2018

Status: Available (was: Untriaged)
Project Member

Comment 25 by ClusterFuzz, Jun 8 2018

ClusterFuzz has detected this issue as fixed in range 452556:452596.

Detailed report: https://clusterfuzz.com/testcase?key=5763023124037632

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  availableLogicalWidth >= 0
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=352857:352959
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=452556:452596

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5763023124037632

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Assigned (was: Available)

Sign in to add a comment