New issue
Advanced search Search tips

Issue 910849 link

Starred by 1 user
Status: Fixed
Merged: issue 636993
Owner:
kojii@chromium.org
Closed: Dec 8
Cc:
jmukthavaram@chromium.org
e...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 636993



Sign in to add a comment

Crash on opening https://ilyabirman.net/

Reported by michel.b...@gmail.com, Dec 1 
IMPORTANT: Your crash has already been automatically reported to our crash system. Please file this bug only if you can provide more information about it.

Chrome Version: 72.0.3622.0
Operating System: Windows NT 10.0.17763

URL (if applicable) where crash occurred:
https://ilyabirman.net/

Can you reproduce this crash?
Yes.

What steps will reproduce this crash? (If it's not reproducible, what were you doing just before the crash?)
1. Enabled the following flags and restart the browser
2. Open https://ilyabirman.net/
3. You'll get "Aw, Snap!" error.

Google Chrome	72.0.3622.0 (Official Build) dev (64-bit) (cohort: Dev)
Revision	74770d660797220710701b2c66ad38390ab86d43-refs/branch-heads/3622@{#1}
OS	Windows
JavaScript	V8 7.2.468
Flash	32.0.0.93 C:\Users\User\AppData\Local\Google\Chrome Dev\User Data\PepperFlash\32.0.0.93\pepflashplayer.dll
User Agent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3622.0 Safari/537.36
Command Line	"C:\Program Files (x86)\Google\Chrome Dev\Application\chrome.exe" --flag-switches-begin --allow-insecure-localhost --enable-device-discovery-notifications --enable-appcontainer --enable-audio-focus --enable-devtools-experiments --enable-experimental-web-platform-features --enable-google-branded-context-menu --enable-gpu-rasterization --history-entry-requires-user-gesture --enable-input-ime-api --javascript-harmony --enable-offline-auto-reload-visible-only --enable-offline-auto-reload --enable-quic --use-simple-cache-backend=on --enable-spelling-feedback-field-trial --enable-suggestions-with-substring-match --enable-use-zoom-for-dsf=true --enable-webgl-draft-extensions --enable-webrtc-srtp-aes-gcm --enable-webrtc-srtp-encrypted-headers --enable-webrtc-stun-origin --enable-experimental-extension-apis --extension-content-verification=enforce_strict --force-pnacl-subzero --ignore-gpu-blacklist --enable-lcd-text --num-raster-threads=4 --enable-hardware-overlays=single-fullscreen,single-on-top --pull-to-refresh=1 --reduced-referrer-granularity --save-page-as-mhtml --show-saved-copy=primary --enable-smooth-scrolling --tls13-variant=final --try-supported-channel-layouts --v8-cache-options=code --enable-features=AppBanners,AutofillDropdownLayout,AutofillExpandedPopupViews,AutomaticTabDiscarding,AutoplayWhitelistSettings,AwaitOptimization,BloatedRendererDetection,ClickToOpenPDFPlaceholder,DataReductionProxyDecidesTransform,DesktopPWAWindowing,DesktopPWAsLinkCapturing,DetectingHeavyPages,DrawOcclusion,EnableEmojiContextMenu,ExpensiveBackgroundTimerThrottling,ExperimentalAppBanners,ExperimentalProductivityFeatures,ExperimentalUi,FontCacheScaling,GdiTextPrinting,GenericSensor,HighDynamicRange,ImageCaptureAPI,ImprovedLanguageSettings,IncreaseInputAudioBufferSize,InfiniteSessionRestore,LayeredAPI,LayoutNG,LazyFrameLoading,LazyImageLoading,LeftToRightUrls,LevelDBPerformRewrite,LookalikeUrlNavigationSuggestionsUI,MemoryCoordinator,MidiManagerWinrt,NativeNotifications,NewAudioRenderingMixingStrategy,NewPrintPreview,NewRemotePlaybackPipeline,NewStyleNotifications,NewTabPageBackgrounds,NewTabPageCustomLinks,NewTabPageIcons,NewTabPageUIMd,NewUsbBackend,NupPrinting,OmniboxDocumentProvider,OmniboxNewAnswerLayout,OmniboxSpeculativeServiceWorkerStartOnQueryInput,OmniboxTabSwitchSuggestions,OmniboxUIExperimentMaxAutocompleteMatches,OriginTrials,OverflowIconsForMediaControls,OverlayScrollbar,OverlayScrollbarFlashAfterAnyScrollUpdate,OverlayScrollbarFlashWhenMouseEnter,PageAlmostIdle,ParallelDownloading,PasswordImport,PdfIsolation,PictureInPicture,PolicyTool,Previews,ProactiveTabFreezeAndDiscard,RegionalLocalesAsDisplayUI,RuntimeHostPermissions,SSLCommittedInterstitials,ScrollAnchorSerialization,ServiceWorkerImportedScriptUpdateCheck,ServiceWorkerServicification,SharedArrayBuffer,SimplifyHttpsIndicator,SiteSettings,SoundContentSetting,SyncSupportSecondaryAccount,SyncUSSAutofillProfile,TopSitesFromSiteEngagement,TranslateUI,UseGoogleLocalNtp,UseModernMediaControls,UseMultiloginEndpoint,UseNewAcceptLanguageHeader,UseSurfaceLayerForVideo,V8Orinoco,V8VmFuture,ViewsCastDialog,WebAssemblyBaseline,WebAssemblyThreads,WebAuthentication,WebAuthenticationCable,WebAuthenticationCtap2,WebRTC-H264WithOpenH264FFmpeg,WebRtcHybridAgc,WebRtcUseEchoCanceller3,Windows10CustomTitlebar,ZeroSuggestRedirectToChrome,brotli-encoding,google-password-manager --disable-features=OmniboxRichEntitySuggestions,OverscrollHistoryNavigation --flag-switches-end

****DO NOT CHANGE BELOW THIS LINE****
Crash ID: crash/4615abc48e947e64

Comment 1 Deleted

Comment 2 by michel.b...@gmail.com, Dec 1 

The problem is with the flag:

chrome://flags/#enable-layout-ng

Once I disabled it, the site opens correctly, no crash.

Comment 3 by jmukthavaram@chromium.org, Dec 3

Cc: jmukthavaram@chromium.org
Mergedinto: 636993
Status: Duplicate (was: Unconfirmed)
As per the above provided crash id, issue seems to be similar to #636993, hence merging into it. Please feel free to undup if it is not similar.

Thanks..!

Comment 4 by cbiesin...@chromium.org, Dec 6

Blocking: 636993
Cc: kojii@chromium.org e...@chromium.org
Components: Blink>Layout
Labels: -Restrict-View-EditIssue
Status: Available (was: Duplicate)
	0x00007ff9c45ef52b	(chrome_child.dll -ng_inline_layout_algorithm.cc:614 )	blink::NGInlineLayoutAlgorithm::ApplyJustify(blink::NGLineInfo *)

Comment 5 by e...@chromium.org, Dec 6

Cc: -kojii@chromium.org
Labels: LayoutNG Pri-1 Type-Bug
Owner: kojii@chromium.org
Status: Assigned (was: Available)
Project Member

Comment 6 by bugdroid1@chromium.org, Dec 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2acb5169efc37eb40e5f9b8d82a1e93a6dc05200

commit 2acb5169efc37eb40e5f9b8d82a1e93a6dc05200
Author: Koji Ishii <kojii@chromium.org>
Date: Fri Dec 07 23:00:48 2018

[LayoutNG] Fix crash when justifying empty lines

This patch fixes when `text-align: justify` is applied to
empty lines.

We started to hit this case while ago, when early exit of
inline layout algorithm for empty lines turned out to be not
always correct such as when it has floats, out-of-flow
objects, or empty inline boxes.

I think at this point we know when it is safe to exit early
better. I'll measure if such an optimization is worth the
cost to split code paths.

Bug:  910849 
Change-Id: If6c786a7aeaa1b10351f529bc1a1e57dc99a77c8
Reviewed-on: https://chromium-review.googlesource.com/c/1367074
Commit-Queue: Emil A Eklund <eae@chromium.org>
Reviewed-by: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#614859}
[modify] https://crrev.com/2acb5169efc37eb40e5f9b8d82a1e93a6dc05200/third_party/blink/renderer/core/layout/ng/inline/ng_inline_layout_algorithm.cc
[add] https://crrev.com/2acb5169efc37eb40e5f9b8d82a1e93a6dc05200/third_party/blink/web_tests/fast/text/justify-empty-line-crash-expected.html
[add] https://crrev.com/2acb5169efc37eb40e5f9b8d82a1e93a6dc05200/third_party/blink/web_tests/fast/text/justify-empty-line-crash.html

Comment 7 by kojii@chromium.org, Dec 8

Status: Fixed (was: Assigned)
Thank you for using LayoutNG and reporting this issue to us.

Sign in to add a comment