CHECK failure: root_.GetDocument().View()->IsInPerformLayout() in SubtreeLayoutScope.cpp |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5764487809597440 Fuzzer: ifratric-browserfuzzer-v3 Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: root_.GetDocument().View()->IsInPerformLayout() in SubtreeLayoutScope.cpp blink::SubtreeLayoutScope::SubtreeLayoutScope blink::LayoutGrid::UpdateBlockLayout Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=466662:466677 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5764487809597440 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 5 2017
,
Jun 5 2017
Is this a dup?
,
Jun 5 2017
I added the CHECK recently as a diagnostic for another bug. The CHECK has since been removed.
,
Jun 6 2017
Isn't it this CHECK? https://chromium.googlesource.com/chromium/src/+/master/third_party/WebKit/Source/core/layout/SubtreeLayoutScope.cpp#39 I'm hitting this on Chromium 59.0.3071.86 (on Arch Linux). What is the significance of it? I've gotten "something went wrong" pages both times this happened. (It occurs very infrequently though.)
,
Jun 6 2017
This is actually a duplicate, still working on the original bug.
,
Jul 19 2017
Un-duplicating, this is a different bug. The problem here appears to be that during preferred with calculation, LayoutGrid calls into the regular layout code. Preferred widths can be calculated at any time, but UpdateLayout expects to be called only during DocumentLifecycle::kInPerformLayout. Assigning to svillar@, who is most familiar with the LayoutGrid code.
,
Sep 30 2017
,
Jan 22 2018
I think this has been fixed long time ago. Please do reopen if detected again. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by shrike@chromium.org
, Jun 3 2017