New issue
Advanced search Search tips

Issue 639191 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Aug 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Fatal error in ../../v8/src/parsing/scanner.cc, line 774 Check failed: (token.raw_literal_chars) == nullptr.

Project Member Reported by ukai@chromium.org, Aug 19 2016

Issue description

Version: 54.0.2832.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux

What steps will reproduce the problem?
(1) open spreadsheet (on docs.google.com/spreadsheets/)
(2)
(3)

What is the expected output?

What do you see instead?

renderer crash

#
# Fatal error in ../../v8/src/parsing/scanner.cc, line 774
# Check failed: (token.raw_literal_chars) == nullptr.
#

==== C stack trace ===============================

 1: 0x7ffff4108635
 2: 0x7ffff3e9aa84
 3: 0x7ffff3e9871a
 4: 0x7ffff3e98a68
 5: 0x7ffff3e60667
 6: 0x7ffff3e6bde1
 7: 0x7ffff3e64dac
 8: 0x7ffff3e5a869
 9: 0x7ffff3e6e80e
10: 0x7ffff3e58154
11: 0x7ffff3e67fa4
12: 0x7ffff3e5dbd5
13: 0x7ffff3e5a869
14: 0x7ffff3e5a02a
15: 0x7ffff3e59988
16: 0x7ffff3e72c2d
17: 0x7ffff3e72ae9
18: 0x7ffff3a41123
19: 0x7ffff3a42eb2
20: 0x7ffff3f02ec8
21: 0x7ffff3f02b2e
22: 0x18660ad063a7
Received signal 4 ILL_ILLOPN 7ffff410a57f
Received signal 11 SEGV_MAPERR 003000000020

Please use labels and text to provide additional information.
https://chromium.googlesource.com/v8/v8/+/c677f813814f5ead481fc2c91f7834989abccd25
 
Cc: -vogelheim@chromium.org
Owner: vogelheim@chromium.org
Status: Started (was: Untriaged)
Sorry for the breakage. Will revert (unless I can find an immediate fix).
Labels: -Pri-3 Pri-1
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 19 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/b68df2d27010b8fcf4f50f73644335dd584eecac

commit b68df2d27010b8fcf4f50f73644335dd584eecac
Author: vogelheim <vogelheim@chromium.org>
Date: Fri Aug 19 15:25:07 2016

Fix Scanner invariants w/ literal buffers.

This isn't the most elegant fix, but I'd prefer to not rework the logic
right now. What happens is:
- Most parts of the Scanner use nullptr to mean, no literal buffer.
- The bookmarking logic may end up with a state where there's a non-nullptr
  literal buffer, but it's empty. (length 0)
- These are functionally equivalent, so there's no 'real' bug.
- But it makes it hard to reason. This patch hence checks for length-0
  literal buffers, and uses nullptr instead.

R=marja@chromium.org
BUG= chromium:639191  v8:4947

Review-Url: https://codereview.chromium.org/2258073003
Cr-Commit-Position: refs/heads/master@{#38756}

[modify] https://crrev.com/b68df2d27010b8fcf4f50f73644335dd584eecac/src/parsing/scanner.cc
[modify] https://crrev.com/b68df2d27010b8fcf4f50f73644335dd584eecac/src/parsing/scanner.h

Status: Fixed (was: Started)
Fixed. Will verify once change tolls into Chromium.
Status: Verified (was: Fixed)
Works again on tip of tree.

Sign in to add a comment