New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 636918 link

Starred by 1 user
Status: WontFix
Owner:
wangxianzhu@chromium.org
Closed: Aug 2016
Cc:
wangxianzhu@chromium.org
nyerramilli@chromium.org
r...@opera.com
dgro...@chromium.org
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Crash in blink::FrameView::trackedObjectPaintInvalidationsAsJSON

Project Member Reported by ClusterFuzz, Aug 11 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5776866155954176

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::FrameView::trackedObjectPaintInvalidationsAsJSON
  blink::LocalFrame::layerTreeAsText
  blink::Internals::layerTreeAsText
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=411207:411233

Minimized Testcase (4.82 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95tByaEWURZ0gFnqjsdn5Bz6rTbGJQlF_mRnKo0uJwzmVy5eQ2vvsWa0v_3EypnxllIz1OBJSXCpc_6tYF50ZOYmrUYxJxcz1b0zqHHqkCgxtxfzQJHSUszC3hJV92fIh-VFOVfN0y42YZAAkE1fBnWWuoYgA?testcase_id=5776866155954176

Issue manually filed by: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@chromium.org, Aug 11 2016

Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>NoResult
Labels: findit-wrong TE-Triaged Te-Logged
Owner: dgro...@chromium.org
Status: Assigned (was: Untriaged)
Providing Findit results for internal purpose:
Suspected CLs	Findit could not find any suspected CLs.

Suspected Project: chromium

using codesearch, seeing some changes to FrameView.cpp in 
https://chromium.googlesource.com/chromium/src/+/f1b3e099e9754e0a801966571b2ac7288e1f1f47

dgrogan@, Could you please check the above issue & help us in finding an owner it its not yours.

Comment 2 Deleted

Comment 3 by dgro...@chromium.org, Aug 16 2016

Cc: -nyerramilli@chromium.org danakj@chromium.org dgro...@chromium.org
Owner: nyerramilli@chromium.org
danakj, any chance this is fallout from https://codereview.chromium.org/2034583002?

If not, nyerramilli, could you assign to one of the frame owners?

Comment 4 by danakj@chromium.org, Aug 16 2016

Cc: -danakj@chromium.org
No, that is very separate from blink, and in another process.

Comment 5 by nyerramilli@chromium.org, Aug 16 2016

Cc: nyerramilli@chromium.org r...@opera.com
Labels: Needs-triage
Owner: ----
Status: Available (was: Assigned)
rune@, Could you please check the above issue & help us in finding an owner.

Thanks in advance..

Comment 6 by r...@opera.com, Aug 16 2016

Owner: r...@opera.com
Status: Assigned (was: Available)

Comment 7 by r...@opera.com, Aug 16 2016

Cc: wangxianzhu@chromium.org
Owner: ----
Status: Available (was: Assigned)
wangxianzhu@chromium.org showed up in that area of the code when blaming, but the cause may be somewhere else.

Comment 8 by wangxianzhu@chromium.org, Aug 16 2016

Status: WontFix (was: Available)
This happens in carelessly written layout test only.

Comment 9 by wangxianzhu@chromium.org, Aug 16 2016

Components: Blink>Paint>Invalidation
Labels: -OS-Windows -Pri-1 OS-All Pri-3
Owner: wangxianzhu@chromium.org
Status: Assigned (was: WontFix)
Let's make it not crash.

Comment 10 by wangxianzhu@chromium.org, Aug 16 2016

Status: WontFix (was: Assigned)
The test crashes because it finishes when runRunner.layoutAndPaintAsyncThen(). A real layout test can easily avoid such crashes with waitUntilDone() and notifyDone(). Will not put effort on this.

Comment 11 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 12 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment