New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 705963 link

Starred by 7 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jun 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows , All
Pri: 2
Type: Bug



Sign in to add a comment

CHECK(column_number >= 0) hit in debug::Location::Location

Reported by jm.acun...@gmail.com, Mar 28 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36

Steps to reproduce the problem:
1- I access the web address
https://drive.google.com/
2- Right click on element button New -> To Inspect
3- Edit as HTML
4- add onclick="debugger"
5- click the button
6- crash

What is the expected behavior?

What went wrong?
Crash

Crashed report ID: Lock ID 7a65e651-3e33-4b1c-be52-5fde797e3932

How much crashed? Just one tab

Is it a problem with a plugin? N/A 

Did this work before? N/A 

Chrome version: 57.0.2987.110  Channel: stable
OS Version: 6.3
Flash Version: Shockwave Flash 25.0 r0
 

Comment 1 by jochen@chromium.org, Mar 28 2017

Cc: yangguo@chromium.org
Components: Platform>DevTools>JavaScript
Labels: OS-All
Owner: kozyatinskiy@chromium.org
Status: Assigned (was: Unconfirmed)
Summary: CHECK(column_number >= 0) hit in debug::Location::Location (was: Crash debugging at https://drive.google.com/ in Google Chrome Versión 59.0.3053.3 (Build oficial) canary (64 bits))
reproduces, e.g. crash id 62bc513480000000
It's because we generate negative offset when run function for event listeners. I'll take a look.
Project Member

Comment 3 by sheriffbot@chromium.org, Mar 31 2017

Labels: FoundIn-M-59 Fracas
Users experienced this crash on the following builds:

Mac Canary 59.0.3056.0 -  0.34 CPM, 2 reports, 2 clients (signature v8::debug::Location::Location)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Cc: jochen@chromium.org
 Issue 705947  has been merged into this issue.
 Issue 705960  has been merged into this issue.
 Issue 705966  has been merged into this issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 23 2017

Labels: FoundIn-M-60
Users experienced this crash on the following builds:

Mac Canary 60.0.3078.0 -  1.01 CPM, 2 reports, 1 clients (signature v8::debug::Location::Location)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 8 by sheriffbot@chromium.org, May 29 2017

Labels: FoundIn-M-61
Users experienced this crash on the following builds:

Mac Canary 61.0.3114.0 -  1.24 CPM, 2 reports, 1 clients (signature v8::debug::Location::Location)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Cc: kozyatinskiy@chromium.org hdodda@chromium.org
 Issue 727124  has been merged into this issue.
Project Member

Comment 10 by bugdroid1@chromium.org, May 31 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6a65e6deef998ef94a3c8ab5eb50b9378dcf9038

commit 6a65e6deef998ef94a3c8ab5eb50b9378dcf9038
Author: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Date: Wed May 31 14:02:03 2017

[inspector] don't create negative location for isBlackboxed check

V8 provides ScriptCompiler::CompileFunctionInContext method which takes expression and compile it as anonymous function like (function() .. expression ..). To produce correct locations for stmts inside of this expression V8 compile this function with negative offset. Instead of stmt position blackboxing use function start position which is negative in described case.

Bug:  chromium:705963 
Change-Id: I86b113198fb59e77b3bbf523c8cd943e22f8a6ca
Reviewed-on: https://chromium-review.googlesource.com/519384
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45637}
[modify] https://crrev.com/6a65e6deef998ef94a3c8ab5eb50b9378dcf9038/src/debug/debug.cc
[add] https://crrev.com/6a65e6deef998ef94a3c8ab5eb50b9378dcf9038/test/inspector/debugger/script-with-negative-offset-expected.txt
[add] https://crrev.com/6a65e6deef998ef94a3c8ab5eb50b9378dcf9038/test/inspector/debugger/script-with-negative-offset.js

Status: Fixed (was: Assigned)
Components: Blink>JavaScript
Labels: Merge-Request-6.0
The change by itself is trivial and fixes a crash. I think we should merge it to beta.
Please take a look.
 Issue 732213  has been merged into this issue.
Labels: Merge-Request-60
Project Member

Comment 15 by sheriffbot@chromium.org, Jun 12 2017

Labels: -Merge-Request-60 Hotlist-Merge-Review Merge-Review-60
This bug requires manual review: M60 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: -Merge-Review-60 Merge-Approved-60
Approving merge for M60. 
Labels: -Merge-Request-6.0 Merge-Merged
Merged: https://chromium-review.googlesource.com/c/539516/
Project Member

Comment 18 by sheriffbot@chromium.org, Jun 20 2017

Cc: abdulsyed@chromium.org
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: -Merge-Approved-60

Sign in to add a comment