Issue 792627 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	jzern@chromium.org
Closed:	Dec 2017
Cc:	█ buettner@chromium.org bengr@chromium.org toyoshim@chromium.org █ urvang@chromium.org vmp...@chromium.org ericrk@chromium.org cblume@chromium.org enne@chromium.org khushals...@chromium.org
Components:	Internals>Compositing>Images Internals>Images>Codecs
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	3
Type:	Bug

WebPUpsamplers assertion on rendering espn.com

Project Member Reported by dougarnett@chromium.org, Dec 6 2017

Issue description

Chrome Version: local developer debug build
OS: Android

[Does NOT repro on Canary 65.0.3286.0 - probably Debug build assertion]

What steps will reproduce the problem?
(1) Override Effective Connection Type to 2G
(2) Navigate to http://espn.com

Page starts loading and rendering and then renderer crashes apparantly on an image.  

From logcat:


12-06 10:07:43.545 I/chromium(10856): [INFO:SkFontMgr_android.cpp(164)] Requested font file /system/fonts/DroidSansFallback.ttf does not exist or cannot be opened.
12-06 10:07:43.545 I/chromium(10856): 
12-06 10:07:44.289 I/chromium(10691): [INFO:CONSOLE(0)] "Slow network is detected. Fallback font will be used while loading: http://a1.espncdn.com/fonts/1.0.44/ESPNIcons/ESPNIcons.woff2", source: http://www.espn.com/ (0)
12-06 10:07:46.854 F/libc    (10856): ../../third_party/libwebp/src/dsp/upsampling.c:313: void WebPInitUpsamplers(void): assertion "WebPUpsamplers[MODE_RGB] != NULL" failed
12-06 10:07:46.856 F/libc    (10856): Fatal signal 6 (SIGABRT), code -6 in tid 10889 (CompositorTileW)
12-06 10:07:46.856 W/        (  270): debuggerd: handling request: pid=10856 uid=99343 gid=99343 tid=10889
12-06 10:07:47.025 F/DEBUG   (10954): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-06 10:07:47.026 F/DEBUG   (10954): Build fingerprint: 'google/shamu/shamu:7.1.1/N6F26Q/3549652:user/release-keys'
12-06 10:07:47.026 F/DEBUG   (10954): Revision: '0'
12-06 10:07:47.026 F/DEBUG   (10954): ABI: 'arm'
12-06 10:07:47.027 F/DEBUG   (10954): pid: 10856, tid: 10889, name: CompositorTileW  >>> org.chromium.chrome:sandboxed_process2 <<<
12-06 10:07:47.027 F/DEBUG   (10954): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
12-06 10:07:47.038 F/DEBUG   (10954): Abort message: '../../third_party/libwebp/src/dsp/upsampling.c:313: void WebPInitUpsamplers(void): assertion "WebPUpsamplers[MODE_RGB] != NULL" failed'
12-06 10:07:47.038 F/DEBUG   (10954):     r0 00000000  r1 00002a89  r2 00000006  r3 00000008
12-06 10:07:47.038 F/DEBUG   (10954):     r4 88b00978  r5 00000006  r6 88b00920  r7 0000010c
12-06 10:07:47.038 F/DEBUG   (10954):     r8 00000007  r9 88e09cec  sl 88e09cc0  fp 88374c00
12-06 10:07:47.038 F/DEBUG   (10954):     ip 00000000  sp 88affc38  lr adadf537  pc adae1da0  cpsr 600f0010
12-06 10:07:47.075 F/DEBUG   (10954): 
12-06 10:07:47.075 F/DEBUG   (10954): backtrace:
12-06 10:07:47.075 F/DEBUG   (10954):     #00 pc 00049da0  /system/lib/libc.so (tgkill+12)
12-06 10:07:47.075 F/DEBUG   (10954):     #01 pc 00047533  /system/lib/libc.so (pthread_kill+34)
12-06 10:07:47.075 F/DEBUG   (10954):     #02 pc 0001d635  /system/lib/libc.so (raise+10)
12-06 10:07:47.075 F/DEBUG   (10954):     #03 pc 00019181  /system/lib/libc.so (__libc_android_abort+34)
12-06 10:07:47.075 F/DEBUG   (10954):     #04 pc 00017048  /system/lib/libc.so (abort+4)
12-06 10:07:47.075 F/DEBUG   (10954):     #05 pc 0001b633  /system/lib/libc.so (__libc_fatal+22)
12-06 10:07:47.075 F/DEBUG   (10954):     #06 pc 0001937b  /system/lib/libc.so (__assert2+18)
12-06 10:07:47.075 F/DEBUG   (10954):     #07 pc 003f40ef  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so
12-06 10:07:47.075 F/DEBUG   (10954):     #08 pc 003eb111  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so
12-06 10:07:47.075 F/DEBUG   (10954):     #09 pc 003e9d23  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so
12-06 10:07:47.075 F/DEBUG   (10954):     #10 pc 003ea979  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so
12-06 10:07:47.075 F/DEBUG   (10954):     #11 pc 00256125  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink16WEBPImageDecoder17DecodeSingleFrameEPKhjj+376)
12-06 10:07:47.075 F/DEBUG   (10954):     #12 pc 00255f53  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink16WEBPImageDecoder6DecodeEj+126)
12-06 10:07:47.075 F/DEBUG   (10954):     #13 pc 0024b7e5  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink12ImageDecoder24DecodeFrameBufferAtIndexEj+64)
12-06 10:07:47.075 F/DEBUG   (10954):     #14 pc 002094ff  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink19ImageFrameGenerator6DecodeEPNS_13SegmentReaderEbjPPNS_12ImageDecoderERN8SkBitmap9AllocatorENS3_11AlphaOptionERK7SkISizeRb+374)
12-06 10:07:47.075 F/DEBUG   (10954):     #15 pc 00208f8f  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink19ImageFrameGenerator17TryToResumeDecodeEPNS_13SegmentReaderEbjRK7SkISizeRN8SkBitmap9AllocatorENS_12ImageDecoder11AlphaOptionE+170)
12-06 10:07:47.075 F/DEBUG   (10954):     #16 pc 00208cf1  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink19ImageFrameGenerator14DecodeAndScaleEPNS_13SegmentReaderEbjRK11SkImageInfoPvjNS_12ImageDecoder11AlphaOptionE+140)
12-06 10:07:47.075 F/DEBUG   (10954):     #17 pc 001f55e3  /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so (_ZN5blink22DecodingImageGenerator9GetPixelsERK11SkImageInfoPvjjj+202)
12-06 10:07:47.076 F/DEBUG   (10954):     #18 pc 00026871  /data/app/org.chromium.chrome-1/lib/arm/libcc_paint.cr.so (_ZNK2cc10PaintImage19DecodeFromGeneratorEPvP11SkImageInfo5sk_spI12SkColorSpaceEj+136)
12-06 10:07:47.076 F/DEBUG   (10954):     #19 pc 000267cd  /data/app/org.chromium.chrome-1/lib/arm/libcc_paint.cr.so (_ZNK2cc10PaintImage6DecodeEPvP11SkImageInfo5sk_spI12SkColorSpaceEj+124)
12-06 10:07:47.076 F/DEBUG   (10954):     #20 pc 000c638b  /data/app/org.chromium.chrome-1/lib/arm/libcc.cr.so (_ZN2cc19GpuImageDecodeCache22DecodeImageIfNecessaryERKNS_9DrawImageEPNS0_9ImageDataENS_16ImageDecodeCache8TaskTypeE+366)
12-06 10:07:47.076 F/DEBUG   (10954):     #21 pc 000c72c3  /data/app/org.chromium.chrome-1/lib/arm/libcc.cr.so (_ZN2cc19GpuImageDecodeCache11DecodeImageERKNS_9DrawImageENS_16ImageDecodeCache8TaskTypeE+138)
12-06 10:07:47.076 F/DEBUG   (10954):     #22 pc 000c889d  /data/app/org.chromium.chrome-1/lib/arm/libcc.cr.so
12-06 10:07:47.076 F/DEBUG   (10954):     #23 pc 00b65bcd  /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so (_ZN7content21CategorizedWorkerPool33RunTaskInCategoryWithLockAcquiredEN2cc12TaskCategoryE+84)
12-06 10:07:47.076 F/DEBUG   (10954):     #24 pc 00b65677  /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so (_ZN7content21CategorizedWorkerPool23RunTaskWithLockAcquiredERKNSt6__ndk16vectorIN2cc12TaskCategoryENS1_9allocatorIS4_EEEE+34)
12-06 10:07:47.076 F/DEBUG   (10954):     #25 pc 00b65637  /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so (_ZN7content21CategorizedWorkerPool3RunERKNSt6__ndk16vectorIN2cc12TaskCategoryENS1_9allocatorIS4_EEEEPN4base17ConditionVariableE+30)
12-06 10:07:47.076 F/DEBUG   (10954):     #26 pc 000e6a03  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base12SimpleThread10ThreadMainEv+90)
12-06 10:07:47.076 F/DEBUG   (10954):     #27 pc 000e2f1b  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so
12-06 10:07:47.076 F/DEBUG   (10954):     #28 pc 00047003  /system/lib/libc.so (_ZL15__pthread_startPv+22)
12-06 10:07:47.076 F/DEBUG   (10954):     #29 pc 00019bdd  /system/lib/libc.so (__start_thread+6)

Comment 1 by tbansal@chromium.org, Dec 6 2017

Cc: toyoshim@chromium.org

Comment 2 by tbansal@chromium.org, Dec 6 2017

Components: -Internals>Network>DataProxy Blink>WebFonts

Comment 3 by tbansal@chromium.org, Dec 6 2017

toyoshim: It seems this is related to WEBPImageDecoder, and is not related to WebFonts?

Comment 4 by tbansal@chromium.org, Dec 6 2017

Components: -Blink>WebFonts Blink>Compositing

It seems the crash is in CompositorTileW.

Comment 5 by schenney@chromium.org, Dec 6 2017

Components: -Blink>Compositing Internals>Images>Codecs Internals>Compositing>Images

Comment 6 by khushals...@chromium.org, Dec 6 2017

Owner: urvang@chromium.org
Status: Assigned (was: Untriaged)

Seems to be at https://cs.chromium.org/chromium/src/third_party/libwebp/src/dsp/upsampling.c?type=cs&sq=package:chromium&l=313 in WebPInitUpsamplers. An issue with setting up all the function pointers in WebPUpsamplers.

urvang@ could you take a look?

Comment 7 by urvang@google.com, Dec 6 2017

Cc: jzern@chromium.org

I have a feeling that this is related to WEBP_REDUCE_CSP flag having been turned on -- in which case, these asserts should not be checked.
I'll take a look.

Comment 8 by urvang@google.com, Dec 6 2017

Cc: -jzern@chromium.org urvang@chromium.org
Owner: jzern@chromium.org

James will take a look

Comment 9 by jzern@chromium.org, Dec 6 2017

Urvang's analysis sounds correct. I'll get a build together to make sure we can keep WEBP_REDUCE_CSP for this target with the asserts removed.

Project Member

Comment 10 by bugdroid1@chromium.org, Dec 7 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/webm/libwebp/+/05f6fe24c31f4ada113cc92c786c5f1c211a7caa

commit 05f6fe24c31f4ada113cc92c786c5f1c211a7caa
Author: James Zern <jzern@google.com>
Date: Thu Dec 07 01:09:26 2017

upsampling: rm asserts w/REDUCE_CSP+OMIT_C_CODE

with WEBP_NEON_OMIT_C_CODE the default _C functions won't be set and
with WEBP_REDUCE_CSP the NEON functions won't be either triggering an
assert for an empty table member.

BUG= chromium:792627 

Change-Id: I8d2d430eaa37bb92885b61a3dd39f961924a8def

[modify] https://crrev.com/05f6fe24c31f4ada113cc92c786c5f1c211a7caa/src/dsp/upsampling.c

Project Member

Comment 11 by bugdroid1@chromium.org, Dec 7 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bacb06c84b2ae042242196cd4e510bff20a02999

commit bacb06c84b2ae042242196cd4e510bff20a02999
Author: James Zern <jzern@chromium.org>
Date: Thu Dec 07 19:03:46 2017

libwebp: cherry-pick upsampling assert fix

upsampling: rm asserts w/REDUCE_CSP+OMIT_C_CODE

with WEBP_NEON_OMIT_C_CODE the default _C functions won't be set and
with WEBP_REDUCE_CSP the NEON functions won't be either triggering an
assert for an empty table member.

BUG= 792627 

Change-Id: Iccc31babe88c6d4a401e5995486971d130869ac0
Reviewed-on: https://chromium-review.googlesource.com/813037
Reviewed-by: Tom Finegan <tomfinegan@chromium.org>
Commit-Queue: James Zern <jzern@google.com>
Cr-Commit-Position: refs/heads/master@{#522495}
[modify] https://crrev.com/bacb06c84b2ae042242196cd4e510bff20a02999/third_party/libwebp/README.chromium
[modify] https://crrev.com/bacb06c84b2ae042242196cd4e510bff20a02999/third_party/libwebp/src/dsp/upsampling.c

Comment 12 by jzern@chromium.org, Dec 11 2017

Labels: OS-Chrome OS-Linux OS-Mac OS-Windows
Status: Fixed (was: Assigned)

►

Issue 792627 link

Issue metadata

WebPUpsamplers assertion on rendering espn.com

Issue description

Comment 1 by tbansal@chromium.org, Dec 6 2017

Comment 1 Deleted

Comment 2 by tbansal@chromium.org, Dec 6 2017

Comment 2 Deleted

Comment 3 by tbansal@chromium.org, Dec 6 2017

Comment 3 Deleted

Comment 4 by tbansal@chromium.org, Dec 6 2017

Comment 4 Deleted

Comment 5 by schenney@chromium.org, Dec 6 2017

Comment 5 Deleted

Comment 6 by khushals...@chromium.org, Dec 6 2017

Comment 6 Deleted

Comment 7 by urvang@google.com, Dec 6 2017

Comment 7 Deleted

Comment 8 by urvang@google.com, Dec 6 2017

Comment 8 Deleted

Comment 9 by jzern@chromium.org, Dec 6 2017

Comment 9 Deleted

Comment 10 by bugdroid1@chromium.org, Dec 7 2017

Comment 10 Deleted

Comment 11 by bugdroid1@chromium.org, Dec 7 2017

Comment 11 Deleted

Comment 12 by jzern@chromium.org, Dec 11 2017

Comment 12 Deleted

Sign in to add a comment