LayoutNG: Renderer crash in blink::IsBeforeSoftLineBreak |
|
Issue descriptionmacOS 10.13 72.0.3599.0, "Enable LayoutNG" enabled See https://crash.corp.google.com/browse?q=ReportID%3D%278e14df511c2e18db%27&stbtiq=&reportid=&index=0 To repro: click the method name on https://developer.apple.com/documentation/appkit/nsevent/1532495-mouseeventwithtype?language=objc 0x000000010d7e7299 (Google Chrome Framework -shape_result.h:151) blink::IsBeforeSoftLineBreak(blink::NGPaintFragment const&) 0x000000010d7e71a9 (Google Chrome Framework -layout_selection.cc) blink::LayoutSelection::ComputeSelectionStatus(blink::NGPaintFragment const&) const 0x000000010de3db9a (Google Chrome Framework -paint_invalidator.cc:170) blink::PaintInvalidator::InvalidatePaint(blink::LayoutObject const&, blink::PaintPropertyTreeBuilderContext const*, blink::PaintInvalidatorContext&) 0x000000010de7279c (Google Chrome Framework -pre_paint_tree_walk.cc:345) blink::PrePaintTreeWalk::WalkInternal(blink::LayoutObject const&, blink::PrePaintTreeWalk::PrePaintTreeWalkContext&) 0x000000010de71f08 (Google Chrome Framework -pre_paint_tree_walk.cc:426) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71f68 (Google Chrome Framework -pre_paint_tree_walk.cc:434) blink::PrePaintTreeWalk::Walk(blink::LayoutObject const&) 0x000000010de71be1 (Google Chrome Framework -pre_paint_tree_walk.cc:128) blink::PrePaintTreeWalk::Walk(blink::LocalFrameView&) 0x000000010de71569 (Google Chrome Framework -pre_paint_tree_walk.cc:56) blink::PrePaintTreeWalk::WalkTree(blink::LocalFrameView&) 0x000000010d9020c9 (Google Chrome Framework -local_frame_view.cc:2541) blink::LocalFrameView::RunPrePaintLifecyclePhase(blink::DocumentLifecycle::LifecycleState) 0x000000010d9019d1 (Google Chrome Framework -local_frame_view.cc:2408) blink::LocalFrameView::UpdateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) 0x000000010d900eba (Google Chrome Framework -local_frame_view.cc:2365) blink::LocalFrameView::UpdateLifecyclePhases(blink::DocumentLifecycle::LifecycleState) 0x000000010ddceb6d (Google Chrome Framework -page_animator.cc:110) blink::PageAnimator::UpdateAllLifecyclePhases(blink::LocalFrame&) 0x000000010d870789 (Google Chrome Framework -web_view_impl.cc:1554) blink::WebViewImpl::UpdateLifecycle(blink::WebWidget::LifecycleUpdate) 0x000000010e8ace97 (Google Chrome Framework -render_widget.cc:1047) content::RenderWidget::UpdateVisualState() 0x000000010b7aad1c (Google Chrome Framework -proxy_main.cc:222) cc::ProxyMain::BeginMainFrame(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >) 0x000000010b7aa009 (Google Chrome Framework -bind_internal.h:516) void base::internal::Invoker<base::internal::BindState<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >, void ()>::RunImpl<void (cc::ProxyMain::*)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), std::__1::tuple<base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >, 0ul, 1ul>(void (cc::ProxyMain::*&&)(std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> >), std::__1::tuple<base::WeakPtr<cc::ProxyMain>, base::internal::PassedWrapper<std::__1::unique_ptr<cc::BeginMainFrameAndCommitState, std::__1::default_delete<cc::BeginMainFrameAndCommitState> > > >&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) 0x000000010a3ac149 (Google Chrome Framework -callback.h:99) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010a412359 (Google Chrome Framework -thread_controller_impl.cc:196) base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) 0x000000010a3ac149 (Google Chrome Framework -callback.h:99) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010a3c6abe (Google Chrome Framework -message_loop_impl.cc:545) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010a3c6e12 (Google Chrome Framework -message_loop_impl.cc:556) base::MessageLoop::DoWork() 0x000000010a3c89b9 (Google Chrome Framework -message_pump_mac.mm:455) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010a3bbeb9 (Google Chrome Framework+ 0x0275deb9) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010a3c831e (Google Chrome Framework -message_pump_mac.mm:431) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff37c98d30 (CoreFoundation+ 0x0009fd30) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff37d5060b (CoreFoundation+ 0x0015760b) __CFRunLoopDoSource0 0x00007fff37c7bcdf (CoreFoundation+ 0x00082cdf) __CFRunLoopDoSources0 0x00007fff37c7b15c (CoreFoundation+ 0x0008215c) __CFRunLoopRun 0x00007fff37c7a9b6 (CoreFoundation+ 0x000819b6) CFRunLoopRunSpecific 0x00007fff39d91f25 (Foundation+ 0x00020f25) -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 0x000000010a3c901c (Google Chrome Framework -message_pump_mac.mm:729) base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 0x000000010a3c7dfd (Google Chrome Framework -message_pump_mac.mm:184) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010a3ebe94 (Google Chrome Framework -run_loop.cc:102) <name omitted> 0x000000010e8bc32d (Google Chrome Framework -renderer_main.cc:202) content::RendererMain(content::MainFunctionParams const&) 0x0000000109f5eb00 (Google Chrome Framework -content_main_runner_impl.cc:906) content::ContentMainRunnerImpl::Run(bool) 0x000000010c55a54c (Google Chrome Framework -main.cc:472) service_manager::Main(service_manager::MainParams const&) 0x0000000109f5df43 (Google Chrome Framework -content_main.cc:19) content::ContentMain(content::ContentMainParams const&) 0x0000000107c61dae (Google Chrome Framework -chrome_main.cc:102) ChromeMain 0x0000000107af84cd (Google Chrome Helper -chrome_exe_main_mac.cc:101) main 0x00007fff5fb58014 (libdyld.dylib+ 0x00001014) start
,
Dec 14
|
|
►
Sign in to add a comment |
|
Comment 1 by xiaoche...@chromium.org
, Nov 2Owner: yoichio@chromium.org
Status: Assigned (was: Untriaged)