New issue
Advanced search Search tips

Issue 916850 link

Starred by 2 users
Status: Fixed
Owner:
szager@chromium.org
Closed: Jan 18
Cc:
szager@chromium.org
vmp...@chromium.org
m...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash (flaky) when blink::MediaCustomControlsFullscreenDetector::OnCheckViewportIntersectionTimerFired() is called

Project Member Reported by m...@chromium.org, Dec 20 
This is a carry-over from  bug 906258 . The code for PiP's detection of "fullscreen-ish" content has an issue where its timer may fire and attempt to use blink::IntersectionGeometry at the wrong time, causing a failed assertion. See original description of  bug 906258  for similar stack trace leading to the crash.

Also, szager@ provided instructions for a fix, which I'll re-paste here:

MediaCustomControlsFullscreenDetector::OnCheckViewportIntersectionTimerFired should instantiate a new IntersectionObserver; observe the ViewElement(); and then return.

The IntersectionObserver should use a callback which contains all the rest of the logic in that method; and it should also disconnect the IntersectionObserver.

It will work because IntersectionObserver *always* cues up an initial notification whenever a new target is observed. So this logic will run at the next available opportunity (i.e., the next main frame).

Comment 1 by pnangunoori@chromium.org, Dec 26 

Friendly ping to look into this issue and to provide further update on this issue as it has been marked as a stable blocker.

Thanks!

Comment 2 by pnangunoori@google.com, Jan 2 

Friendly ping to look into this issue and to provide further update on this issue as it has been marked as a stable blocker.

Thanks!

Comment 3 by mlamo...@google.com, Jan 2 

miu@, should this be considered a RBS?

Comment 4 by m...@chromium.org, Jan 3

Cc: vmp...@chromium.org
I don't know. vmpstr@ was the one that added the DCHECK which caused regular crashes on my local "DCHECK is on" build. Perhaps they could shed some light on all of this?

ref: https://chromium.googlesource.com/chromium/src/+blame/HEAD/third_party/blink/renderer/core/layout/intersection_geometry.cc#162

The question here is: If the conditions that trigger the DCHECK occur in "DCHECK is off" builds (e.g., official release builds), will that lead to undefined/crashy behavior? I couldn't tell, which is why I've been treating this like I would any other crash report, which are usually RBS.

Comment 5 by rbasuvula@google.com, Jan 8 

Friendly ping! Could you please provide any update on this issue as it has been marked as a stable blocker.

Thank You!

Comment 6 by szager@google.com, Jan 8

Owner: szager@chromium.org
Status: Started (was: Assigned)
Project Member

Comment 7 by bugdroid1@chromium.org, Jan 10 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/020d4423e05c0421b8081fa2ffee9ec8f3ec846d

commit 020d4423e05c0421b8081fa2ffee9ec8f3ec846d
Author: Stefan Zager <szager@chromium.org>
Date: Thu Jan 10 03:42:41 2019

Use IntersectionObserver in MediaCustomControlsFullscreenDetector

It's never safe to use IntersectionGeometry directly from a timer.
Change implementation to use an IntersectionObserver, which always runs
at the right time. This works because whenever observer->observe() is
called, it will generate an initial notification at the next
opportunity, whether the target is initially intersecting or not.

BUG:  916850 
Change-Id: I972ae8defb1c5a3bdcb8cbd52633ec28167c0f8e
Reviewed-on: https://chromium-review.googlesource.com/c/1399452
Reviewed-by: Yuri Wiitala <miu@chromium.org>
Commit-Queue: Stefan Zager <szager@chromium.org>
Cr-Commit-Position: refs/heads/master@{#621440}
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/html/media/media_custom_controls_fullscreen_detector.cc
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/html/media/media_custom_controls_fullscreen_detector.h
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/html/media/media_custom_controls_fullscreen_detector_test.cc
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/intersection_observer/intersection_observation.cc
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/intersection_observer/intersection_observer.cc
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/intersection_observer/intersection_observer.h
[modify] https://crrev.com/020d4423e05c0421b8081fa2ffee9ec8f3ec846d/third_party/blink/renderer/core/intersection_observer/intersection_observer_test.cc

Comment 8 by abdulsyed@google.com, Jan 14 

[bulk update] Just a heads up, M72 stable is about 2 weeks away. This issue is marked as RB-Stable. Please take a look.

Comment 9 by abdulsyed@google.com, Jan 18 (4 days ago) 

miu@/ why is this RB-Stable?

Comment 10 by szager@google.com, Jan 18 (4 days ago)

Status: Fixed (was: Started)
Project Member

Comment 11 by blocker...@chrome-infra-auth.iam.gserviceaccount.com, Jan 18 (4 days ago)

Labels: Merge-TBD
[Auto-generated comment by a script] We noticed that this issue is targeted for M-72; it appears the fix may have landed after branch point, meaning a merge might be required. The owner of this bug should confirm if a merge is required here. If so, add Merge-Request-72 label and indicate which commits/CLs are to be merged. Otherwise, remove Merge-TBD label. Thanks.

Comment 12 by abdulsyed@google.com, Today (10 hours ago)

Labels: -Merge-TBD

Comment 13 by szager@chromium.org, Today (10 hours ago) 

If this is not a frequent crasher, I would prefer not to merge.

Comment 14 by szager@chromium.org, Today (10 hours ago) 

Actually, this is a DCHECK, right? So there are probably some crashes in official builds, but I'm guessing the number is pretty low.

Sign in to add a comment