New issue
Advanced search Search tips

Issue 914912 link

Starred by 1 user
Status: Assigned
Owner:
mstensho@chromium.org
Cc:
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: IsFirstAfterBreak(line_top_in_flow_thread) || !line.PaginationStrut() || !IsLogi

Project Member Reported by ClusterFuzz, Dec 13 
Detailed report: https://clusterfuzz.com/testcase?key=5328635780923392

Fuzzer: marty_html_twiddler
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  IsFirstAfterBreak(line_top_in_flow_thread) || !line.PaginationStrut() || !IsLogi
  blink::MinimumSpaceShortageFinder::ExamineLine
  blink::ColumnBalancer::TraverseLines
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5328635780923392

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Yesterday (43 hours ago)

Cc: kkaluri@chromium.org
Labels: M-72 Test-Predator-Wrong
Owner: mstensho@chromium.org
Status: Assigned (was: Untriaged)
With reference to the   Issue 902762  , assigning it to mstensho@

Comment 2 by mstensho@chromium.org, Yesterday (40 hours ago)

tc.html
241 bytes View Download

Comment 3 by mstensho@chromium.org, Yesterday (40 hours ago)

Components: Blink>Layout>MultiCol
Project Member

Comment 4 by bugdroid, Today (9 hours ago) 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9208cda4415043c9e5c36aaae69759cc78cf9897

commit 9208cda4415043c9e5c36aaae69759cc78cf9897
Author: Morten Stenshorne <mstensho@chromium.org>
Date: Tue Jan 22 21:08:30 2019

Better fragmentation inside floats interrupted by spanners.

The current layout engine doesn't really handle this well, but we'll now
look ahead for sibling column sets if the flow thread coordinate isn't
contained by the current one. If we do this during layout, we then risk
matching against flow thread boundaries from the previous layout pass,
but that's really the best we can do.

Also corrected a flow thread coordinate boundary check.
page_boundary_rule == kAssociateWithFormerPage could actually hit the
wrong column set because of an off-by-one comparison meant for
page_boundary_rule == kAssociateWithLatterPage.

Bug: 914912
Change-Id: I39a170da21e640154de141f30e363baa9f7c20ec
Reviewed-on: https://chromium-review.googlesource.com/c/1425701
Commit-Queue: Emil A Eklund <eae@chromium.org>
Reviewed-by: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#624914}
[modify] https://crrev.com/9208cda4415043c9e5c36aaae69759cc78cf9897/third_party/blink/renderer/core/layout/layout_multi_column_flow_thread.cc
[modify] https://crrev.com/9208cda4415043c9e5c36aaae69759cc78cf9897/third_party/blink/web_tests/TestExpectations
[add] https://crrev.com/9208cda4415043c9e5c36aaae69759cc78cf9897/third_party/blink/web_tests/external/wpt/css/css-multicol/float-with-line-after-spanner-ref.html
[add] https://crrev.com/9208cda4415043c9e5c36aaae69759cc78cf9897/third_party/blink/web_tests/external/wpt/css/css-multicol/float-with-line-after-spanner.html

Sign in to add a comment