Regression:Tab crash is seen upon clicking on any of the link in chrome://md-settings when in emulation view. |
|||||||||
Issue descriptionVersion: 54.0.2830.0 Dev OS: Ubuntu 14.04 What steps will reproduce the problem? (1)Launch chrome>Navigate to chrome://md-settings>>Open devtools using F12 and emulate>>Now click on any link and observe tab crash. Expected:Tab crash shouldn't be seen on clicking any link of chrome://md-settings in emulation view. Actual:Instead tab crash is seen. Crash id's: 3da3692200000000 This is Regression issue broken in M-54. Will update bisect info soon.
,
Aug 16 2016
Bisect info: Good build:54.0.2829.0 Dev Bad build:54.0.2830.0 Dev CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/3748dbb0f09a7e684c34b799e43506a8fde6b36f..7f405ec2b6914d482d081d2cb5d80bdf5226bd57 MANUAL CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/54.0.2829.0..54.0.2830.0?pretty=fuller&n=10000
,
Aug 16 2016
From the above manual change log suspecting the below one Review URL: https://codereview.chromium.org/2075393002 nzolghadr@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Aug 16 2016
This code path doesn't seem to be affected by my change. I think this is the related change as the function that is changed could possibly be returning null and cause the crash in the caller. https://chromium.googlesource.com/chromium/src/+/7f405ec2b6914d482d081d2cb5d80bdf5226bd57 bugsnash@ can you have a look at this?
,
Aug 16 2016
Issue 638126 has been merged into this issue.
,
Aug 16 2016
Issue 638218 has been merged into this issue.
,
Aug 16 2016
Users experienced this crash on the following builds: Win Canary 54.0.2830.0 - 4.53 CPM, 29 reports, 5 clients (signature blink::TouchAdjustment::nodeRespondsToTapGesture) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Aug 16 2016
,
Aug 16 2016
Marking with RB label as this is a regression issue broken in M54. Going with RB-Beta as the crash rate is little low. 54.0.2830.0 100.00% 29 Link to Builds on which this crash is seen: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3ATouchAdjustment%3A%3AnodeRespondsToTapGesture%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D
,
Aug 17 2016
Issue 638112 has been merged into this issue.
,
Aug 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c739b16ff7c5b84fcd4620df5d46c419563c2ef7 commit c739b16ff7c5b84fcd4620df5d46c419563c2ef7 Author: bugsnash <bugsnash@chromium.org> Date: Wed Aug 17 08:04:02 2016 Fixed crash by replacing DCHECK with returning nullptr. Fixed crash by replacing DCHECK in Node::mutableComputedStyle with returning nullptr if the NodeRareData is not an ElementRareData. Crash introcuded in https://codereview.chromium.org/1962953002. BUG= 638102 Review-Url: https://codereview.chromium.org/2241193005 Cr-Commit-Position: refs/heads/master@{#412472} [add] https://crrev.com/c739b16ff7c5b84fcd4620df5d46c419563c2ef7/third_party/WebKit/LayoutTests/fast/css/document-rare-data-style-crash-expected.html [add] https://crrev.com/c739b16ff7c5b84fcd4620df5d46c419563c2ef7/third_party/WebKit/LayoutTests/fast/css/document-rare-data-style-crash.html [modify] https://crrev.com/c739b16ff7c5b84fcd4620df5d46c419563c2ef7/third_party/WebKit/Source/core/dom/NodeComputedStyle.h
,
Aug 17 2016
,
Aug 19 2016
This is working fine on 54.0.2832.2 on Windows-7, Mac OS 10.11.5 and Linux Ubuntu 14.04 as per the manual repro steps mentioned in C#0. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by brajkumar@chromium.org
, Aug 16 2016Status: Untriaged (was: Unconfirmed)