Overflow on unicode of symbol
Reported by
jaydipmo...@gmail.com,
Aug 21 2017
|
||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 Steps to reproduce the problem: 1. Make a html page or visit a browser with the unicode symbol just pasted into a very very large paragraph. The unicode symbol is ৣ What is the expected behavior? the page should display the page with all the symbols as per usual. What went wrong? The browser keeps overflowing on the unicode symbol making it load forever or crash. Crashed report ID: No How much crashed? Just one tab Is it a problem with a plugin? No Did this work before? N/A Chrome version: 60.0.3112.101 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 26.0 r0 here's a pastebin paste that contains the symbol spammed, it crashes the browser. https://pastebin.com/8wK1x27k
,
Aug 22 2017
Tested on latest Stable #60.0.3112.101 and Canary #62.0.3192.0 on Windows 7 and Windows 10 and unable to reproduce the issue mentioned. Please refer the screencast attached. @jaydipmodhwadia52-- Could you please try by removing the extensions and creating a new profile to verify if the issue still persists. Please let us know if we have missed anything. Or please provide the sample html file where we can reproduce the issue. This would help us in reproducing and triaging the issue. Thanks in advance.
,
Aug 22 2017
Try visiting this page. https://steamcommunity.com/groups/cheatgiveaways
,
Aug 22 2017
Yes, that link crashes for me too.. it has the same text...
,
Aug 22 2017
Thank you for providing more feedback. Adding requester "pnangunoori@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 22 2017
,
Aug 23 2017
Able to reproduce the issue on Windows 10, Ubuntu 14.04 and Mac 10.12.6 using chrome stable version #60.0.3112.101 and latest canary #62.0.3193.0. Bisect Information: ===================== Good build: 56.0.2916.0 Revision(431463) Bad Build : 56.0.2917.0 Revision(431726) Change Log URL: https://chromium.googlesource.com/chromium/src/+log/6d47d44ba4c0ba026223adb94d7f236fbc5efa22..ec8e431e9a0f80ace76368ce7edce006f3d409f2 From the above change log suspecting below change Review URL: https://codereview.chromium.org/2495583002 rsleevi@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks...!!
,
Aug 23 2017
I tested some versions I could access. 52.0.2743.83 (64-bit) Hang without Rendering. 51.0.2704.84 (64-bit) Hang after rendering top portion of page. 50.0.2661.75 (64-bit) and earlier renders page entirely no hanging. It appears the issue showed up between 50.0.2661.75 and 51.0.2704.84
,
Aug 23 2017
There's no way this CL is related. Assigning back for triage - suspect the bisect stopping there was entirely unrelated, and may be worth bisecting again
,
Aug 23 2017
,
Aug 24 2017
spenson66@ - Thanks for more clarification...!! Able to reproduce the issue on Windows 10, Ubuntu 14.04 and Mac 10.12.6 using chrome stable version #60.0.3112.101 and latest canary #62.0.3193.0. Bisect Information: ===================== Good build: 51.0.2702.0 Revision(385602) Bad Build : 51.0.2703.0 Revision(385938) Change Log URL: https://chromium.googlesource.com/chromium/src/+log/3960b8b282030a4f91059cf25d6b01c8beab57b8..d12b58ef0005d24dff2047f566f5ff5a5f2e45fb From the above change log suspecting below change Review URL: https://codereview.chromium.org/1766243003 kojii@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks...!!
,
Aug 24 2017
krajshree@, or can someone please attach an HTML file? I pasted the symbols to an HTML file but does not reproduce. The pastebin.com URL can reproduce the hang on Chrome and on Edge, but then I'll need to download the whole page and try to minimize by removing all the UI parts. A minimum HTML file is greatly appreciated. Probably a dup of issue 749319, but hard to be sure without minimizing.
,
Aug 24 2017
Visiting the page at URL: https://steamcommunity.com/groups/cheatgiveaways from comment #3 reproduced the issue i.e the page crashed. Thanks...!!
,
Aug 24 2017
Here's a cut down version I made of the above HTML page, along with a screenshot showing my reproduction. 62.0.3194.0 Canary Windows 10 Pro x64 v1607 V8 6.2.333
,
Aug 24 2017
#13, #14, #15: Thank you all for the help, if it occurs only when "word-wrap: break-word", this is the same one as issue 749319.
,
Aug 24 2017
kojii@ Seems I can't view 749319, is it private in some form? Would like to track it since I'm using an electron app that is also vulnerable to this due to electron being based on Chromium. Thanks!
,
Aug 24 2017
#17: issue 749319 was once accidentally marked as security issue, but then cleared. I'm not sure if I can open it, I'll ask around. Thank you for the background, I'm working on a fix and the current WIP no longer hangs up your HTML file attached to #15, hopefully it's not too far to land the fix. I'll make sure the fix is recorded to this issue too.
,
Aug 24 2017
#18: Thanks for the info! Here my electron ticket where I intend to update when the fix is landed: https://github.com/electron/electron/issues/10332 (would have replied earlier but DB issues with monorail 👀)
,
Aug 24 2017
#18 yea, I tried to add more info to this ticket but monorail :P Anyways I have reported it to discordapp as well as they are using the same version of chromium.
,
Aug 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/85b84a4d900effddac4b32e7774d23f51fd562e0 commit 85b84a4d900effddac4b32e7774d23f51fd562e0 Author: Koji Ishii <kojii@chromium.org> Date: Fri Aug 25 16:15:31 2017 Fix mid-word-break to handle grapheme clusters This patch fixes the mid-word-break logic, used by a few CSS properties: - 'word-wrap: break-word' - 'word-break: break-word' - 'word-break: break-all' to handle grapheme clusters correctly. Before this patch, it only supported surrogate pairs. The fix uses LazyLineBreakIterator and NonSharedCharacterBreakIterator to detect grapheme cluster boundaries. Also adds tests/DCHECK to ensure NextBreakOpportunity() returns the end of the input string if no more break opportunities were found. Bug: 749319, 757446 Change-Id: I32046540d1cba8f9008e4adf4142e7dbd6d7ef8a Reviewed-on: https://chromium-review.googlesource.com/628859 Reviewed-by: Emil A Eklund <eae@chromium.org> Commit-Queue: Koji Ishii <kojii@chromium.org> Cr-Commit-Position: refs/heads/master@{#497429} [modify] https://crrev.com/85b84a4d900effddac4b32e7774d23f51fd562e0/third_party/WebKit/Source/core/layout/line/BreakingContextInlineHeaders.h [modify] https://crrev.com/85b84a4d900effddac4b32e7774d23f51fd562e0/third_party/WebKit/Source/platform/text/TextBreakIterator.cpp [modify] https://crrev.com/85b84a4d900effddac4b32e7774d23f51fd562e0/third_party/WebKit/Source/platform/text/TextBreakIteratorTest.cpp |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by manoranj...@chromium.org
, Aug 21 2017