New issue
Advanced search Search tips

Issue 777113 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: false. Can't find cached display item in PaintController.cpp

Project Member Reported by ClusterFuzz, Oct 21 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5800949183676416

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false. Can't find cached display item in PaintController.cpp
  blink::PaintController::FindOutOfOrderCachedItemForward
  blink::PaintController::FindCachedItem
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=446211:446231

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5800949183676416

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Oct 21 2017

Components: Blink>Paint
Labels: Test-Predator-AutoComponents
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Oct 21 2017

Labels: Test-Predator-AutoOwner
Owner: pilgrim@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a980b812f2f213270551f986fc7c4fdf0cc2d3a8 (Migrate WTF::HashSet::add() to ::insert() [part 1 of N]).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
Owner: wangxianzhu@chromium.org
Labels: Test-Predator-Wrong-CLs
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 24 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e194df4fabdd701804c001c805ea3f5c244acb04

commit e194df4fabdd701804c001c805ea3f5c244acb04
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Tue Oct 24 03:28:12 2017

Fix LayoutBlockFlow::SetAncestorShouldPaintFloatingObject()

Previously it stopped at the first ancestor which should paint the
float, sometimes leaving ShouldPaint flag on some grand ancestor.

Now continue to clear ShouldPaint flags on all ancestors after
finding the first ancestor which should paint the float.

Bug:  777113 
Change-Id: I31ce8db5e5484e3d9eee2f31cb7faf6e2795303d
Reviewed-on: https://chromium-review.googlesource.com/734160
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511031}
[add] https://crrev.com/e194df4fabdd701804c001c805ea3f5c244acb04/third_party/WebKit/LayoutTests/fast/block/float/float-overhanging-grandparent-change-self-painting-expected.html
[add] https://crrev.com/e194df4fabdd701804c001c805ea3f5c244acb04/third_party/WebKit/LayoutTests/fast/block/float/float-overhanging-grandparent-change-self-painting.html
[modify] https://crrev.com/e194df4fabdd701804c001c805ea3f5c244acb04/third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp

Project Member

Comment 6 by ClusterFuzz, Oct 25 2017

ClusterFuzz has detected this issue as fixed in range 511027:511047.

Detailed report: https://clusterfuzz.com/testcase?key=5800949183676416

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false. Can't find cached display item in PaintController.cpp
  blink::PaintController::FindOutOfOrderCachedItemForward
  blink::PaintController::FindCachedItem
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=446211:446231
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=511027:511047

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5800949183676416

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Assigned)
Project Member

Comment 8 by ClusterFuzz, Oct 26 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 5800949183676416 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components
Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner

Sign in to add a comment