paddedLogicalBottomInFlowThread >= columnSet->logicalBottomInFlowThread in LayoutPagedFlowThread.cpp
Reported by
hodovan....@gmail.com,
Feb 9 2017
|
||
Issue description
Chrome Version: 58.0.3008.0
OS: Ubuntu 16.04.1 LTS, x86_64
What steps will reproduce the problem?
(1) Load the attached test case with debug content_shell:
<style>
* {
overflow-y: -webkit-paged-y;
max-height: 0;
-webkit-padding-after : 3520895340in;
}
</style>
<a>a</a>
What is the expected result?
Run the test without any failure.
Backtrace:
[1:1:0208/235541.371360:207072273689:FATAL:LayoutPagedFlowThread.cpp(57)] Check failed: paddedLogicalBottomInFlowThread >= columnSet->logicalBottomInFlowThread().
#0 0x7fe6c3612086 base::debug::StackTrace::StackTrace()
#1 0x7fe6c3610195 base::debug::StackTrace::StackTrace()
#2 0x7fe6c367142d logging::LogMessage::~LogMessage()
#3 0x7fe6b74ac0e4 blink::LayoutPagedFlowThread::layout()
#4 0x7fe6b748b69b blink::LayoutMultiColumnFlowThread::layoutColumns()
#5 0x7fe6b73b93d3 blink::LayoutBlockFlow::layoutSpecialExcludedChild()
#6 0x7fe6b73bdd02 blink::LayoutBlockFlow::layoutBlockChildren()
#7 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#8 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#9 0x7fe6b73a073d blink::LayoutBlock::layout()
#10 0x7fe6b73bb533 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#11 0x7fe6b73bb7f9 blink::LayoutBlockFlow::layoutBlockChild()
#12 0x7fe6b73be0d0 blink::LayoutBlockFlow::layoutBlockChildren()
#13 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#14 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#15 0x7fe6b73a073d blink::LayoutBlock::layout()
#16 0x7fe6b73bb533 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#17 0x7fe6b73bb7f9 blink::LayoutBlockFlow::layoutBlockChild()
#18 0x7fe6b73be0d0 blink::LayoutBlockFlow::layoutBlockChildren()
#19 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#20 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#21 0x7fe6b73a073d blink::LayoutBlock::layout()
#22 0x7fe6b744f6e8 blink::LayoutFlowThread::layout()
#23 0x7fe6b748ea84 blink::LayoutMultiColumnFlowThread::layout()
#24 0x7fe6b74abf92 blink::LayoutPagedFlowThread::layout()
#25 0x7fe6b748b69b blink::LayoutMultiColumnFlowThread::layoutColumns()
#26 0x7fe6b73b93d3 blink::LayoutBlockFlow::layoutSpecialExcludedChild()
#27 0x7fe6b73bdd02 blink::LayoutBlockFlow::layoutBlockChildren()
#28 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#29 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#30 0x7fe6b73a073d blink::LayoutBlock::layout()
#31 0x7fe6b751f352 blink::LayoutView::layoutContent()
#32 0x7fe6b751fbf1 blink::LayoutView::layout()
#33 0x7fe6b6d8ad68 blink::layoutFromRootObject()
#34 0x7fe6b6d8b62d blink::FrameView::performLayout()
#35 0x7fe6b6d8c659 blink::FrameView::layout()
#36 0x7fe6b68e028a blink::Document::implicitClose()
#37 0x7fe6b76c9c43 blink::FrameLoader::checkCompleted()
#38 0x7fe6b68eea50 blink::Document::decrementLoadEventDelayCountAndCheckLoadEvent()
#39 0x7fe6b69d4bd8 blink::IncrementLoadEventDelayCount::clearAndCheckLoadEvent()
#40 0x7fe6b6f9790b blink::HTMLStyleElement::dispatchPendingEvent()
#41 0x7fe6b6f9931a _ZN4base8internal13FunctorTraitsIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS2_28IncrementLoadEventDelayCountESt14default_deleteIS5_EEEvE6InvokeIRKNS2_10PersistentIS3_EEJS8_EEEvSA_OT_DpOT0_
#42 0x7fe6b6f9906c _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN5blink16HTMLStyleElementEFvSt10unique_ptrINS4_28IncrementLoadEventDelayCountESt14default_deleteIS7_EEEJRKNS4_10PersistentIS5_EESA_EEEvOT_DpOT0_
#43 0x7fe6b6f98c10 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS3_28IncrementLoadEventDelayCountESt14default_deleteIS6_EEEJNS3_10PersistentIS4_EEN3WTF13PassedWrapperIS9_EEEEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_SG_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#44 0x7fe6b6f98acd _ZN4base8internal7InvokerINS0_9BindStateIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS3_28IncrementLoadEventDelayCountESt14default_deleteIS6_EEEJNS3_10PersistentIS4_EEN3WTF13PassedWrapperIS9_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#45 0x7fe6c3615fdb _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv
#46 0x7fe6c3615bc3 base::debug::TaskAnnotator::RunTask()
#47 0x7fe6bb5cc73d blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#48 0x7fe6bb5cb207 blink::scheduler::TaskQueueManager::DoWork()
#49 0x7fe6bb5df7ac _ZN4base8internal13FunctorTraitsIMN5blink9scheduler16TaskQueueManagerEFvbEvE6InvokeIRKNS_7WeakPtrIS4_EEJRKbEEEvS6_OT_DpOT0_
#50 0x7fe6bb5ddc22 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#51 0x7fe6bb5da23a _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKSt5tupleIJS9_bEEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#52 0x7fe6bb5d6a3a _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#53 0x7fe6c3615fdb _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv
#54 0x7fe6c3615bc3 base::debug::TaskAnnotator::RunTask()
#55 0x7fe6c369cdda base::MessageLoop::RunTask()
#56 0x7fe6c369cf38 base::MessageLoop::DeferOrRunPendingTask()
#57 0x7fe6c369d40b base::MessageLoop::DoWork()
#58 0x7fe6c36b7760 base::MessagePumpDefault::Run()
#59 0x7fe6c369c9d6 base::MessageLoop::RunHandler()
#60 0x7fe6c374eb53 base::RunLoop::Run()
#61 0x7fe6c76f1d57 content::RendererMain()
Received signal 6
#0 0x7fe6c3612086 base::debug::StackTrace::StackTrace()
#1 0x7fe6c3610195 base::debug::StackTrace::StackTrace()
#2 0x7fe6c3610f23 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7fe6caa74390 <unknown>
#4 0x7fe6b0e35428 gsignal
#5 0x7fe6b0e3702a abort
#6 0x7fe6c360e00d base::debug::(anonymous namespace)::DebugBreak()
#7 0x7fe6c360e026 base::debug::BreakDebugger()
#8 0x7fe6c36717c6 logging::LogMessage::~LogMessage()
#9 0x7fe6b74ac0e4 blink::LayoutPagedFlowThread::layout()
#10 0x7fe6b748b69b blink::LayoutMultiColumnFlowThread::layoutColumns()
#11 0x7fe6b73b93d3 blink::LayoutBlockFlow::layoutSpecialExcludedChild()
#12 0x7fe6b73bdd02 blink::LayoutBlockFlow::layoutBlockChildren()
#13 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#14 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#15 0x7fe6b73a073d blink::LayoutBlock::layout()
#16 0x7fe6b73bb533 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#17 0x7fe6b73bb7f9 blink::LayoutBlockFlow::layoutBlockChild()
#18 0x7fe6b73be0d0 blink::LayoutBlockFlow::layoutBlockChildren()
#19 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#20 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#21 0x7fe6b73a073d blink::LayoutBlock::layout()
#22 0x7fe6b73bb533 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded()
#23 0x7fe6b73bb7f9 blink::LayoutBlockFlow::layoutBlockChild()
#24 0x7fe6b73be0d0 blink::LayoutBlockFlow::layoutBlockChildren()
#25 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#26 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#27 0x7fe6b73a073d blink::LayoutBlock::layout()
#28 0x7fe6b744f6e8 blink::LayoutFlowThread::layout()
#29 0x7fe6b748ea84 blink::LayoutMultiColumnFlowThread::layout()
#30 0x7fe6b74abf92 blink::LayoutPagedFlowThread::layout()
#31 0x7fe6b748b69b blink::LayoutMultiColumnFlowThread::layoutColumns()
#32 0x7fe6b73b93d3 blink::LayoutBlockFlow::layoutSpecialExcludedChild()
#33 0x7fe6b73bdd02 blink::LayoutBlockFlow::layoutBlockChildren()
#34 0x7fe6b73ba9dd blink::LayoutBlockFlow::layoutChildren()
#35 0x7fe6b73ba342 blink::LayoutBlockFlow::layoutBlock()
#36 0x7fe6b73a073d blink::LayoutBlock::layout()
#37 0x7fe6b751f352 blink::LayoutView::layoutContent()
#38 0x7fe6b751fbf1 blink::LayoutView::layout()
#39 0x7fe6b6d8ad68 blink::layoutFromRootObject()
#40 0x7fe6b6d8b62d blink::FrameView::performLayout()
#41 0x7fe6b6d8c659 blink::FrameView::layout()
#42 0x7fe6b68e028a blink::Document::implicitClose()
#43 0x7fe6b76c9c43 blink::FrameLoader::checkCompleted()
#44 0x7fe6b68eea50 blink::Document::decrementLoadEventDelayCountAndCheckLoadEvent()
#45 0x7fe6b69d4bd8 blink::IncrementLoadEventDelayCount::clearAndCheckLoadEvent()
#46 0x7fe6b6f9790b blink::HTMLStyleElement::dispatchPendingEvent()
#47 0x7fe6b6f9931a _ZN4base8internal13FunctorTraitsIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS2_28IncrementLoadEventDelayCountESt14default_deleteIS5_EEEvE6InvokeIRKNS2_10PersistentIS3_EEJS8_EEEvSA_OT_DpOT0_
#48 0x7fe6b6f9906c _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN5blink16HTMLStyleElementEFvSt10unique_ptrINS4_28IncrementLoadEventDelayCountESt14default_deleteIS7_EEEJRKNS4_10PersistentIS5_EESA_EEEvOT_DpOT0_
#49 0x7fe6b6f98c10 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS3_28IncrementLoadEventDelayCountESt14default_deleteIS6_EEEJNS3_10PersistentIS4_EEN3WTF13PassedWrapperIS9_EEEEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_SG_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#50 0x7fe6b6f98acd _ZN4base8internal7InvokerINS0_9BindStateIMN5blink16HTMLStyleElementEFvSt10unique_ptrINS3_28IncrementLoadEventDelayCountESt14default_deleteIS6_EEEJNS3_10PersistentIS4_EEN3WTF13PassedWrapperIS9_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#51 0x7fe6c3615fdb _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv
#52 0x7fe6c3615bc3 base::debug::TaskAnnotator::RunTask()
#53 0x7fe6bb5cc73d blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#54 0x7fe6bb5cb207 blink::scheduler::TaskQueueManager::DoWork()
#55 0x7fe6bb5df7ac _ZN4base8internal13FunctorTraitsIMN5blink9scheduler16TaskQueueManagerEFvbEvE6InvokeIRKNS_7WeakPtrIS4_EEJRKbEEEvS6_OT_DpOT0_
#56 0x7fe6bb5ddc22 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#57 0x7fe6bb5da23a _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKSt5tupleIJS9_bEEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#58 0x7fe6bb5d6a3a _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#59 0x7fe6c3615fdb _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv
#60 0x7fe6c3615bc3 base::debug::TaskAnnotator::RunTask()
#61 0x7fe6c369cdda base::MessageLoop::RunTask()
r8: ffffffffff7c5020 r9: ffffffffff7c5010 r10: 0000000000000008 r11: 0000000000000202
r12: 00000000000013e1 r13: 00007ffde792f568 r14: 0000000000000001 r15: 0000000000000000
di: 0000000000000001 si: 0000000000000001 bp: 00007ffde792ecc0 bx: 0000130327cc07a0
dx: 0000000000000006 ax: 0000000000000000 cx: 00007fe6b0e35428 sp: 00007ffde792eb88
ip: 00007fe6b0e35428 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
#CRASHED - renderer
,
Feb 9 2017
Non security int overflows are considered WontFix for blink. |
||
►
Sign in to add a comment |
||
Comment 1 by nyerramilli@chromium.org
, Feb 9 2017Labels: Needs-Triage-M58