New issue
Advanced search Search tips

Issue 687019 link

Starred by 1 user
Status: Fixed
Owner:
pdr@chromium.org
Closed: Feb 2017
Cc:
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Crash in cc::LayerTreeHostImpl::FindScrollLayerForDeviceViewportPoint

Project Member Reported by pdr@chromium.org, Jan 31 2017 
After [1] we will crash on hit testing because the scroll node index it not set on all layers, only layers with scroll nodes:
* thread #30: tid = 0xe464e3, 0x000000011496c2f8 libcc.dylib`cc::PropertyTree<cc::ScrollNode>::parent(this=0x000000012a088080, t=0x0000000000000000) + 24 at property_tree.h:76, name = 'Compositor', stop reason = EXC_BAD_ACCESS (code=1, address=0x4)
  * frame #0: 0x000000011496c2f8 libcc.dylib`cc::PropertyTree<cc::ScrollNode>::parent(this=0x000000012a088080, t=0x0000000000000000) + 24 at property_tree.h:76
    frame #1: 0x00000001148e3af1 libcc.dylib`cc::LayerTreeHostImpl::FindScrollLayerForDeviceViewportPoint(this=0x000000012a528600, device_viewport_point=0x000070000d6ad110, type=TOUCHSCREEN, layer_impl=0x00000001274fadf0, scroll_on_main_thread=0x000070000d6ad107, main_thread_scrolling_reasons=0x000070000d6ad100) const + 561 at layer_tree_host_impl.cc:2546
    frame #2: 0x0000000114900fa5 libcc.dylib`cc::LayerTreeHostImpl::MouseMoveAt(this=0x000000012a528600, viewport_point=0x000070000d6ad220) + 373 at layer_tree_host_impl.cc:3266
    frame #3: 0x0000000102d205c0 libcontent.dylib`ui::InputHandlerProxy::HandleInputEvent(this=0x00000001276088d8, event=0x000000013c135e40) + 1904 at input_handler_proxy.cc:515

[1] https://codereview.chromium.org/2657863004
Project Member

Comment 1 by bugdroid1@chromium.org, Feb 2 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/06f6cd0653d33dc0e087cf3aede5df399ffc9db0

commit 06f6cd0653d33dc0e087cf3aede5df399ffc9db0
Author: pdr <pdr@chromium.org>
Date: Thu Feb 02 22:03:49 2017

Ensure PaintArtifactCompositor assigns a scroll tree index to all cc layers

[1] introduced a bug where the scroll tree index of a cc layer would
only be set for scrolling layers, and left as -1 otherwise. This
introduced a crash when doing impl-side hit testing for scroll events.

This patch extracts the nearestScrollNode logic from PaintLayer.cpp
and uses it for both PaintLayer and PaintArtifactCompositor. A
comment has been added warning of the performance implications.

[1] https://chromium.googlesource.com/chromium/src/+/3eee970eb6757c6ea3997e0722d7bab727b9c11c

BUG= 687019 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2667373002
Cr-Commit-Position: refs/heads/master@{#447854}

[modify] https://crrev.com/06f6cd0653d33dc0e087cf3aede5df399ffc9db0/third_party/WebKit/Source/core/paint/PaintLayer.cpp
[modify] https://crrev.com/06f6cd0653d33dc0e087cf3aede5df399ffc9db0/third_party/WebKit/Source/platform/graphics/compositing/PaintArtifactCompositor.cpp
[modify] https://crrev.com/06f6cd0653d33dc0e087cf3aede5df399ffc9db0/third_party/WebKit/Source/platform/graphics/compositing/PaintArtifactCompositorTest.cpp
[modify] https://crrev.com/06f6cd0653d33dc0e087cf3aede5df399ffc9db0/third_party/WebKit/Source/platform/graphics/paint/TransformPaintPropertyNode.cpp
[modify] https://crrev.com/06f6cd0653d33dc0e087cf3aede5df399ffc9db0/third_party/WebKit/Source/platform/graphics/paint/TransformPaintPropertyNode.h

Comment 2 by pdr@chromium.org, Feb 3 2017

Status: Fixed (was: Assigned)

Sign in to add a comment