New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684571 link

Starred by 2 users
Status: Assigned
Owner:
schenney@chromium.org
Cc:
msrchandra@chromium.org
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , All
Pri: 2
Type: Bug



Sign in to add a comment

!std::isnan(static_cast<double>(value)) in MathExtras.h

Project Member Reported by ClusterFuzz, Jan 24 2017

Comment 1 by tkent@chromium.org, Jan 24 2017

Components: Blink>Animation Blink>Compositing

Comment 2 by alancutter@chromium.org, Jan 25 2017

Components: -Blink>Compositing -Blink>Animation Blink>Layout
Labels: -OS-Linux -Pri-1 OS-All Pri-2
Status: Available (was: Untriaged)
Able to repro without animations:
<style>
* { transform: scale(401097138271278291218014369784239731996273651907446632432050481860968837260646849527963905321140416504885948851035728884554668596377381844301691779646212276883999347210107904321400853234770400262630966685414177300637226084969485531323928171747339097329680466618459981653096907825383901203435465119229388903918693402127369724991051786999555709460879796564837102452367628787119790434501380107047836355838879441103978499945667529484302237233525892600799265138305038712034566566617672453247882237070896, 5); }
</style>
Project Member

Comment 3 by ClusterFuzz, Mar 16 2017

Labels: OS-Linux

Comment 4 by msrchandra@chromium.org, Mar 29 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong M-57
Owner: ricea@chromium.org
Status: Assigned (was: Available)
Using Code Search for the file, "MathExtras.h", assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/b37bdbd63ea254bbaaab5e1094cbe37c441f4bb2

@ricea -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 5 by ricea@chromium.org, Mar 30 2017

Owner: chrishtr@chromium.org
Need a proper debug build to get line information, but based on a stack trace from a release build and a bit of code search and imagination, the problem appears to be this line in third_party/WebKit/Source/core/layout/LayoutGeometryMap.cpp:

    ASSERT(enclosingIntRect(layoutObjectMappedResult) ==
               enclosingIntRect(result.boundingBox()) ||
           layoutObjectMappedResult.mayNotHaveExactIntRectRepresentation() ||
           result.boundingBox().mayNotHaveExactIntRectRepresentation());

As such, assigning chrishtr@ who last tried to fix this assert.

Comment 6 by chrishtr@chromium.org, Apr 7 2017

Owner: ----
Status: Available (was: Assigned)
Project Member

Comment 7 by ClusterFuzz, Jul 30 2017

Labels: Stability-Memory-AddressSanitizer
Detailed report: https://clusterfuzz.com/testcase?key=6464587770888192

Job Type: linux_debug_content_shell_drt
Crash Type: CHECK failure
Crash Address: 
Crash State:
  !std::isnan(static_cast<double>(value)) in MathExtras.h
  int clampTo<int, float>
  blink::FlooredIntPoint
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6464587770888192


See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 8 by sheriffbot@chromium.org, Jul 31

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 9 by e...@chromium.org, Aug 1

Components: -Blink>Layout Blink>Paint

Comment 10 by schenney@chromium.org, Aug 6

Owner: schenney@chromium.org
Status: Assigned (was: Untriaged)

Sign in to add a comment