New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 707430 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: May 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: !current_geometry_rect_.IsEmpty() in picture_layer_tiling.cc

Project Member Reported by ClusterFuzz, Mar 31 2017

Issue description

Components: Internals>Compositing
Labels: Test-Predator-Wrong M-58
Owner: vmp...@chromium.org
Status: Assigned (was: Untriaged)
Through code search on file picture_layer_tiling.cc, suspected CL is
https://chromium.googlesource.com/chromium/src/+/a0c89995ac1b48c6886c0b339329bfdd42c27e7d%5E%21/#F0

Comment 2 by vmp...@chromium.org, Apr 12 2017

Status: Started (was: Assigned)

Comment 3 by vmp...@chromium.org, Apr 15 2017

Cc: trchen@chromium.org
Status: Assigned (was: Started)
+trchen who has proposals on how to fix this in ToEnclosedRect.
Project Member

Comment 4 by bugdroid1@chromium.org, May 12 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf

commit 7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf
Author: vmpstr <vmpstr@chromium.org>
Date: Fri May 12 17:00:28 2017

cc: Fix bugs found by fuzzer due to floating point imprecision.

This patch changes two things:
- For scales that are within epsilon value of 1, we use 1 directly since
minute differences could cause changes when multiplied by large values
- Changed the index generation to consider the fact that using wanted
pixels might grab more tiles than needed.

BUG= 707430 
R=enne@chromium.org, danakj@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel

Review-Url: https://codereview.chromium.org/2816943004
Cr-Commit-Position: refs/heads/master@{#471342}

[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/cc/tiles/picture_layer_tiling.cc
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/cc/tiles/picture_layer_tiling.h
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/cc/tiles/picture_layer_tiling_unittest.cc
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/third_party/WebKit/LayoutTests/platform/linux/animations/skew-notsequential-compositor-expected.png
[add] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/third_party/WebKit/LayoutTests/platform/linux/http/tests/inspector/network/waterfall-images-expected.png
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/third_party/WebKit/LayoutTests/platform/mac/animations/skew-notsequential-compositor-expected.png
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/third_party/WebKit/LayoutTests/platform/mac/css3/blending/background-blend-mode-overlapping-accelerated-elements-expected.png
[modify] https://crrev.com/7ff1f0e4e9ad3eef8f4a1e36c08b95237a1c4dcf/third_party/WebKit/LayoutTests/platform/win/animations/skew-notsequential-compositor-expected.png

Project Member

Comment 5 by ClusterFuzz, May 13 2017

ClusterFuzz has detected this issue as fixed in range 471325:471350.

Detailed report: https://clusterfuzz.com/testcase?key=6332073083404288

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !current_geometry_rect_.IsEmpty() in picture_layer_tiling.cc
  cc::PictureLayerTiling::CoverageIterator::operator++
  cc::PictureLayerTilingSet::CoverageIterator::operator++
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=446721:447186
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=471325:471350

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6332073083404288


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, May 13 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6332073083404288 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment