New issue
Advanced search Search tips

Issue 697029 link

Starred by 3 users
Status: Fixed
Owner:
reed@google.com
Closed: Jan 16
Cc:
mtklein@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

fatal error: "assert(fClipRect.contains(SkIRect::MakeXYWH(x, y, width, 1)))"

Reported by rog...@opera.com, Feb 28 2017 
Chrome Version: 58.0.3027.0 (Locally built content_shell with dchecks enabled)
OS: Linux

What steps will reproduce the problem?
(1) Build content_shell with dchecks enabled
(2) Run ./content_shell --no-sandbox --disable-gpu smaller_tc.html

What is the expected result?
No dcheck should triggered

What happens instead?
The following dcheck/assert is triggered every time I load it on my machine. 
[14382:14382:0228/152116.516966:7783138997637:INFO:SkBlitter.cpp(993)] ../../third_party/skia/src/core/SkBlitter.cpp:993: fatal error: "assert(fClipRect.contains(SkIRect::MakeXYWH(x, y, width, 1)))"

(Backtrace further down)

Please use labels and text to provide additional information.
The issue was found in a bigger test framework but I've minimized it as much as I could into a quite small test case (attached to this bug). Let me know of any hints on how to dump something from skia that could help in the investigation.

The assert/dcheck was added by https://skia-review.googlesource.com/c/4629/

Stacktrace:
[14382:14382:0228/152116.516966:7783138997637:INFO:SkBlitter.cpp(993)] ../../third_party/skia/src/core/SkBlitter.cpp:993: fatal error: "assert(fClipRect.contains(SkIRect::MakeXYWH(x, y, width, 1)))"

Received signal 6
#0 0x0000019692c7 base::debug::StackTrace::StackTrace()
#1 0x000001968e3f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f8ac846c390 <unknown>
#3 0x7f8ac34ba428 gsignal
#4 0x7f8ac34bc02a abort
#5 0x000001c47b66 sk_abort_no_print()
#6 0x000001ec4d49 SkRectClipCheckBlitter::blitH()
#7 0x000001d44fe5 walk_convex_edges()
#8 0x000001d44bc7 sk_fill_path()
#9 0x000001d45780 SkScan::FillPath()
#10 0x000001ccc9eb SkDraw::drawDevPath()
#11 0x000001ccceca SkDraw::drawPath()
#12 0x000001ccbe74 SkDraw::drawRect()
#13 0x000001c67ee7 SkCanvas::onDrawRect()
#14 0x000004810bc7 cc::SoftwareRenderer::DrawSolidColorQuad()
#15 0x00000480f693 cc::SoftwareRenderer::DoDrawQuad()
#16 0x0000047e37b8 cc::DirectRenderer::DrawRenderPass()
#17 0x0000047e28f5 cc::DirectRenderer::DrawRenderPassAndExecuteCopyRequests()
#18 0x0000047e25c7 cc::DirectRenderer::DrawFrame()
#19 0x0000027baa73 cc::Display::DrawAndSwap()
#20 0x0000027bc736 cc::DisplayScheduler::DrawAndSwap()
#21 0x0000027bbfbd cc::DisplayScheduler::AttemptDrawAndSwap()
#22 0x0000027bb7f7 cc::DisplayScheduler::OnBeginFrameDeadline()
#23 0x0000004c8d5a _ZN4base8internal13FunctorTraitsIMN7content21EmbeddedServiceRunnerEFvvEvE6InvokeIRKNS_7WeakPtrIS3_EEJEEEvS5_OT_DpOT0_
#24 0x00000064a3e3 base::CancelableCallback<>::Forward()
#25 0x0000004c8d5a _ZN4base8internal13FunctorTraitsIMN7content21EmbeddedServiceRunnerEFvvEvE6InvokeIRKNS_7WeakPtrIS3_EEJEEEvS5_OT_DpOT0_
#26 0x000001a0c589 base::debug::TaskAnnotator::RunTask()
smaller_tc.html
941 bytes View Download

Comment 1 by rog...@opera.com, Mar 15 2017

Cc: mtklein@chromium.org
In an attempt to make this a bit easier for someone to look into I narrowed it down even more and used the fiddle tool to create a skp. The .skp is attached and reproduces the issue on a clean skia checkout tot using the viewer:
./viewer --skps ./ --match dcheck_trigger

The fiddle used when creating the skp:
void draw(SkCanvas* canvas) {
    SkPaint p;
    p.setColor(SK_ColorRED);
    canvas->clipRect(SkRect::MakeXYWH(10, 43, 365, 362));
    SkMatrix mat;
    mat.setAll(-30.3208656, 254.198044, 151.760559, -254.198044, -30.3208656, 230.450836, 0, 0, 1);
    canvas->setMatrix(mat);
    canvas->drawRect(SkRect::MakeLTRB(-0.5, -0.5, 0.5, 0.5), p);
}
dcheck_trigger.skp
213 bytes Download

Comment 2 by rog...@opera.com, Mar 16 2017 

Some output from gdb when the assert triggers:
(gdb) f 3
#3  0x000000000086bcde in SkRectClipCheckBlitter::blitH (this=0x7fffffffae78, x=9, y=118, width=258) at ../../src/core/SkBlitter.cpp:997
997	    SkASSERT(fClipRect.contains(SkIRect::MakeXYWH(x, y, width, 1)));
(gdb) p fClipRect
$5 = {fLeft = 10, fTop = 43, fRight = 375, fBottom = 405}
(gdb) f 4
#4  0x0000000000b2aea9 in walk_convex_edges (prevHead=0x7fffffffaca0, blitter=0x7fffffffae78, start_y=88, stop_y=373, proc=0x0) at ../../src/core/SkScan_Path.cpp:295
295	                    blitter->blitH(L, local_top, R - L);
(gdb) list
290	        } else {
291	            do {
292	                int L = SkFixedRoundToInt(left);
293	                int R = SkFixedRoundToInt(rite);
294	                if (L < R) {
295	                    blitter->blitH(L, local_top, R - L);
296	                }
297	                left += dLeft;
298	                rite += dRite;
299	                local_top += 1;
(gdb) p L
$6 = 9
(gdb) p left
$7 = 622312
(gdb) p left * 1.52587890625e-5f # SkFixedToFloat(...)
$8 = 9.49572754

Comment 3 by hcm@chromium.org, Mar 28 2017

Cc: -reed@chromium.org
Owner: reed@chromium.org
Need reed to investigate this code when he returns and can dig out

Comment 4 by hcm@chromium.org, Jul 11 2017

Status: Assigned (was: Untriaged)

Comment 5 by reed@chromium.org, Jan 16

Owner: reed@google.com

Comment 6 by mtkl...@google.com, Jan 16

Status: Fixed (was: Assigned)
I did a quick check of the repo case from Comment #1 at head (fine), m68 (fine), and m64 (repro).  I think this is fixed, and if there's interest I'd be happy to bisect more carefully to find out what fixed this.

Sign in to add a comment