New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 704442 link

Starred by 8 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression

Blocking:
issue pdfium:11



Sign in to add a comment

Regression:Sad face icon is seen in Print preview for NTP.

Project Member Reported by ratnavar...@techmahindra.com, Mar 23 2017

Issue description

Chrome Version:59.0.3049.0 dev
OS:Windows,Ubuntu 14.04

What steps will reproduce the problem?
(1)Launch chrome,Open NTP,Press Ctrl+P for print preview and Observe.

Actual:Sad face icon is seen in Print preview
Expected:Instead,Page print preview should be seen

This is a Regression issue broken in M-59

Good Build:59.0.3048.0 dev
Bad Build :59.0.3049.0 dev
 
Labels: ReleaseBlock-Beta
Attaching screenshots for reference.. 
Actual_print preview.png
104 KB View Download
Expected_print preview.png
141 KB View Download
Chrome Crash Id:778b2018a0000000
Chrome Crash Id:75fd78e640000000 

Comment 3 by ajha@chromium.org, Mar 23 2017

Cc: msrchandra@chromium.org ranjitkan@chromium.org nyerramilli@chromium.org
 Issue 704444  has been merged into this issue.

Comment 4 by ajha@chromium.org, Mar 23 2017

Labels: -ReleaseBlock-Beta ReleaseBlock-Dev OS-Mac
Status: Untriaged (was: Unconfirmed)
Reproducible on 59.0.3049.0 on Mac OS 10.12.3 as well. Marking this as Dev blocker as this is recent regression.
Labels: -Needs-Bisect -OS-Mac hasbisect-per-revision
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
Using the per-revision bisect providing the bisect results,
Good build: 59.0.3048.0 (Revision:458590).
Bad build:59.0.3049.0 (Revision:458956).

You are probably looking for a change made after 458792 (known good), but no later than 458793 (first known bad).
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/072c71cc3f3ad34d3df695fbb5673fa577eaafba..1ca395c8d57ebb90e54b84db946a37b4abae3aaa

@dsinclair: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.
Thank You.

Comment 6 by ajha@chromium.org, Mar 23 2017

Labels: OS-Mac
Cc: dsinclair@chromium.org
Owner: caryclark@google.com
Cary, is this related to Skia Paths?

Comment 8 by ajha@chromium.org, Mar 23 2017

Labels: Stability-Crash HasTestcase

Comment 9 by ajha@chromium.org, Mar 23 2017

This is #1 ppapi process related crash on the latest Windows canary(59.0.3049.0).

Stack trace of cf003fd8a0000000:
================================
Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x10000000000000000 ] MAGIC SIGNATURE THREAD
Stack Quality100%Show frame trust levels
0x00007ffccbec15aa	(chrome_child.dll -fx_skia_device.cpp:1369 )	CFX_SkiaDeviceDriver::RestoreState(bool)
0x00007ffccbed49d6	(chrome_child.dll -cfx_renderdevice.cpp:408 )	CFX_RenderDevice::RestoreState(bool)
0x00007ffccbe203c7	(chrome_child.dll -cpdf_renderstatus.cpp:1380 )	CPDF_RenderStatus::ProcessClipPath(CPDF_ClipPath,CFX_Matrix const *)
0x00007ffccbe2258b	(chrome_child.dll -cpdf_renderstatus.cpp:1074 )	CPDF_RenderStatus::RenderSingleObject(CPDF_PageObject *,CFX_Matrix const *)
0x00007ffccbe224e1	(chrome_child.dll -cpdf_renderstatus.cpp:1050 )	CPDF_RenderStatus::RenderObjectList(CPDF_PageObjectHolder const *,CFX_Matrix const *)
0x00007ffccbe200e2	(chrome_child.dll -cpdf_renderstatus.cpp:2610 )	CPDF_RenderStatus::LoadSMask(CPDF_Dictionary *,FX_RECT *,CFX_Matrix const *)
0x00007ffccbe21887	(chrome_child.dll -cpdf_renderstatus.cpp:1590 )	CPDF_RenderStatus::ProcessTransparency(CPDF_PageObject *,CFX_Matrix const *)
0x00007ffccbe1aa05	(chrome_child.dll -cpdf_renderstatus.cpp:1104 )	CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject *,CFX_Matrix const *,IFX_Pause *)
0x00007ffccbdfd13a	(chrome_child.dll -cpdf_progressiverenderer.cpp:78 )	CPDF_ProgressiveRenderer::Continue(IFX_Pause *)
0x00007ffccbdc9967	(chrome_child.dll -fpdfview.cpp:131 )	`anonymous namespace'::RenderPageImpl
0x00007ffccbdc92ea	(chrome_child.dll -fpdfview.cpp:1020 )	FPDF_RenderPage_Retail(CPDF_PageRenderContext *,void *,int,int,int,int,int,int,bool,IFSDK_PAUSE_Adapter *)
0x00007ffccbdd17f5	(chrome_child.dll -fpdf_progressive.cpp:55 )	FPDF_RenderPageBitmap_Start
0x00007ffccb0d4fab	(chrome_child.dll -pdfium_engine.cc:2975 )	chrome_pdf::PDFiumEngine::ContinuePaint(int,pp::ImageData *)
0x00007ffccb0da28a	(chrome_child.dll -pdfium_engine.cc:1108 )	chrome_pdf::PDFiumEngine::Paint(pp::Rect const &,pp::ImageData *,std::vector<pp::Rect,std::allocator<pp::Rect> > *,std::vector<pp::Rect,std::allocator<pp::Rect> > *)
0x00007ffccb0e2c49	(chrome_child.dll -out_of_process_instance.cc:922 )	chrome_pdf::OutOfProcessInstance::OnPaint(std::vector<pp::Rect,std::allocator<pp::Rect> > const &,std::vector<PaintManager::ReadyRect,std::allocator<PaintManager::ReadyRect> > *,std::vector<pp::Rect,std::allocator<pp::Rect> > *)
0x00007ffccb0e9417	(chrome_child.dll -paint_manager.cc:237 )	PaintManager::DoPaint()
0x00007ffccb0e99b2	(chrome_child.dll -paint_manager.cc:347 )	PaintManager::OnManualCallbackComplete(int)
0x00007ffccbd78d32	(chrome_child.dll -completion_callback_factory.h:584 )	pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::CallbackData<pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::Dispatcher0<void ( plugin::Plugin::*)(int)> >::Thunk(void *,int)
0x00007ffccb5bfb13	(chrome_child.dll -proxy_lock.h:135 )	ppapi::CallWhileUnlocked<void,PP_CompletionCallback *,int,PP_CompletionCallback *,int>(void (*)(PP_CompletionCallback *,int),PP_CompletionCallback * const &,int const &)
0x00007ffccbba26bc	(chrome_child.dll -ppb_core_proxy.cc:52 )	ppapi::proxy::`anonymous namespace'::CallbackWrapper
0x00007ffccbba28b5	(chrome_child.dll -bind_internal.h:339 )	base::internal::Invoker<base::internal::BindState<void (*)(PP_CompletionCallback,int),PP_CompletionCallback,int>,void >::Run(base::internal::BindStateBase *)
0x00007ffccb5bff29	(chrome_child.dll -proxy_lock.h:199 )	ppapi::internal::RunWhileLockedHelper<void >::CallWhileLocked(std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > >)
0x00007ffccb5c026b	(chrome_child.dll -bind_internal.h:339 )	base::internal::Invoker<base::internal::BindState<void (*)(std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > >),base::internal::PassedWrapper<std::unique_ptr<ppapi::internal::RunWhileLockedHelper<void >,std::default_delete<ppapi::internal::RunWhileLockedHelper<void > > > > >,void >::Run(base::internal::BindStateBase *)
0x00007ffcc9dd440a	(chrome_child.dll -callback.h:91 )	base::Callback<void ,0,0>::Run( ?? )
0x00007ffcc9dd437d	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x00007ffcc9dd2e76	(chrome_child.dll -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask *)
0x00007ffcc9dd3fd6	(chrome_child.dll -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x00007ffcc9dd3832	(chrome_child.dll -message_pump_default.cc:33 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x00007ffcca390d01	(chrome_child.dll -run_loop.cc:37 )	base::RunLoop::Run()
0x00007ffccb03d704	(chrome_child.dll -ppapi_plugin_main.cc:157 )	content::PpapiPluginMain(content::MainFunctionParams const &)
0x00007ffcca39d23d	(chrome_child.dll -content_main_runner.cc:437 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x00007ffcca39cbd2	(chrome_child.dll -content_main_runner.cc:729 )	content::ContentMainRunnerImpl::Run()
0x00007ffcca0f6182	(chrome_child.dll -main.cc:179 )	service_manager::Main(service_manager::MainParams const &)
0x00007ffcca0f6411	(chrome_child.dll -chrome_main.cc:121 )	ChromeMain
0x00007ff6776d76c0	(chrome.exe -main_dll_loader_win.cc:201 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x00007ff6776d279a	(chrome.exe -chrome_exe_main_win.cc:271 )	wWinMain
0x00007ff677a258f2	(chrome.exe -exe_common.inl:253 )	__scrt_common_main_seh
0x00007ffd09308363	(KERNEL32.DLL + 0x00008363 )	BaseThreadInitThunk
0x00007ffd0a5170d0	(ntdll.dll + 0x000670d0 )	RtlUserThreadStart

Link to the list of the builds:
===============================
https://goto.google.com/szcnd
Blocking: pdfium:11
Cc: mukai@chromium.org halcanary@chromium.org thestig@chromium.org wangxianzhu@chromium.org lazyboy@chromium.org raymes@chromium.org arthurso...@chromium.org tsepez@chromium.org
 Issue 704538  has been merged into this issue.
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 23 2017

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/409b663d532d4d6f09a1188fa3b9ac4044708bc4

commit 409b663d532d4d6f09a1188fa3b9ac4044708bc4
Author: Dan Sinclair <dsinclair@chromium.org>
Date: Thu Mar 23 15:53:58 2017

Handle the Clip command list being empty

If the command list is already empty when we attempt to restore the clip
we will access outside the command array.

BUG= chromium:704442 

Change-Id: Ib7c44e14f0de175f1c10c1a538d16987aa49bf8a
Reviewed-on: https://pdfium-review.googlesource.com/3159
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/409b663d532d4d6f09a1188fa3b9ac4044708bc4/core/fxge/skia/fx_skia_device.cpp

Status: Fixed (was: Assigned)
This should be fixed one the PDFium roll lands.
Project Member

Comment 14 by bugdroid1@chromium.org, Mar 23 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d

commit 98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Thu Mar 23 19:52:22 2017

Roll src/third_party/pdfium/ 4650ded3d..704aad8ef (4 commits)

https://pdfium.googlesource.com/pdfium.git/+log/4650ded3dcce..704aad8efb32

$ git log 4650ded3d..704aad8ef --date=short --no-merges --format='%ad %ae %s'
2017-03-23 caryclark fix skia path debug
2017-03-23 dsinclair Cleanup some xfa/fxfa code.
2017-03-23 weili Fix two CloneNonCycle issues
2017-03-23 dsinclair Handle the Clip command list being empty

Created with:
  roll-dep src/third_party/pdfium
BUG= 701860 , 704442 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2770083002
Cr-Commit-Position: refs/heads/master@{#459187}

[modify] https://crrev.com/98e2804af2b390fb59ca7c8cb3a79fd496d3fd1d/DEPS

 Issue 704368  has been merged into this issue.
 Issue 704565  has been merged into this issue.
 Issue 704612  has been merged into this issue.

Comment 18 by ajha@chromium.org, Mar 24 2017

Labels: TE-Verified-M59 TE-Verified-59.0.3050.0
No crashes on Windows,Mac canary(59.0.3050.0) as per the crash server and manual repro steps. Hence adding the verified label.
Project Member

Comment 19 by bugdroid1@chromium.org, Mar 27 2017

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/f4a9f83b38a0a45cda3205ad50747e6a7719f8ab

commit f4a9f83b38a0a45cda3205ad50747e6a7719f8ab
Author: Cary Clark <caryclark@google.com>
Date: Mon Mar 27 14:16:21 2017

fix new tab crash in skia clip stack

The crash on the new tab page is triggered by processing a transparency.

This creates a new Skia device in CPDF_RenderStatus::LoadSMask():

// cpdf_renderstatus.cpp # 2557
  if (!bitmap_device.Create(width, height, format, nullptr))

which sets the Skia clip stack to empty.

It then calls
   RenderObjectList()
      RenderSingleObject()
         ProcessClipPath()

which resets the clip stack;

// cpdf_renderstatus.cpp # 1882
  m_LastClipPath = ClipPath;
  m_pDevice->RestoreState(true);

At this point m_LastClipPath contains {m_Ref={m_pObject={m_pObj=empty } } }

The impelemntation in  CFX_AggDeviceDriver::RestoreState() is

// fx_agg_driver.cpp # 1283
  if (m_StateStack.empty())
    return;

This hides unbalanced save/restores, but reworking PDFium to balance is nontrivial.


R=dsinclair@chromium.org
BUG= chromium:704442 

Bug:

Change-Id: Ia70d4dd7bd118e40adc5c029acbaa0b66372d3aa
Reviewed-on: https://pdfium-review.googlesource.com/3191
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/f4a9f83b38a0a45cda3205ad50747e6a7719f8ab/core/fxge/skia/fx_skia_device.cpp

Project Member

Comment 20 by bugdroid1@chromium.org, Mar 27 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46

commit 02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Mon Mar 27 17:06:01 2017

Roll src/third_party/pdfium/ 2977e1e34..0d6d1783e (6 commits)

https://pdfium.googlesource.com/pdfium.git/+log/2977e1e342a1..0d6d1783ed96

$ git log 2977e1e34..0d6d1783e --date=short --no-merges --format='%ad %ae %s'
2017-03-24 thestig Remove old test expectations after the Mac 10.12 upgrade.
2017-03-23 adenilson.cavalcanti Update to zlib 1.2.11
2017-03-24 caryclark fix new tab crash in skia clip stack
2017-03-24 tsepez kill another CFX_ArrayTemplate in cfde_txtedtengine.cpp
2017-03-24 tsepez Use std::vector in fxfa/app.
2017-03-24 stephana Ensure empty output directory to avoid duplicate upload

Created with:
  roll-dep src/third_party/pdfium
BUG= 703912 , 687631 , 704442 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2779673002
Cr-Commit-Position: refs/heads/master@{#459805}

[modify] https://crrev.com/02177c7ab2602bac1fa9f2dfdc9421b70a4c3f46/DEPS

Sign in to add a comment