Floating-point-exception in blink::PaintPropertyTreeBuilder::UpdateForSelf |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6613548789399552 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::PaintPropertyTreeBuilder::UpdateForSelf blink::PrePaintTreeWalk::WalkInternal blink::PrePaintTreeWalk::Walk Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=563137:563138 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6613548789399552 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 2 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/4ed270af2dfc4dc15c8306978c6774031a0ad1db ([SPv175+] Fix printing of objects with paint offset translation in repeating table sections). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jun 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7b3e3e43553aee4495cf47a4867c289966797a2c commit 7b3e3e43553aee4495cf47a4867c289966797a2c Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Tue Jun 05 20:17:27 2018 [PE] Fix thead under repeating table section Now use "const LayoutTableSection* repeating_table_section" instead of "bool is_repeating_table_section" so that we can know which table section is actually repeating and avoid an inner thead not in repeating context (while can repeat) is treated as the repeating section. We still don't support nested repeating table sections (that is, repeating table section under another repeating table section, not the cases in fragmentation/nested*.html which are about repeating table sections in nested tables under non-repeating table section of another table). Filed crbug.com/849459 for it. Bug: 849029 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Ib0b921a95dc0257cbe11577edef8d1d77071db16 Reviewed-on: https://chromium-review.googlesource.com/1086285 Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Chris Harrelson <chrishtr@chromium.org> Cr-Commit-Position: refs/heads/master@{#564639} [modify] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/WebKit/LayoutTests/TestExpectations [add] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/WebKit/LayoutTests/fragmentation/repeating-thead-under-repeating-thead-expected.html [add] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/WebKit/LayoutTests/fragmentation/repeating-thead-under-repeating-thead.html [add] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/WebKit/LayoutTests/fragmentation/thead-under-repeating-thead-expected.html [add] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/WebKit/LayoutTests/fragmentation/thead-under-repeating-thead.html [modify] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/blink/renderer/core/paint/paint_property_tree_builder.cc [modify] https://crrev.com/7b3e3e43553aee4495cf47a4867c289966797a2c/third_party/blink/renderer/core/paint/paint_property_tree_builder.h
,
Jun 5 2018
,
Jun 6 2018
ClusterFuzz has detected this issue as fixed in range 564635:564639. Detailed report: https://clusterfuzz.com/testcase?key=6613548789399552 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::PaintPropertyTreeBuilder::UpdateForSelf blink::PrePaintTreeWalk::WalkInternal blink::PrePaintTreeWalk::Walk Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=563137:563138 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=564635:564639 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6613548789399552 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 6 2018
ClusterFuzz testcase 6613548789399552 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 6 2018
,
Jun 6 2018
Approved - branch:3440
,
Jun 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/19e15eaec660dede1a086c078ce56db6199dd0ad commit 19e15eaec660dede1a086c078ce56db6199dd0ad Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Wed Jun 06 20:59:50 2018 [PE] Fix thead under repeating table section Now use "const LayoutTableSection* repeating_table_section" instead of "bool is_repeating_table_section" so that we can know which table section is actually repeating and avoid an inner thead not in repeating context (while can repeat) is treated as the repeating section. We still don't support nested repeating table sections (that is, repeating table section under another repeating table section, not the cases in fragmentation/nested*.html which are about repeating table sections in nested tables under non-repeating table section of another table). Filed crbug.com/849459 for it. TBR=wangxianzhu@chromium.org (cherry picked from commit 7b3e3e43553aee4495cf47a4867c289966797a2c) Bug: 849029 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: Ib0b921a95dc0257cbe11577edef8d1d77071db16 Reviewed-on: https://chromium-review.googlesource.com/1086285 Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Reviewed-by: Chris Harrelson <chrishtr@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#564639} Reviewed-on: https://chromium-review.googlesource.com/1089726 Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#219} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/WebKit/LayoutTests/TestExpectations [add] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/WebKit/LayoutTests/fragmentation/repeating-thead-under-repeating-thead-expected.html [add] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/WebKit/LayoutTests/fragmentation/repeating-thead-under-repeating-thead.html [add] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/WebKit/LayoutTests/fragmentation/thead-under-repeating-thead-expected.html [add] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/WebKit/LayoutTests/fragmentation/thead-under-repeating-thead.html [modify] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/blink/renderer/core/paint/paint_property_tree_builder.cc [modify] https://crrev.com/19e15eaec660dede1a086c078ce56db6199dd0ad/third_party/blink/renderer/core/paint/paint_property_tree_builder.h |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jun 2 2018Labels: Test-Predator-Auto-Components