New issue
Advanced search Search tips

Issue 904971 link

Starred by 2 users
Status: Fixed
Owner:
wangxianzhu@chromium.org
Closed: Nov 16
Cc:
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Dragging chrome://welcome logo causes page crash in dev build

Project Member Reported by orinj@chromium.org, Nov 13 
Chrome Version: 
Chromium	72.0.3607.0 (Developer Build) (64-bit)
Revision	fabe78ea42052335674f6cc9c809dd610a8eea29-refs/heads/master@{#606939}
OS	Linux
JavaScript	V8 7.2.287
Flash	(Disabled)
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3607.0 Safari/537.36

What steps will reproduce the problem?
(1) Build on Linux from commit with SHA fabe78ea42052335674f6cc9c809dd610a8eea29 (others nearby work as well)
(2) Run chrome and visit chrome://welcome
(3) Click on and around the logo, trying to drag.  Most of the time it won't drag anything, but keep trying until you get a drag.  (I've had luck clicking around the bottom of the logo.)
(4) When a drag begins, the page will crash with Aw Snap and sad tab.

A stack trace and about:gpu report are attached.  See  crbug.com/904380#c5  for info on how this bug was discovered.
about_gpu_report.txt
16.2 KB View Download
stack_trace.txt
6.4 KB View Download

Comment 1 by mpear...@chromium.org, Nov 13

Components: Blink>Paint

Comment 2 by schenney@chromium.org, Nov 13

Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Nov 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/31f1804d7dee9de02ad7c9a8e77d8d4d070cdcae

commit 31f1804d7dee9de02ad7c9a8e77d8d4d070cdcae
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Fri Nov 16 01:18:28 2018

[PE] Allow transient PaintController to abort without commit

This disables DCHECK(new_display_item_list_.IsEmpty()) for transient
paint controllers in the destructor. We could require the client of
a transient controller to always commit and finish cycle, but allowing
to abort seems simpler and harmless.

Bug:  904971 
Change-Id: If1bd15b55cbad0e1871eaed4a8d30b78e8a54d86
Reviewed-on: https://chromium-review.googlesource.com/c/1336953
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608615}
[modify] https://crrev.com/31f1804d7dee9de02ad7c9a8e77d8d4d070cdcae/third_party/blink/renderer/platform/graphics/paint/paint_controller.cc
[modify] https://crrev.com/31f1804d7dee9de02ad7c9a8e77d8d4d070cdcae/third_party/blink/renderer/platform/graphics/paint/paint_controller_test.cc

Comment 4 by wangxianzhu@chromium.org, Nov 16

Status: Fixed (was: Assigned)

Sign in to add a comment