New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 724351 link

Starred by 2 users
Status: Fixed
Owner:
ksakamoto@chromium.org
Closed: May 2017
Cc:
ajha@chromium.org
meade@chromium.org
rjwright@chromium.org
style-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Getting computed style for font-display causes crash

Project Member Reported by rjwright@chromium.org, May 19 2017 
Chrome Version: 60.0.3104.0
OS: Linux

What steps will reproduce the problem?
(1) Open the attached test case in dev channel
(2) OR
(3) console.log(getComputedStyle(someElement) & expand the computed style in the console.
CRASH.html
122 bytes View Download

Comment 1 by rjwright@chromium.org, May 19 2017 

Stack trace

[1:1:0519/125300.803215:FATAL:ComputedStyleCSSValueMapping.cpp(3758)] Check failed: false. 
#0 0x7fcff497c68b base::debug::StackTrace::StackTrace()
#1 0x7fcff497b38c base::debug::StackTrace::StackTrace()
#2 0x7fcff49eef43 logging::LogMessage::~LogMessage()
#3 0x7fcfe2674610 blink::ComputedStyleCSSValueMapping::Get()
#4 0x7fcfe25da2a2 blink::CSSComputedStyleDeclaration::GetPropertyCSSValue()
#5 0x7fcfe25db46b blink::CSSComputedStyleDeclaration::GetPropertyCSSValueInternal()
#6 0x7fcfe22e007e blink::V8CSSStyleDeclaration::namedPropertyGetterCustom()
#7 0x7fcfe39e358d blink::V8CSSStyleDeclaration::namedPropertyGetterCallback()
#8 0x7fcfe53c97dc v8::internal::PropertyCallbackArguments::Call()
#9 0x7fcfe54822fc v8::internal::(anonymous namespace)::GetPropertyWithInterceptorInternal()
#10 0x7fcfe547de95 v8::internal::Object::GetProperty()
#11 0x7fcfe53b2a38 v8::internal::LoadIC::Load()
#12 0x7fcfe53c00b1 v8::internal::__RT_impl_Runtime_LoadIC_Miss()
#13 0x172912584564 <unknown>

Received signal 6
#0 0x7fcff497c68b base::debug::StackTrace::StackTrace()
#1 0x7fcff497b38c base::debug::StackTrace::StackTrace()
#2 0x7fcff497c19f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7fcff4eb7330 <unknown>
#4 0x7fcfdaa03c37 gsignal
#5 0x7fcfdaa07028 abort
#6 0x7fcff4979386 base::debug::(anonymous namespace)::DebugBreak()
#7 0x7fcff4979368 base::debug::BreakDebugger()
#8 0x7fcff49ef3c4 logging::LogMessage::~LogMessage()
#9 0x7fcfe2674610 blink::ComputedStyleCSSValueMapping::Get()
#10 0x7fcfe25da2a2 blink::CSSComputedStyleDeclaration::GetPropertyCSSValue()
#11 0x7fcfe25db46b blink::CSSComputedStyleDeclaration::GetPropertyCSSValueInternal()
#12 0x7fcfe22e007e blink::V8CSSStyleDeclaration::namedPropertyGetterCustom()
#13 0x7fcfe39e358d blink::V8CSSStyleDeclaration::namedPropertyGetterCallback()
#14 0x7fcfe53c97dc v8::internal::PropertyCallbackArguments::Call()
#15 0x7fcfe54822fc v8::internal::(anonymous namespace)::GetPropertyWithInterceptorInternal()
#16 0x7fcfe547de95 v8::internal::Object::GetProperty()
#17 0x7fcfe53b2a38 v8::internal::LoadIC::Load()
#18 0x7fcfe53c00b1 v8::internal::__RT_impl_Runtime_LoadIC_Miss()
#19 0x172912584564 <unknown>
  r8: fffffffffffffed8  r9: fffffffffffffec8 r10: 0000000000000008 r11: 0000000000000202
 r12: 00007fcfe39e33e0 r13: 00007ffe33287b80 r14: 00007ffe33287bd8 r15: 00002a16df7b5020
  di: 0000000000000001  si: 0000000000000001  bp: 00007ffe33285540  bx: 00007fcff4dd7590
  dx: 0000000000000006  ax: 0000000000000000  cx: 00007fcfdaa03c37  sp: 00007ffe33285408
  ip: 00007fcfdaa03c37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Project Member

Comment 2 by ClusterFuzz, May 19 2017 

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=4779624126218240

Comment 3 by ajha@chromium.org, May 19 2017

Cc: ajha@chromium.org
Labels: Needs-Feedback
Unable to reproduce the issue on Linux chrome version: 60.0.3104.0 on official build.

rjwright@: Is this related to Debug build?

Comment 4 by rjwright@chromium.org, May 19 2017

Labels: -Pri-1 -Stability-Crash -ReleaseBlock-Dev Pri-2
Yes, come to think of it. Sorry. Will update labels.

Comment 5 by rjwright@chromium.org, May 21 2017

Status: WontFix (was: Available)

Comment 6 by alancutter@chromium.org, May 22 2017

Labels: -Needs-Feedback -Needs-Bisect -Update-Weekly Update-Fortnightly
Status: Available (was: WontFix)
Debug crashes are still worth fixing. This particular one is fairly harmless but we should avoid hitting asserts nonetheless.

Comment 7 by rjwright@chromium.org, May 22 2017 

OK cool, thanks Alan.

Comment 8 by meade@chromium.org, May 25 2017

Cc: meade@chromium.org
Owner: ksakamoto@chromium.org
Status: Assigned (was: Available)
ksakamoto, could you PTAL? We probably shouldn't be hitting that DCHECK. Thanks!
Project Member

Comment 9 by bugdroid1@chromium.org, May 25 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f19630697d1279c5b9a70fb250060dbadff1dbc8

commit f19630697d1279c5b9a70fb250060dbadff1dbc8
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Thu May 25 10:34:09 2017

Fix NOTREACHED when getting computed style for font-display

The font-display: property is valid only in @font-face rules, like src:
and unicode-range:. This patch makes ComputedStyleCSSValueMapping::Get()
just return nullptr for CSSPropertyFontDisplay.

Bug:  724351 
Change-Id: I433daa9c1ddc90ecf1d767ad75ec77e336c106ea
Reviewed-on: https://chromium-review.googlesource.com/515162
Reviewed-by: Eddy Mead <meade@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#474620}
[modify] https://crrev.com/f19630697d1279c5b9a70fb250060dbadff1dbc8/third_party/WebKit/Source/core/css/ComputedStyleCSSValueMapping.cpp

Comment 10 by ksakamoto@chromium.org, May 26 2017

Status: Fixed (was: Assigned)

Sign in to add a comment