Issue metadata
Sign in to add a comment
|
bing.com hits hit testing CHECK on mobile |
||||||||||||||||||||
Issue descriptionOn Android with a ToT build (didn't repro for me on canary), go to bing.com and search for (e.g.) pizza. Scroll to the bottom of the results and tap the > to go to the next page. The renderer crashes. Abort message: '[FATAL:PaintLayer.cpp(2325)] Check failed: !result.InnerNode() || (result.GetHitTestRequest().ListBased() && result.ListBasedTestResult().size()). ... #06 logging::LogMessage::~LogMessage()+668 #07 blink::PaintLayer::HitTestContents(blink::HitTestResult&, blink::LayoutPoint const&, blink::HitTestLocation const&, blink::HitTestFilter) const+178 #08 blink::PaintLayer::HitTestContentsForFragments(WTF::Vector<blink::PaintLayerFragment, 1u, WTF::PartitionAllocator> const&, blink::HitTestResult&, blink::HitTestLocation const&, blink::HitTestFilter, bool&) const+108 #09 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+916 #10 blink::PaintLayer::HitTestLayerByApplyingTransform(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, blink::HitTestingTransformState const*, double*, blink::LayoutPoint const&)+160 #11 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+518 #12 blink::PaintLayer::HitTestChildren(blink::ChildrenIteration, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, blink::HitTestingTransformState const*, double*, double*, blink::HitTestingTransformState const*, bool)+94 #13 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+620 #14 blink::PaintLayer::HitTestLayerByApplyingTransform(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, blink::HitTestingTransformState const*, double*, blink::LayoutPoint const&)+160 #15 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+518 #16 blink::PaintLayer::HitTestChildren(blink::ChildrenIteration, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, blink::HitTestingTransformState const*, double*, double*, blink::HitTestingTransformState const*, bool)+94 #17 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+620 #18 blink::PaintLayer::HitTestChildren(blink::ChildrenIteration, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, blink::HitTestingTransformState const*, double*, double*, blink::HitTestingTransformState const*, bool)+94 #19 blink::PaintLayer::HitTestLayer(blink::PaintLayer*, blink::PaintLayer*, blink::HitTestResult&, blink::LayoutRect const&, blink::HitTestLocation const&, bool, blink::HitTestingTransformState const*, double*)+620 #20 blink::PaintLayer::HitTest(blink::HitTestResult&)+276 #21 blink::LayoutView::HitTestNoLifecycleUpdate(blink::HitTestResult&)+178 #22 blink::LayoutView::HitTest(blink::HitTestResult&)+36 #23 blink::EventHandler::HitTestResultAtPoint(blink::LayoutPoint const&, unsigned int, blink::LayoutSize const&)+338 #24 blink::EventHandler::HitTestResultForGestureEvent(blink::WebGestureEvent const&, unsigned int)+174 #25 blink::EventHandler::TargetGestureEvent(blink::WebGestureEvent const&, bool)+260 #26 blink::WebViewImpl::HandleGestureEvent(blink::WebGestureEvent const&)+660 #27 blink::PageWidgetDelegate::HandleInputEvent(blink::PageWidgetEventHandler&, blink::WebCoalescedInputEvent const&, blink::LocalFrame*)+266 #28 blink::WebViewImpl::HandleInputEvent(blink::WebCoalescedInputEvent const&)+476
,
Aug 3 2017
The NextAction date has arrived: 2017-08-03
,
Aug 4 2017
I checked again on canary and ToT, canary still doesnt't repro but ToT still crashes. Can you try checking a manually compiled build?
,
Aug 4 2017
I can try. There have been cases where Official and non-Official builds differ. This looks like one of them.
,
Aug 4 2017
,
Aug 14 2017
The NextAction date has arrived: 2017-08-14
,
Aug 14 2017
,
Aug 21 2017
The NextAction date has arrived: 2017-08-21
,
Aug 22 2017
,
Aug 23 2017
The NextAction date has arrived: 2017-08-23
,
Aug 23 2017
Still no Canary crash. Downgrading priority as this is not a production issue.
,
Aug 24 2017
Did you try doing an android build though? Or asking if anyone else on your team has one ready? It still reprod for me when I tried last week.
,
Aug 24 2017
I'll kick off an Android build and verify it there.
,
Aug 24 2017
Yep, reproduces for me. I'll take a look after I fix a couple of other assert issues.
,
Sep 11 2017
The NextAction date has arrived: 2017-09-11
,
Sep 11 2017
,
Sep 13 2017
The NextAction date has arrived: 2017-09-13
,
Sep 14 2017
Still happening in Debug Chromium. Time to start logging.
,
Sep 18 2017
,
Sep 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2 commit 3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2 Author: Stephen Chenney <schenney@chromium.org> Date: Thu Sep 28 13:52:58 2017 Fix list-based hit testing of before/after elements The list-based hit test result uses NodeForHitTest, but the node used for the point-based report in LayoutObject does not define this method, and uses custom logic for walking up from generated content to the parent before or after psuedo element. This patch moves NodeForHitTest from LayoutBox to LayoutObject and removes unnecessary overrides. LayoutObject::UpdateHitTestResult now uses NodeForHitTest and that includes the before/after content handling. R=pdr@chromium.org BUG= 751405 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Id64ae264fde3cb3525628d2dae4e4a1d1481c649 Reviewed-on: https://chromium-review.googlesource.com/668697 Reviewed-by: Philip Rogers <pdr@chromium.org> Commit-Queue: Stephen Chenney <schenney@chromium.org> Cr-Commit-Position: refs/heads/master@{#505010} [add] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/LayoutTests/hittesting/touch-transformed-image-pseudo.html [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutBlock.cpp [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutBlock.h [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutBox.h [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutObject.cpp [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/layout/LayoutObject.h [modify] https://crrev.com/3d55d4c0ee41f8a7001f21c63c6dfc360a0594f2/third_party/WebKit/Source/core/paint/PaintLayer.cpp
,
Sep 29 2017
,
Sep 29 2017
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by schenney@chromium.org
, Aug 2 2017NextAction: 2017-08-03