cc::PictureLayerTiling::SetRasterSourceAndResize goes to an invalid tile |
|||
Issue descriptionOn TOT, linux_chromeos. I'm resizing a reddit window horizontally. If I resize it back and forth enough it crashes. This doesn't happen if I resize both horiz and vertically together. The layer bounds are shrinking at the time of the crash. The webpage is probably not relevant but is www.reddit.com. Here's the last two bounds before the crash from UpdateRasterSource. [1:5:0323/174916.593006:ERROR:picture_layer_impl.cc(566)] 0x3548b7897800 809x2542 [1:5:0323/174916.655825:ERROR:picture_layer_impl.cc(566)] 0x3548b7897800 688x2784 [1:5:0323/174916.655870:FATAL:tiling_data.h(167)] Check failed: i < num_tiles_x_ (3 vs. 3) #0 0x7f6061046be7 base::debug::StackTrace::StackTrace() #1 0x7f606105e6da logging::LogMessage::~LogMessage() #2 0x7f606500f94c cc::TilingData::AssertTile() #3 0x7f606500fa2d cc::TilingData::TileBoundsWithBorder() #4 0x7f60620d8c8f cc::PictureLayerTiling::SetRasterSourceAndResize() #5 0x7f60620dd2a2 cc::PictureLayerTilingSet::UpdateTilingsToCurrentRasterSourceForCommit() #6 0x7f60620b05c6 cc::PictureLayerImpl::UpdateRasterSource() #7 0x7f60652d60ae cc::PictureLayer::PushPropertiesTo() #8 0x7f606209e75e cc::TreeSynchronizer::PushLayerProperties() #9 0x7f6062069006 cc::LayerTreeHost::FinishCommitOnImplThread() #10 0x7f60620fcde2 cc::ProxyImpl::ScheduledActionCommit()
,
Mar 31 2017
An update here, I haven't been able to reproduce this. If this is still happening consistently for someone, please let me know as I would like to add a patch with some debug info to see what the state is when the crash happens.
,
Apr 3 2017
I initially filed Issue 517581 but can no longer repro at r458055.
,
Jun 13 2017
I've just reproduced this when running a Debug build of chrome and randomly resizing Chrome window with www.engadget.com. 35916:37824:0612/172634.427:FATAL:tiling_data.h(167)] Check failed: i < num_tiles_x_ (2 vs. 2) I don't know if that might be related to the repro but I had an experimental D3D-vsync flag enabled and also had a patch applied that forces low resolution TimeTicks::Now() (https://codereview.chromium.org/2888833002).
,
Sep 20 2017
,
Oct 19 2017
I've been able to reproduce similar issue with an internal test case (that I can't share unfortunately) quite reliably.
I have these locals in PictureLayerTiling::SetRasterSourceAndResize:
before_left = 0
before_top = 0
before_right = 18
before_bottom = 2
after_right = 5
after_bottom = 3
The failing assert is triggered from this loop:
if (after_bottom > before_bottom) {
DCHECK_EQ(after_bottom, before_bottom + 1);
for (int i = before_left; i <= before_right; ++i) {
Tile::CreateInfo info = CreateInfoForTile(i, after_bottom);
if (ShouldCreateTileAt(info))
CreateTile(info);
}
}
The horizontal boundary is before_right (18) which is larger than what is currently in tiling_data_ (5) that is accessed in CreateInfoForTile.
Could it be as simple as the horizontal boundary is wrong and should be after_right instead of before_right?
Looks like a too simple mistake not to be caught (for a long time) by reviews and tests or triggered more problems than this so I might be missing something.
,
Oct 23 2017
Thanks for all this investigation. The loop above it is before_top / after_bottom and this inner loop is before_left / before_right. It certainly looks suspicious. vmpstr, are you still planning to look into this? Mostly asking since it's been assigned since March.
,
Oct 24 2017
,
Oct 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1c3e6c9460e94549284268db28e0eec81ac21738 commit 1c3e6c9460e94549284268db28e0eec81ac21738 Author: David Landell <landell@vewd.com> Date: Wed Oct 25 16:11:08 2017 Use the correct bounds when creating new tiles Using before_right as a horizontal bound in the related loop triggers a DCHECK in TilingData since the tiles outside of after_right doesn't exist after resize of tiling_data_. Bug: 704705 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I00a430129543aa29d2d20c7e52dab0d97e23e009 Reviewed-on: https://chromium-review.googlesource.com/730984 Commit-Queue: danakj <danakj@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Cr-Commit-Position: refs/heads/master@{#511479} [modify] https://crrev.com/1c3e6c9460e94549284268db28e0eec81ac21738/cc/tiles/picture_layer_tiling.cc [modify] https://crrev.com/1c3e6c9460e94549284268db28e0eec81ac21738/cc/tiles/picture_layer_tiling_unittest.cc
,
Oct 25 2017
Thanks for the debugging and the patch!!
,
Oct 27 2017
No problem. This was blocking us internally so I was happy to get some help with the reviewing. |
|||
►
Sign in to add a comment |
|||
Comment 1 by vmp...@chromium.org
, Mar 31 2017