CHECK failure: !IsCalculated() in length.h |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5351672080236544 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !IsCalculated() in length.h blink::Length::Value blink::HTMLImageFallbackHelper::CustomStyleForAltText Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=486734:486735 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5351672080236544 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 4
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ebb152a77ab28297e31bcc733ed990995ac7fdc0 (Clean out some "using namespace WTF".). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jul 4
Some code calling Value() on a Length object which is not calculated. I haven't looked more at it and it's code I'm not familiar with. The patch the systems found was a syntactic change in the network code. Unlikely to have caused a layout engine crash.
,
Jul 4
,
Jul 4
,
Jul 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b7f42c43f28a5e0e3753c0ece1d950e627f9d54a commit b7f42c43f28a5e0e3753c0ece1d950e627f9d54a Author: Fredrik Söderquist <fs@opera.com> Date: Tue Jul 10 20:38:26 2018 Fix propagation of 'width' and 'height' in HTMLImageFallbackHelper Use CSSValue::Create(const Length&, ...) to produce values in unzoomed coordinates. This handles for instance calc(...) expressions correctly. Bug: 860204 Change-Id: I30e639c38dc49795d44a5e28cc1bf01734543730 Reviewed-on: https://chromium-review.googlesource.com/1126307 Reviewed-by: Stephen Chenney <schenney@chromium.org> Commit-Queue: Fredrik Söderquist <fs@opera.com> Cr-Commit-Position: refs/heads/master@{#573893} [add] https://crrev.com/b7f42c43f28a5e0e3753c0ece1d950e627f9d54a/third_party/WebKit/LayoutTests/images/propagating-calc-to-fallback-placeholder-expected.html [add] https://crrev.com/b7f42c43f28a5e0e3753c0ece1d950e627f9d54a/third_party/WebKit/LayoutTests/images/propagating-calc-to-fallback-placeholder.html [modify] https://crrev.com/b7f42c43f28a5e0e3753c0ece1d950e627f9d54a/third_party/blink/renderer/core/html/html_image_fallback_helper.cc
,
Jul 11
ClusterFuzz has detected this issue as fixed in range 573888:573896. Detailed report: https://clusterfuzz.com/testcase?key=5351672080236544 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !IsCalculated() in length.h blink::Length::Value blink::HTMLImageFallbackHelper::CustomStyleForAltText Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=486734:486735 Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=573888:573896 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5351672080236544 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 11
ClusterFuzz testcase 5351672080236544 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jul 4Labels: Test-Predator-Auto-Components