validate AggregatedHitTestRegion data received from HitTestAggregator |
|||||||||||||||
Issue descriptionHitTestQuery needs to validate AggregatedHitTestRegion data received from HitTestAggregator.
,
Jul 19 2017
,
Aug 1 2017
I recommend a fuzz test.
,
Aug 15 2017
,
Oct 11 2017
I occasionally hit this DCHECK when running the browser_test ConstrainedWebDialogBrowserTest.ContentResizeInAutoResizingDialog in --mus. I'm upping the priority.
,
Oct 11 2017
This DCHECK (https://cs.chromium.org/chromium/src/components/viz/host/hit_test/hit_test_query.cc?type=cs&q=hit_test_query&l=29)? HitTestQuery would only be used if --use-viz-hit-test is turned on tho?
,
Oct 11 2017
I added the comment to this bug as I'm hitting the DCHECK in HostFrameSinkManager::SwitchActiveAggregatedHitTestRegionList[1], which references this bug. [1] https://cs.chromium.org/chromium/src/components/viz/host/host_frame_sink_manager.cc?type=cs&q=HostFrameSinkManager::SwitchActiveAggregatedHitTestRegionList&sq=package:chromium&l=287
,
Oct 11 2017
Ah I see, sorry forgot that I referenced this bug from several places instead of just in HTQ. I'll take a look at that.
,
Oct 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5d04c4e406b9907cee94ead7bd8170d71f8a37fe commit 5d04c4e406b9907cee94ead7bd8170d71f8a37fe Author: Ria Jiang <riajiang@chromium.org> Date: Thu Oct 26 15:30:22 2017 Drop hit-test data when the corresponding HitTestQuery has been deleted. In HostFrameSinkManager::InvalidateFrameSinkId, we erase the HTQ associated with that frame_sink_id. We send that msg to FrameSinkManager but it can be cross-process and we can still be sending hit-test data to HostFrameSinkManager/ that HTQ when it has already been deleted at the same time. Drop the hit-test data in those cases. Bug: 746470 Test: viz_unittests Change-Id: I4bc80319e5195f3aed46b8a41872fd31d879f7ba Reviewed-on: https://chromium-review.googlesource.com/736351 Reviewed-by: kylechar <kylechar@chromium.org> Commit-Queue: Ria Jiang <riajiang@chromium.org> Cr-Commit-Position: refs/heads/master@{#511825} [modify] https://crrev.com/5d04c4e406b9907cee94ead7bd8170d71f8a37fe/components/viz/host/host_frame_sink_manager.cc [modify] https://crrev.com/5d04c4e406b9907cee94ead7bd8170d71f8a37fe/components/viz/host/host_frame_sink_manager_unittest.cc
,
Feb 26 2018
,
Apr 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5e5ba789e10b0319d1812467d8ef834f69fd847b commit 5e5ba789e10b0319d1812467d8ef834f69fd847b Author: Ria Jiang <riajiang@chromium.org> Date: Tue Apr 10 00:20:22 2018 Don't crash viz host when shared memory buffer is not valid, crash viz instead. When viz host receives invalid shared memory buffers, use the callback received from content/browser to shut down gpu process. Bug: 746470 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel Change-Id: Ic5fc690266aa4acb76d66c006706e9166771c900 Reviewed-on: https://chromium-review.googlesource.com/983002 Commit-Queue: Ria Jiang <riajiang@chromium.org> Reviewed-by: Robert Kroeger <rjkroege@chromium.org> Reviewed-by: kylechar <kylechar@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#549340} [modify] https://crrev.com/5e5ba789e10b0319d1812467d8ef834f69fd847b/components/viz/host/hit_test/hit_test_query.cc [modify] https://crrev.com/5e5ba789e10b0319d1812467d8ef834f69fd847b/components/viz/host/hit_test/hit_test_query.h [modify] https://crrev.com/5e5ba789e10b0319d1812467d8ef834f69fd847b/components/viz/host/host_frame_sink_manager.cc [modify] https://crrev.com/5e5ba789e10b0319d1812467d8ef834f69fd847b/components/viz/host/host_frame_sink_manager.h [modify] https://crrev.com/5e5ba789e10b0319d1812467d8ef834f69fd847b/content/browser/compositor/viz_process_transport_factory.cc
,
Apr 24 2018
Deprecating label Proj-Mustash-Mus-WS in favor of Components.
,
Apr 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9c66e77a86d6c236dd64468bcda563c79d59d970 commit 9c66e77a86d6c236dd64468bcda563c79d59d970 Author: Ria Jiang <riajiang@chromium.org> Date: Mon Apr 30 21:48:35 2018 Crash gpu process if HitTestQuery received invalid active region index. Bug: 746470 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel Change-Id: I474adb47645eb2de52fe4ce368b8baf390d3f574 Reviewed-on: https://chromium-review.googlesource.com/1036102 Reviewed-by: Robert Kroeger <rjkroege@chromium.org> Commit-Queue: Ria Jiang <riajiang@chromium.org> Cr-Commit-Position: refs/heads/master@{#554890} [modify] https://crrev.com/9c66e77a86d6c236dd64468bcda563c79d59d970/components/viz/host/hit_test/hit_test_query.cc [modify] https://crrev.com/9c66e77a86d6c236dd64468bcda563c79d59d970/components/viz/host/host_frame_sink_manager.cc
,
Apr 30 2018
CL in #13 is a simple CL to avoid crashing browser when gpu process is compromised, should be safe to merge back in M67.
,
Apr 30 2018
Pls apply appropriate OSs label. Thank you.
,
Apr 30 2018
,
Apr 30 2018
This bug requires manual review: M67 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 30 2018
CL in #13 is not made it to canary yet. Pls update the bug with canary result tomorrow.
,
May 1 2018
The NextAction date has arrived: 2018-05-01
,
May 1 2018
CL has made into canary 68.0.3416.0 and no crash is seen for SwitchActiveAggregatedHitTestRegionList https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27+AND+product.version%3D%2768.0.3416.0%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27canary%27+AND+STRPOS%28expanded_custom_data.ChromeCrashProto.magic_signature_1.name%2C+%27SwitchActiveAggregatedHitTestRegionList%27%29+%3E+0
,
May 1 2018
Approving merge for cl listed at #13 to M67 branch 3396 based on comments #14 and #20. Please merge ASAP so we can pick it up for tomorrow's beta release. Thank you.
,
May 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5cdcde235f6d8cf76ede786e45d1db7e6aef95af commit 5cdcde235f6d8cf76ede786e45d1db7e6aef95af Author: Ria Jiang <riajiang@chromium.org> Date: Tue May 01 18:48:47 2018 Crash gpu process if HitTestQuery received invalid active region index. Bug: 746470 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel Change-Id: I474adb47645eb2de52fe4ce368b8baf390d3f574 Reviewed-on: https://chromium-review.googlesource.com/1036102 Reviewed-by: Robert Kroeger <rjkroege@chromium.org> Commit-Queue: Ria Jiang <riajiang@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#554890}(cherry picked from commit 9c66e77a86d6c236dd64468bcda563c79d59d970) Reviewed-on: https://chromium-review.googlesource.com/1037605 Reviewed-by: Ria Jiang <riajiang@chromium.org> Cr-Commit-Position: refs/branch-heads/3396@{#417} Cr-Branched-From: 9ef2aa869bc7bc0c089e255d698cca6e47d6b038-refs/heads/master@{#550428} [modify] https://crrev.com/5cdcde235f6d8cf76ede786e45d1db7e6aef95af/components/viz/host/hit_test/hit_test_query.cc [modify] https://crrev.com/5cdcde235f6d8cf76ede786e45d1db7e6aef95af/components/viz/host/host_frame_sink_manager.cc
,
Aug 14
|
|||||||||||||||
►
Sign in to add a comment |
|||||||||||||||
Comment 1 by riajiang@chromium.org
, Jul 19 2017