Issue 770837 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Oct 17
Cc:	schenney@chromium.org
Components:	Blink>HTML>Embed
EstimatedDays:	----
NextAction:	----
OS:	Linux , Chrome
Pri:	3
Type:	Bug
Hotlist-Recharge-Cold

Aw Snap in debug mode at IsEmbeddedObject check fail

Project Member Reported by feinberg@chromium.org, Oct 2 2017

Issue description

Chrome Version: git master at HEAD

OS: Ubuntu
Linux [redacted].corp.google.com 4.4.0-96-generic #119~14.04.1-Ubuntu SMP Wed Sep 13 08:40:48 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

What steps will reproduce the problem?
(1) build from head with is_debug=true
(2) ./out/Default/chrome
(3) visit http://MrFeinberg.com/

What is the expected result?

Page renders

What happens instead?

Page starts to render, then aw-snaps.

[1:1:1002/145619.021335:FATAL:HTMLEmbedElement.cpp(204)] Check failed: !p->GetLayoutObject()->IsEmbeddedObject(). 
#0 0x56047058814d base::debug::StackTrace::StackTrace()
#1 0x56047058688c base::debug::StackTrace::StackTrace()
#2 0x5604705e6b9d logging::LogMessage::~LogMessage()
#3 0x5604785d783f blink::HTMLEmbedElement::LayoutObjectIsNeeded()
#4 0x56047c882844 blink::AdjustEffectiveTouchAction()
#5 0x56047c881838 blink::StyleAdjuster::AdjustComputedStyle()
#6 0x56047c895bec blink::StyleResolver::StyleForElement()
#7 0x56047c958675 blink::Element::OriginalStyleForLayoutObject()
#8 0x56047c95828c blink::Element::StyleForLayoutObject()
#9 0x56047c959037 blink::Element::RecalcOwnStyle()
#10 0x56047c958aa3 blink::Element::RecalcStyle()
#11 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#12 0x56047c958bfb blink::Element::RecalcStyle()
#13 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#14 0x56047c958bfb blink::Element::RecalcStyle()
#15 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#16 0x56047c958bfb blink::Element::RecalcStyle()
#17 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#18 0x56047c958bfb blink::Element::RecalcStyle()
#19 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#20 0x56047c958bfb blink::Element::RecalcStyle()
#21 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#22 0x56047c958bfb blink::Element::RecalcStyle()
#23 0x56047c8e3b82 blink::ContainerNode::RecalcDescendantStyles()
#24 0x56047c958bfb blink::Element::RecalcStyle()
#25 0x56047c903cbd blink::Document::UpdateStyle()
#26 0x56047c8ffead blink::Document::UpdateStyleAndLayoutTree()
#27 0x56047c905e2a blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets()
#28 0x56047c90579c blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets()
#29 0x5604785e443c blink::HTMLPlugInElement::LayoutEmbeddedContentForJSBindings()
#30 0x5604785e2e39 blink::HTMLPlugInElement::PluginEmbeddedContentView()
#31 0x5604785e4579 blink::HTMLPlugInElement::IsErrorplaceholder()
#32 0x5604785dc4de blink::HTMLObjectElement::UpdatePluginInternal()
#33 0x5604785e33ed blink::HTMLPlugInElement::UpdatePlugin()
#34 0x56047849d838 blink::LocalFrameView::UpdatePlugins()
#35 0x56047848ddef blink::LocalFrameView::UpdatePluginsTimerFired()
#36 0x56046f451131 blink::TaskRunnerTimer<>::Fired()
#37 0x5604780161c3 blink::TimerBase::RunInternal()
#38 0x560469f7009f _ZN4base8internal13FunctorTraitsIMN11google_apis19UrlFetchRequestBaseEFvvEvE6InvokeIRKNS_7WeakPtrINS2_5drive30SingleBatchableDelegateRequestEEEJEEEvS5_OT_DpOT0_
#39 0x56047801668a _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9TimerBaseEFvvERKNS_7WeakPtrIS5_EEJEEEvOT_OT0_DpOT1_
#40 0x560478016620 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9TimerBaseEFvvEJNS_7WeakPtrIS4_EEEEEFvvEE7RunImplIRKS6_RKNSt3__15tupleIJS8_EEEJLm0EEEEvOT_OT0_NSF_16integer_sequenceImJXspT1_EEEE
#41 0x56047801656c _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9TimerBaseEFvvEJNS_7WeakPtrIS4_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#42 0x56046a0a89c1 _ZNO4base12OnceCallbackIFvvEE3RunEv
#43 0x56047058b400 base::debug::TaskAnnotator::RunTask()
#44 0x56046f4b876a blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#45 0x56046f4b3c26 blink::scheduler::TaskQueueManager::DoWork()
#46 0x56046a1f68b7 _ZN4base8internal13FunctorTraitsIMN5media12PipelineImplEFvbEvE6InvokeIRKNS_7WeakPtrIS3_EEJRKbEEEvS5_OT_DpOT0_
#47 0x56046f4bece5 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#48 0x56046f4bec5d _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKNSt3__15tupleIJS9_bEEEJLm0ELm1EEEEvOT_OT0_NSG_16integer_sequenceImJXspT1_EEEE
#49 0x56046f4beb6c _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#50 0x56046a0a89c1 _ZNO4base12OnceCallbackIFvvEE3RunEv
#51 0x56047058b400 base::debug::TaskAnnotator::RunTask()
#52 0x5604707e2563 base::internal::IncomingTaskQueue::RunTask()
#53 0x5604706023d6 base::MessageLoop::RunTask()
#54 0x560470602637 base::MessageLoop::DeferOrRunPendingTask()
#55 0x560470603320 base::MessageLoop::DoWork()
#56 0x560470608438 base::MessagePumpDefault::Run()
#57 0x560470601c86 base::MessageLoop::Run()
#58 0x56047068b92f base::RunLoop::Run()
#59 0x5604791f0d1c content::RendererMain()
#60 0x56046f9c9ea5 content::RunZygote()
#61 0x56046f9caaa0 content::RunNamedProcessTypeMain()

Comment 1 by kochi@chromium.org, Oct 16 2017

Status: Available (was: Untriaged)

I took a look at the HTML and the attached snippet (<embed> element in
<object>) was causing the problem, though the snippet itself isn't enough
for reproducing the DCHECK() just by showing the content.

Open the attached html with debug-build chrome, open inspector and find
<embed> under <object> (you have to expand shadow-root><content>), then
double-click on <embed>, you can trigger the same DCHECK.

i.html
927 bytes View Download

Project Member

Comment 2 by sheriffbot@chromium.org, Oct 16

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by schenney@chromium.org, Oct 17

Status: WontFix (was: Untriaged)

Doesn't crash on the original page nor the attachment, even when following the attachment directions.

►

Issue 770837 link

Issue metadata

Aw Snap in debug mode at IsEmbeddedObject check fail

Issue description

Comment 1 by kochi@chromium.org, Oct 16 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Oct 16

Comment 2 Deleted

Comment 3 by schenney@chromium.org, Oct 17

Comment 3 Deleted

Sign in to add a comment