Attaching screenshots for reference.. 

Deleted: Actual_print preview.png 104 KB

	Actual_print preview.png 104 KB View Download

Deleted: Expected_print preview.png 141 KB

	Expected_print preview.png 141 KB View Download

Chrome Crash Id:778b2018a0000000
Chrome Crash Id:75fd78e640000000 

 Issue 704444  has been merged into this issue.

Reproducible on 59.0.3049.0 on Mac OS 10.12.3 as well. Marking this as Dev blocker as this is recent regression.

Using the per-revision bisect providing the bisect results,
Good build: 59.0.3048.0 (Revision:458590).
Bad build:59.0.3049.0 (Revision:458956).

You are probably looking for a change made after 458792 (known good), but no later than 458793 (first known bad).
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/072c71cc3f3ad34d3df695fbb5673fa577eaafba..1ca395c8d57ebb90e54b84db946a37b4abae3aaa

@dsinclair: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.
Thank You.

Cary, is this related to Skia Paths?

This is #1 ppapi process related crash on the latest Windows canary(59.0.3049.0).

Stack trace of cf003fd8a0000000:
================================
Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x10000000000000000 ] MAGIC SIGNATURE THREAD
Stack Quality100%Show frame trust levels
0x00007ffccbec15aa	(chrome_child.dll -fx_skia_device.cpp:1369 )	CFX_SkiaDeviceDriver::RestoreState(bool)
0x00007ffccbed49d6	(chrome_child.dll -cfx_renderdevice.cpp:408 )	CFX_RenderDevice::RestoreState(bool)
0x00007ffccbe203c7	(chrome_child.dll -cpdf_renderstatus.cpp:1380 )	CPDF_RenderStatus::ProcessClipPath(CPDF_ClipPath,CFX_Matrix const *)
0x00007ffccbe2258b	(chrome_child.dll -cpdf_renderstatus.cpp:1074 )	CPDF_RenderStatus::RenderSingleObject(CPDF_PageObject *,CFX_Matrix const *)
0x00007ffccbe224e1	(chrome_child.dll -cpdf_renderstatus.cpp:1050 )	CPDF_RenderStatus::RenderObjectList(CPDF_PageObjectHolder const *,CFX_Matrix const *)
0x00007ffccbe200e2	(chrome_child.dll -cpdf_renderstatus.cpp:2610 )	CPDF_RenderStatus::LoadSMask(CPDF_Dictionary *,FX_RECT *,CFX_Matrix const *)
0x00007ffccbe21887	(chrome_child.dll -cpdf_renderstatus.cpp:1590 )	CPDF_RenderStatus::ProcessTransparency(CPDF_PageObject *,CFX_Matrix const *)
0x00007ffccbe1aa05	(chrome_child.dll -cpdf_renderstatus.cpp:1104 )	CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject *,CFX_Matrix const *,IFX_Pause *)
0x00007ffccbdfd13a	(chrome_child.dll -cpdf_progressiverenderer.cpp:78 )	CPDF_ProgressiveRenderer::Continue(IFX_Pause *)
0x00007ffccbdc9967	(chrome_child.dll -fpdfview.cpp:131 )	`anonymous namespace'::RenderPageImpl
0x00007ffccbdc92ea	(chrome_child.dll -fpdfview.cpp:1020 )	FPDF_RenderPage_Retail(CPDF_PageRenderContext *,void *,int,int,int,int,int,int,bool,IFSDK_PAUSE_Adapter *)
0x00007ffccbdd17f5	(chrome_child.dll -fpdf_progressive.cpp:55 )	FPDF_RenderPageBitmap_Start
0x00007ffccb0d4fab	(chrome_child.dll -pdfium_engine.cc:2975 )	chrome_pdf::PDFiumEngine::ContinuePaint(int,pp::ImageData *)
0x00007ffccb0da28a	(chrome_child.dll -pdfium_engine.cc:1108 )	chrome_pdf::PDFiumEngine::Paint(pp::Rect const &,pp::ImageData *,std::vector<pp::Rect,std::allocator<pp::Rect> > *,std::vector<pp::Rect,std::allocator<pp::Rect> > *)
0x00007ffccb0e2c49	(chrome_child.dll -out_of_process_instance.cc:922 )	chrome_pdf::OutOfProcessInstance::OnPaint(std::vector<pp::Rect,std::allocator<pp::Rect> > const &,std::vector<PaintManager::ReadyRect,std::allocator<PaintManager::ReadyRect> > *,std::vector<pp::Rect,std::allocator<pp::Rect> > *)
0x00007ffccb0e9417	(chrome_child.dll -paint_manager.cc:237 )	PaintManager::DoPaint()
0x00007ffccb0e99b2	(chrome_child.dll -paint_manager.cc:347 )	PaintManager::OnManualCallbackComplete(int)
0x00007ffccbd78d32	(chrome_child.dll -completion_callback_factory.h:584 )	pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::CallbackData<pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::Dispatcher0<void ( plugin::Plugin::*)(int)> >::Thunk(void *,int)
0x00007ffccb5bfb13	(chrome_child.dll -proxy_lock.h:135 )	ppapi::CallWhileUnlocked<void,PP_CompletionCallback *,int,PP_CompletionCallback *,int>(void (*)(PP_CompletionCallback *,int),PP_CompletionCallback * const &,int const &)
0x00007ffccbba26bc	(chrome_child.dll -ppb_core_proxy.cc:52 )	ppapi::proxy::`anonymous namespace'::CallbackWrapper
0x00007ffccbba28b5	(chrome_child.dll -bind_internal.h:339 )	base::internal::Invoker<base::internal::BindState<void (*)(PP_CompletionCallback,int),PP_CompletionCallback,int>,void >::Run(base::internal::BindStateBase *)
0x00007ffccb5bff29	(chrome_child.dll -proxy_lock.h:199 )	ppapi::internal::RunWhileLockedHelper<void >::CallWhileLocked(std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > >)
0x00007ffccb5c026b	(chrome_child.dll -bind_internal.h:339 )	base::internal::Invoker<base::internal::BindState<void (*)(std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > >),base::internal::PassedWrapper<std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > > > >,void >::Run(base::internal::BindStateBase *)
0x00007ffcc9dd440a	(chrome_child.dll -callback.h:91 )	base::Callback<void ,0,0>::Run( ?? )
0x00007ffcc9dd437d	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x00007ffcc9dd2e76	(chrome_child.dll -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask *)
0x00007ffcc9dd3fd6	(chrome_child.dll -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x00007ffcc9dd3832	(chrome_child.dll -message_pump_default.cc:33 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x00007ffcca390d01	(chrome_child.dll -run_loop.cc:37 )	base::RunLoop::Run()
0x00007ffccb03d704	(chrome_child.dll -ppapi_plugin_main.cc:157 )	content::PpapiPluginMain(content::MainFunctionParams const &)
0x00007ffcca39d23d	(chrome_child.dll -content_main_runner.cc:437 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x00007ffcca39cbd2	(chrome_child.dll -content_main_runner.cc:729 )	content::ContentMainRunnerImpl::Run()
0x00007ffcca0f6182	(chrome_child.dll -main.cc:179 )	service_manager::Main(service_manager::MainParams const &)
0x00007ffcca0f6411	(chrome_child.dll -chrome_main.cc:121 )	ChromeMain
0x00007ff6776d76c0	(chrome.exe -main_dll_loader_win.cc:201 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x00007ff6776d279a	(chrome.exe -chrome_exe_main_win.cc:271 )	wWinMain
0x00007ff677a258f2	(chrome.exe -exe_common.inl:253 )	__scrt_common_main_seh
0x00007ffd09308363	(KERNEL32.DLL + 0x00008363 )	BaseThreadInitThunk
0x00007ffd0a5170d0	(ntdll.dll + 0x000670d0 )	RtlUserThreadStart

Link to the list of the builds:
===============================
https://goto.google.com/szcnd

 Issue 704538  has been merged into this issue.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/409b663d532d4d6f09a1188fa3b9ac4044708bc4

commit 409b663d532d4d6f09a1188fa3b9ac4044708bc4
Author: Dan Sinclair <dsinclair@chromium.org>
Date: Thu Mar 23 15:53:58 2017

Handle the Clip command list being empty

If the command list is already empty when we attempt to restore the clip
we will access outside the command array.

BUG= chromium:704442 

Change-Id: Ib7c44e14f0de175f1c10c1a538d16987aa49bf8a
Reviewed-on: https://pdfium-review.googlesource.com/3159
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/409b663d532d4d6f09a1188fa3b9ac4044708bc4/core/fxge/skia/fx_skia_device.cpp

This should be fixed one the PDFium roll lands.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d

commit 98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Thu Mar 23 19:52:22 2017

Roll src/third_party/pdfium/ 4650ded3d..704aad8ef (4 commits)

https://pdfium.googlesource.com/pdfium.git/+log/4650ded3dcce..704aad8efb32

$ git log 4650ded3d..704aad8ef --date=short --no-merges --format='%ad %ae %s'
2017-03-23 caryclark fix skia path debug
2017-03-23 dsinclair Cleanup some xfa/fxfa code.
2017-03-23 weili Fix two CloneNonCycle issues
2017-03-23 dsinclair Handle the Clip command list being empty

Created with:
  roll-dep src/third_party/pdfium
BUG= 701860 , 704442 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2770083002
Cr-Commit-Position: refs/heads/master@{#459187}

[modify] https://crrev.com/98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d/DEPS

 Issue 704368  has been merged into this issue.

 Issue 704565  has been merged into this issue.

 Issue 704612  has been merged into this issue.

No crashes on Windows,Mac canary(59.0.3050.0) as per the crash server and manual repro steps. Hence adding the verified label.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/f4a9f83b38a0a45cda3205ad50747e6a7719f8ab

commit f4a9f83b38a0a45cda3205ad50747e6a7719f8ab
Author: Cary Clark <caryclark@google.com>
Date: Mon Mar 27 14:16:21 2017

fix new tab crash in skia clip stack

The crash on the new tab page is triggered by processing a transparency.

This creates a new Skia device in CPDF_RenderStatus::LoadSMask():

// cpdf_renderstatus.cpp # 2557
  if (!bitmap_device.Create(width, height, format, nullptr))

which sets the Skia clip stack to empty.

It then calls
   RenderObjectList()
      RenderSingleObject()
         ProcessClipPath()

which resets the clip stack;

// cpdf_renderstatus.cpp # 1882
  m_LastClipPath = ClipPath;
  m_pDevice->RestoreState(true);

At this point m_LastClipPath contains {m_Ref={m_pObject={m_pObj=empty } } }

The impelemntation in  CFX_AggDeviceDriver::RestoreState() is

// fx_agg_driver.cpp # 1283
  if (m_StateStack.empty())
    return;

This hides unbalanced save/restores, but reworking PDFium to balance is nontrivial.


R=dsinclair@chromium.org
BUG= chromium:704442 

Bug:

Change-Id: Ia70d4dd7bd118e40adc5c029acbaa0b66372d3aa
Reviewed-on: https://pdfium-review.googlesource.com/3191
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/f4a9f83b38a0a45cda3205ad50747e6a7719f8ab/core/fxge/skia/fx_skia_device.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46

commit 02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Mon Mar 27 17:06:01 2017

Roll src/third_party/pdfium/ 2977e1e34..0d6d1783e (6 commits)

https://pdfium.googlesource.com/pdfium.git/+log/2977e1e342a1..0d6d1783ed96

$ git log 2977e1e34..0d6d1783e --date=short --no-merges --format='%ad %ae %s'
2017-03-24 thestig Remove old test expectations after the Mac 10.12 upgrade.
2017-03-23 adenilson.cavalcanti Update to zlib 1.2.11
2017-03-24 caryclark fix new tab crash in skia clip stack
2017-03-24 tsepez kill another CFX_ArrayTemplate in cfde_txtedtengine.cpp
2017-03-24 tsepez Use std::vector in fxfa/app.
2017-03-24 stephana Ensure empty output directory to avoid duplicate upload

Created with:
  roll-dep src/third_party/pdfium
BUG= 703912 , 687631 , 704442 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2779673002
Cr-Commit-Position: refs/heads/master@{#459805}

[modify] https://crrev.com/02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46/DEPS