New issue
Advanced search Search tips

Issue 859406 link

Starred by 2 users
Status: Duplicate
Merged: issue 531399
Owner:
mstensho@chromium.org
Closed: Jul 2
Cc:
pnangunoori@chromium.org
mstensho@chromium.org
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Stack-overflow in blink::InlineFlowBox::PlaceBoxesInBlockDirection

Project Member Reported by ClusterFuzz, Jul 2 
Detailed report: https://clusterfuzz.com/testcase?key=5486481037328384

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffdf2a0ab80
Crash State:
  blink::InlineFlowBox::PlaceBoxesInBlockDirection
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=450347:450446

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5486481037328384

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Jul 2

Components: Blink>Layout
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by kkaluri@chromium.org, Jul 2

Cc: kkaluri@chromium.org
Labels: M-68 Test-Predator-Wrong
Owner: mstensho@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "inline_flow_box.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/0e7d0d12eade3a80ef79e6c19a14bade77cc5b8e

mstensho@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 3 by mstensho@chromium.org, Jul 2

Mergedinto: 531399
Status: Duplicate (was: Assigned)
This is just a very deep layout tree that we can't handle. I added a DCHECK that would fail when PlaceBoxesInBlockDirection() is recursed 100 times, and it sure did fail. See attachment of tree dump captured at that point.
treedump.txt
23.2 KB View Download

Comment 4 by pnangunoori@chromium.org, Jul 5 

 Issue 860216  has been merged into this issue.

Comment 5 by mstensho@chromium.org, Jul 12

Cc: mstensho@chromium.org
 Issue 862053  has been merged into this issue.

Comment 6 by kkaluri@chromium.org, Jul 17 

 Issue 863679  has been merged into this issue.

Comment 7 by kkaluri@chromium.org, Jul 23 

 Issue 866309  has been merged into this issue.

Comment 8 by pnangunoori@chromium.org, Aug 1 

 Issue 869309  has been merged into this issue.

Comment 9 by mstensho@chromium.org, Aug 17 

 Issue 875105  has been merged into this issue.

Comment 10 by pnangunoori@chromium.org, Sep 4

Cc: pnangunoori@chromium.org
 Issue 880010  has been merged into this issue.

Comment 11 by kkaluri@chromium.org, Sep 21 

 Issue 887230  has been merged into this issue.

Comment 12 by kkaluri@chromium.org, Oct 8 

 Issue 893043  has been merged into this issue.

Comment 13 by kkaluri@chromium.org, Jan 4 

 Issue 918925  has been merged into this issue.

Comment 14 by kkaluri@chromium.org, Jan 11 

 Issue 920681  has been merged into this issue.

Sign in to add a comment