Direct-leak in blink::HistoryItem::SetScrollOffset |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5233792286195712 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: blink::HistoryItem::SetScrollOffset blink::FrameLoader::SaveScrollState blink::FrameLoader::DispatchUnloadEvent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=514498:517698 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5233792286195712 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Feb 10 2018
Automatically adding ccs based on suspected regression changelists: Replace WTF::MakeUnique with std::make_unique on core/exported, core/frame/ and core/loader/ by lucmult@chromium.org - https://chromium.googlesource.com/chromium/src/+/804cf422e9b43d32ef56d630b6ed762bbd6403d1 Scroll anchor serialization skeleton by pnoland@google.com - https://chromium.googlesource.com/chromium/src/+/2352f5672ed01cdbdd6f9fecb3fdd1a625a9fbfc Split WTF::CrossThreadFunction out of WTF::Function. by yutak@chromium.org - https://chromium.googlesource.com/chromium/src/+/f3ce2901174c13c13a318dc68f5473cad413199b If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Feb 12 2018
,
Feb 13 2018
,
Mar 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/48ec74d7989862a82990827d4898d016d2942615 commit 48ec74d7989862a82990827d4898d016d2942615 Author: David Bokan <bokan@chromium.org> Date: Thu Mar 01 18:36:14 2018 [root-layer-scrolls] Fix android fullscreen video Android uses an "overlay" composited video layer when a video is fullscreened. This layer is parented to the PaintLayerCompositor's root_content_layer and the actual content (LayoutView) is detached. With root-layer-scrolling enabled, PLC doesn't create a root_content_layer and the top-most GraphicsLayer in PLC is that of the LayoutView. This CL connects the video layer to the PLC's parent instead. This is currently the outer viewport scroll layer. We also need to make sure painting starts from the child of this layer, rather than the PLC's root layer since the video layer is no longer connected to the root. This doesn't matter for the video itself, however, the media player controls need to be painted from Blink. These changes exposed some brittleness in the compositor and the Android fullscreen video layout tests were hitting the DCHECK in ScrollbarLayerImplBase::CanScrollOrientation. This is because the viewport scrollbars use the outer/layout viewport as their ElementId but are owned by the inner/visual viewport. So when we disconnect the PLC's content layers, we remove the ScrollNode in the compositor but the visual viewport and its scrollbar layers live on. The rest of this patch changes the visual viewport scrollbars to use the visual viewport's element id. TEST=virtual/android/fullscreen/video-scrolled-iframe.html, virtual/android/fullscreen/video-controls-timeline.html, virtual/android/fullscreen/full-screen-iframe-allowed-video.html Bug: 711468 , 811024 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Ic1c52e1853f14842ee3ae19119476b8945ecae17 Reviewed-on: https://chromium-review.googlesource.com/923397 Reviewed-by: Chris Harrelson <chrishtr@chromium.org> Commit-Queue: Chris Harrelson <chrishtr@chromium.org> Cr-Commit-Position: refs/heads/master@{#540226} [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/cc/input/scrollbar_animation_controller.cc [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/cc/trees/layer_tree_host_impl.cc [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/cc/trees/layer_tree_impl.cc [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/exported/WebViewImpl.cpp [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/frame/LocalFrameView.cpp [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/frame/VisualViewport.cpp [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/frame/VisualViewport.h [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/paint/compositing/PaintLayerCompositor.cpp [modify] https://crrev.com/48ec74d7989862a82990827d4898d016d2942615/third_party/WebKit/Source/core/paint/compositing/PaintLayerCompositor.h
,
Mar 1 2018
^^^ Sorry, wrong bug #
,
Apr 2 2018
ClusterFuzz testcase 5233792286195712 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Feb 10 2018Labels: Test-Predator-Auto-Components