CHECK failure: layout_object_mapped_result.EqualWithinEpsilon(result.BoundingBox(), 0.1f) || la |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5168381628776448 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: layout_object_mapped_result.EqualWithinEpsilon(result.BoundingBox(), 0.1f) || la blink::LayoutGeometryMap::MapToAncestor blink::LayoutGeometryMap::AbsoluteRect Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=536888:536894 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5168381628776448 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 16 2018
Automatically adding ccs based on suspected regression changelists: Enable root layer scrolling by bokan@chromium.org - https://chromium.googlesource.com/chromium/src/+/39cb84e649e045d2233a395009d5ccf1d08854a0 Lazily initialize TTS voices on low-end Android devices. by dskiba@chromium.org - https://chromium.googlesource.com/chromium/src/+/d10a5836167d1fa92b23ee0f2b74ddce95b0b872 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Mar 19 2018
Very probably related to RLS. Taking a look now.
,
Mar 19 2018
Confirmed: repro'd locally - turning off RLS solves the issue.
,
Mar 19 2018
,
Mar 19 2018
I'm not sure how big of an issue this is. This is a DCHECK that's firing due to a loss of precision in converting to absolute coordinates. The test case has a very high scrollTop offset (~1.8 million) which only has to be accounted for when transforming to absolute when RLS is turned on - hence the blame on the RLS patch. On its own, that shouldn't lose precision but I'm guessing there's some multiplies along the way so that we might have intermediate computations that lose precision. Steve/Stefan, as layout experts, could you decide what to do with this?
,
Mar 19 2018
I think we generally WontFix bugs like this (overflow / precision loss with extreme inputs).
,
Mar 23 2018
ClusterFuzz has detected this issue as fixed in range 545318:545320. Detailed report: https://clusterfuzz.com/testcase?key=5168381628776448 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: layout_object_mapped_result.EqualWithinEpsilon(result.BoundingBox(), 0.1f) || la blink::LayoutGeometryMap::MapToAncestor blink::LayoutGeometryMap::AbsoluteRect Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=536888:536894 Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=545318:545320 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5168381628776448 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Mar 16 2018Labels: Test-Predator-Auto-Components