New issue
Advanced search Search tips

Issue 693212 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
wangxianzhu@chromium.org
dgro...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Access of LayoutTable section data after it has been invalidated

Reported by msten...@opera.com, Feb 16 2017 
While trying to land https://codereview.chromium.org/2636153002/ with some DCHECKs on table section pointers being valid before returning them, I got failures in https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/391696

So I ended up removing the DCHECKs.

More details:

Failed step:
telemetry_perf_unittests (with patch) telemetry_perf_unittests (with patch)
Run on OS: 'Ubuntu-14.04'
failures:
benchmarks.system_health_smoke_test.SystemHealthBenchmarkSmokeTest.system_health.memory_desktop.browse:news:reddit

Sample backtrace:
#0 0x7f677ea2ce17 base::debug::StackTrace::StackTrace()
  #1 0x7f677ea465fb logging::LogMessage::~LogMessage()
  #2 0x7f67817b5fa1 blink::LayoutTableSection::mapToVisualRectInAncestorSpace()
  #3 0x7f67816fc9ba blink::LayoutBox::mapToVisualRectInAncestorSpace()
  #4 0x7f67816fc9ba blink::LayoutBox::mapToVisualRectInAncestorSpace()
  #5 0x7f67816bc7ca blink::IntersectionGeometry::clipToRoot()
  #6 0x7f67816bce36 blink::IntersectionGeometry::computeGeometry()
  #7 0x7f67811f0b90 blink::IntersectionObservation::computeIntersectionObservations()
  #8 0x7f67811f2d8f blink::IntersectionObserver::computeIntersectionObservations()
  #9 0x7f67811f63f5 blink::IntersectionObserverController::computeTrackedIntersectionObservations()
  #10 0x7f67813e4b97 blink::FrameView::updateViewportIntersectionsForSubtree()
  #11 0x7f67813e4cc9 blink::FrameView::updateViewportIntersectionsForSubtree()
  #12 0x7f67813e4cc9 blink::FrameView::updateViewportIntersectionsForSubtree()
  #13 0x7f67813e4cc9 blink::FrameView::updateViewportIntersectionsForSubtree()
  #14 0x7f67813e3f8c blink::FrameView::updateLifecyclePhasesInternal()
  #15 0x7f67813e3781 blink::FrameView::updateAllLifecyclePhases()
  #16 0x7f67818ec2da blink::PageAnimator::updateAllLifecyclePhases()
  #17 0x7f6780d436f8 blink::WebViewImpl::updateAllLifecyclePhases()
  #18 0x7f67820c91d7 content::RenderWidget::UpdateVisualState()
  #19 0x7f677f843a0d cc::ProxyMain::BeginMainFrame()
  #20 0x7f677f8b8754 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN2cc9ProxyMainEFvSt10unique_ptrINS4_28BeginMainFrameAndCommitStateESt14default_deleteIS7_EEERKNS_7WeakPtrIS5_EEJSA_EEEvOT_OT0_DpOT1_
  #21 0x7f677f8b8638 _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvSt10unique_ptrINS3_28BeginMainFrameAndCommitStateESt14default_deleteIS6_EEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperIS9_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
  #22 0x7f677eadaea9 base::debug::TaskAnnotator::RunTask()
  #23 0x7f6780cbaf50 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
  #24 0x7f6780cb8af5 blink::scheduler::TaskQueueManager::DoWork()
  #25 0x7f677d1e4715 _ZN4base8internal13FunctorTraitsIMN6policy17AsyncPolicyLoaderEFvbEvE6InvokeIRKNS_7WeakPtrIS3_EEJRKbEEEvS5_OT_DpOT0_
  #26 0x7f677eadaea9 base::debug::TaskAnnotator::RunTask()
  #27 0x7f677ea4da0d base::MessageLoop::RunTask()
  #28 0x7f677ea4e0c6 base::MessageLoop::DoWork()
  #29 0x7f677ea4fa49 base::MessagePumpDefault::Run()
  #30 0x7f677ea4d763 base::MessageLoop::RunHandler()
  #31 0x7f677ea74e2c base::RunLoop::Run()
  #32 0x7f67820d5adb content::RendererMain()
  #33 0x7f677e5f1017 content::RunZygote()
  #34 0x7f677e5f1748 content::RunNamedProcessTypeMain()
  #35 0x7f677e5f21a6 content::ContentMainRunnerImpl::Run()
  #36 0x7f677e5f0a90 content::ContentMain()
  #37 0x7f677cdff071 ChromeMain
  #38 0x7f67758aaf45 __libc_start_main
  #39 0x7f677cdfef01 <unknown>

Comment 1 by dtapu...@chromium.org, Mar 7 2017

Components: Blink>Layout

Comment 2 by e...@chromium.org, Mar 8 2017

Cc: dgro...@chromium.org
Components: -Blink>Layout Blink>Layout>Table
Status: Available (was: Untriaged)
Project Member

Comment 3 by sheriffbot@chromium.org, Mar 8 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by dgro...@chromium.org, Mar 8 2018

Labels: -Hotlist-Recharge-Cold
Status: Available (was: Untriaged)
 issue 682307  was fixed, so it's probably fine to add the DCHECK in 

https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/layout/LayoutTable.h?l=186&rcl=028d7f3596fc288af858b934be6fc24cf1152a86

Sign in to add a comment