Null-dereference READ in blink::CSSImageGeneratorValue::RemoveClient |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4883467892162560 Fuzzer: jesse_avalanche Job Type: linux_msan_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: blink::CSSImageGeneratorValue::RemoveClient blink::LayoutObject::UpdateFirstLineImageObservers blink::LayoutObject::WillBeDestroyed Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=622297:622298 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4883467892162560 Issue filed automatically. See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for instructions to reproduce this bug locally.
,
Jan 12
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f6facb87f009321e336fea1db249ad41f4116bb8 (Reland "[PE] Fix background-image on ::first-line"). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3edb3f1bbe315083871126bcbe4d422556b0d69f commit 3edb3f1bbe315083871126bcbe4d422556b0d69f Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Sat Jan 12 21:33:09 2019 Revert "Reland "[PE] Fix background-image on ::first-line"" This reverts commit f6facb87f009321e336fea1db249ad41f4116bb8. Reason for revert: Still can't ensure strictly paired AddClient/RemoveClient. Bug: 921337 ,921341 Original change's description: > Reland "[PE] Fix background-image on ::first-line" > > This reverts commit 3b58524dfeb579392545998cbb64841138cc5a6e. > > The original patch failed to call RemoveClient for the background-image > in the first line style. > > Original change's description: > > Revert "[PE] Fix background-image on ::first-line" > > > > This reverts commit fe023954ad31e422d0deb4116d7867098e11b688. > > > > Reason for revert: crbug.com/920115 > > > > Bug: 920115 > > > > Original change's description: > > > [PE] Fix background-image on ::first-line > > > > > > This CL ensures correct handling of background-image on ::first-line > > > from style change to paint invalidation. > > > > > > Bug: 918881 > > > Change-Id: I2e3a7bf60cb0f851b203fc7f5135c4186cc731a3 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1396154 > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#620921} > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > Change-Id: Iba8387598922eaccd35f44bcaceac1cff59ea83a > > No-Presubmit: true > > No-Tree-Checks: true > > No-Try: true > > Bug: 918881 > > Reviewed-on: https://chromium-review.googlesource.com/c/1403315 > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#621178} > > Bug: 920115, 918881 > Change-Id: I3ea101ae09ad062de657a8917d77b1ec34e329e4 > Reviewed-on: https://chromium-review.googlesource.com/c/1403316 > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > Cr-Commit-Position: refs/heads/master@{#622298} TBR=wangxianzhu@chromium.org,futhark@chromium.org Change-Id: I6d31b858b2bf61bb123c6bdb09780f33e05b4878 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 920115, 918881 Reviewed-on: https://chromium-review.googlesource.com/c/1407974 Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Cr-Commit-Position: refs/heads/master@{#622325} [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/layout/layout_block.cc [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/layout/layout_block.h [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/layout/layout_object.cc [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/layout/layout_object.h [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/layout/layout_object_test.cc [modify] https://crrev.com/3edb3f1bbe315083871126bcbe4d422556b0d69f/third_party/blink/renderer/core/paint/README.md [delete] https://crrev.com/23fd0037212be010c7c7e7ac2d8480203b5c3653/third_party/blink/web_tests/external/wpt/css/css-backgrounds/background-image-first-line.html [delete] https://crrev.com/23fd0037212be010c7c7e7ac2d8480203b5c3653/third_party/blink/web_tests/external/wpt/css/css-backgrounds/reference/background-image-first-line-ref.html
,
Jan 13
ClusterFuzz has detected this issue as fixed in range 622324:622325. Detailed report: https://clusterfuzz.com/testcase?key=4883467892162560 Fuzzer: jesse_avalanche Job Type: linux_msan_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: blink::CSSImageGeneratorValue::RemoveClient blink::LayoutObject::UpdateFirstLineImageObservers blink::LayoutObject::WillBeDestroyed Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=622297:622298 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=622324:622325 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4883467892162560 See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 13
ClusterFuzz testcase 4883467892162560 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 14
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bd339720737e44c9d730bb8a71990f30f6dd4ccf commit bd339720737e44c9d730bb8a71990f30f6dd4ccf Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Mon Jan 14 19:11:38 2019 Reland "Reland "[PE] Fix background-image on ::first-line"" This reverts commit 3edb3f1bbe315083871126bcbe4d422556b0d69f. Fix by moving UpdateFirstLineImageObservers() from CachedFirstLineStyle() into GetCachedPseudoStyle() to ensure we update image observers for the correct object. Original change's description: > Revert "Reland "[PE] Fix background-image on ::first-line"" > > This reverts commit f6facb87f009321e336fea1db249ad41f4116bb8. > > Reason for revert: Still can't ensure strictly paired AddClient/RemoveClient. > > Bug: 921337 ,921341 > > Original change's description: > > Reland "[PE] Fix background-image on ::first-line" > > > > This reverts commit 3b58524dfeb579392545998cbb64841138cc5a6e. > > > > The original patch failed to call RemoveClient for the background-image > > in the first line style. > > > > Original change's description: > > > Revert "[PE] Fix background-image on ::first-line" > > > > > > This reverts commit fe023954ad31e422d0deb4116d7867098e11b688. > > > > > > Reason for revert: crbug.com/920115 > > > > > > Bug: 920115 > > > > > > Original change's description: > > > > [PE] Fix background-image on ::first-line > > > > > > > > This CL ensures correct handling of background-image on ::first-line > > > > from style change to paint invalidation. > > > > > > > > Bug: 918881 > > > > Change-Id: I2e3a7bf60cb0f851b203fc7f5135c4186cc731a3 > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1396154 > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > > Cr-Commit-Position: refs/heads/master@{#620921} > > > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > > > Change-Id: Iba8387598922eaccd35f44bcaceac1cff59ea83a > > > No-Presubmit: true > > > No-Tree-Checks: true > > > No-Try: true > > > Bug: 918881 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1403315 > > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#621178} > > > > Bug: 920115, 918881 > > Change-Id: I3ea101ae09ad062de657a8917d77b1ec34e329e4 > > Reviewed-on: https://chromium-review.googlesource.com/c/1403316 > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#622298} > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > Change-Id: I6d31b858b2bf61bb123c6bdb09780f33e05b4878 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: 920115, 918881 > Reviewed-on: https://chromium-review.googlesource.com/c/1407974 > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > Cr-Commit-Position: refs/heads/master@{#622325} Change-Id: I2509073937be3b1eb8f4bdc0d6f5151c93253851 Bug: 921337 , 921341, 920115, 918881 Reviewed-on: https://chromium-review.googlesource.com/c/1408358 Reviewed-by: Rune Lillesveen <futhark@chromium.org> Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Cr-Commit-Position: refs/heads/master@{#622542} [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/layout/layout_block.cc [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/layout/layout_block.h [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/layout/layout_object.cc [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/layout/layout_object.h [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/layout/layout_object_test.cc [modify] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/renderer/core/paint/README.md [add] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/web_tests/external/wpt/css/css-backgrounds/background-image-first-line.html [add] https://crrev.com/bd339720737e44c9d730bb8a71990f30f6dd4ccf/third_party/blink/web_tests/external/wpt/css/css-backgrounds/reference/background-image-first-line-ref.html
,
Jan 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/36dab48068086f08eacf7f283293d6ce49493440 commit 36dab48068086f08eacf7f283293d6ce49493440 Author: Dominic Battré <battre@chromium.org> Date: Tue Jan 15 08:59:16 2019 Revert "Reland "Reland "[PE] Fix background-image on ::first-line""" This reverts commit bd339720737e44c9d730bb8a71990f30f6dd4ccf. Reason for revert: test still failing, see crbug.com/920115 Original change's description: > Reland "Reland "[PE] Fix background-image on ::first-line"" > > This reverts commit 3edb3f1bbe315083871126bcbe4d422556b0d69f. > > Fix by moving UpdateFirstLineImageObservers() from > CachedFirstLineStyle() into GetCachedPseudoStyle() to ensure > we update image observers for the correct object. > > Original change's description: > > Revert "Reland "[PE] Fix background-image on ::first-line"" > > > > This reverts commit f6facb87f009321e336fea1db249ad41f4116bb8. > > > > Reason for revert: Still can't ensure strictly paired AddClient/RemoveClient. > > > > Bug: 921337 ,921341 > > > > Original change's description: > > > Reland "[PE] Fix background-image on ::first-line" > > > > > > This reverts commit 3b58524dfeb579392545998cbb64841138cc5a6e. > > > > > > The original patch failed to call RemoveClient for the background-image > > > in the first line style. > > > > > > Original change's description: > > > > Revert "[PE] Fix background-image on ::first-line" > > > > > > > > This reverts commit fe023954ad31e422d0deb4116d7867098e11b688. > > > > > > > > Reason for revert: crbug.com/920115 > > > > > > > > Bug: 920115 > > > > > > > > Original change's description: > > > > > [PE] Fix background-image on ::first-line > > > > > > > > > > This CL ensures correct handling of background-image on ::first-line > > > > > from style change to paint invalidation. > > > > > > > > > > Bug: 918881 > > > > > Change-Id: I2e3a7bf60cb0f851b203fc7f5135c4186cc731a3 > > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1396154 > > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > > > Cr-Commit-Position: refs/heads/master@{#620921} > > > > > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > > > > > Change-Id: Iba8387598922eaccd35f44bcaceac1cff59ea83a > > > > No-Presubmit: true > > > > No-Tree-Checks: true > > > > No-Try: true > > > > Bug: 918881 > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1403315 > > > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > Cr-Commit-Position: refs/heads/master@{#621178} > > > > > > Bug: 920115, 918881 > > > Change-Id: I3ea101ae09ad062de657a8917d77b1ec34e329e4 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1403316 > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#622298} > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > Change-Id: I6d31b858b2bf61bb123c6bdb09780f33e05b4878 > > No-Presubmit: true > > No-Tree-Checks: true > > No-Try: true > > Bug: 920115, 918881 > > Reviewed-on: https://chromium-review.googlesource.com/c/1407974 > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#622325} > > Change-Id: I2509073937be3b1eb8f4bdc0d6f5151c93253851 > Bug: 921337 , 921341, 920115, 918881 > Reviewed-on: https://chromium-review.googlesource.com/c/1408358 > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > Cr-Commit-Position: refs/heads/master@{#622542} TBR=wangxianzhu@chromium.org,futhark@chromium.org Change-Id: I3f5aca68d9e5e739f262187171530fc718ff71a9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 921337 , 921341, 920115, 918881 Reviewed-on: https://chromium-review.googlesource.com/c/1411534 Reviewed-by: Dominic Battré <battre@chromium.org> Commit-Queue: Dominic Battré <battre@chromium.org> Cr-Commit-Position: refs/heads/master@{#622787} [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/layout/layout_block.cc [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/layout/layout_block.h [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/layout/layout_object.cc [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/layout/layout_object.h [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/layout/layout_object_test.cc [modify] https://crrev.com/36dab48068086f08eacf7f283293d6ce49493440/third_party/blink/renderer/core/paint/README.md [delete] https://crrev.com/9f461d7b2b9eb0a8e42e948363dbdebfaf75fbfc/third_party/blink/web_tests/external/wpt/css/css-backgrounds/background-image-first-line.html [delete] https://crrev.com/9f461d7b2b9eb0a8e42e948363dbdebfaf75fbfc/third_party/blink/web_tests/external/wpt/css/css-backgrounds/reference/background-image-first-line-ref.html
,
Jan 15
After reverting the tree does not compile. https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8924276730494665504/+/steps/compile/0/stdout [2071/3279] SOLINK ./libwebviewchromium.so FAILED: libwebviewchromium.so libwebviewchromium.so.TOC lib.unstripped/libwebviewchromium.so python "../../build/toolchain/gcc_solink_wrapper.py" --readelf="../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-readelf" --nm="../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-nm" --strip=../../third_party/eu-strip/bin/eu-strip --sofile="./lib.unstripped/libwebviewchromium.so" --tocfile="./libwebviewchromium.so.TOC" --output="./libwebviewchromium.so" -- ../../third_party/llvm-build/Release+Asserts/bin/clang++ -shared -Wl,--fatal-warnings -fPIC -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro -Wl,-z,defs -Wl,--as-needed --gcc-toolchain=../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64 -fuse-ld=lld -Wl,-z,max-page-size=4096 -Wl,--icf=all -Wl,--color-diagnostics -Wl,--exclude-libs=libgcc.a -Wl,--exclude-libs=libvpx_assembly_arm.a --target=aarch64-linux-android -Werror -Wl,--warn-shared-textrel -Wl,-O2 -Wl,--gc-sections --sysroot=../../third_party/android_ndk/platforms/android-21/arch-arm64 -nostdlib -Wl,--warn-shared-textrel -Wl,--version-script=../../build/android/android_only_jni_exports.lst -Wl,-wrap,calloc -Wl,-wrap,free -Wl,-wrap,malloc -Wl,-wrap,memalign -Wl,-wrap,posix_memalign -Wl,-wrap,pvalloc -Wl,-wrap,realloc -Wl,-wrap,valloc -Wl,--dynamic-linker,/system/bin/linker64 -L../../third_party/android_ndk/sources/cxx-stl/llvm-libc++/libs/arm64-v8a -o "./lib.unstripped/libwebviewchromium.so" -Wl,-soname="libwebviewchromium.so" @"./libwebviewchromium.so.rsp" ld.lld: error: undefined symbol: blink::LayoutBlock::ImageChanged(void*, blink::ImageResourceObserver::CanDeferInvalidation) >>> referenced by layout_svg_block.cc >>> svg_layout/layout_svg_block.o:(vtable for blink::LayoutSVGBlock) in archive obj/third_party/blink/renderer/core/layout/svg/libsvg_layout.a ld.lld: error: undefined symbol: blink::LayoutBlock::ImageChanged(void*, blink::ImageResourceObserver::CanDeferInvalidation) >>> referenced by layout_svg_foreign_object.cc >>> svg_layout/layout_svg_foreign_object.o:(vtable for blink::LayoutSVGForeignObject) in archive obj/third_party/blink/renderer/core/layout/svg/libsvg_layout.a clang: error: linker command failed with exit code 1 (use -v to see invocation) [2072/3279] CXX android_clang_arm/obj/third_party/blink/renderer/core/css/css/scroll_padding_top_custom.o [2073/3279] CXX android_clang_arm/obj/third_party/blink/renderer/core/css/css/right_custom.o [2074/3279] SOLINK ./libmonochrome.so FAILED: libmonochrome.so libmonochrome.so.TOC lib.unstripped/libmonochrome.so python "../../build/toolchain/gcc_solink_wrapper.py" --readelf="../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-readelf" --nm="../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-nm" --strip=../../third_party/eu-strip/bin/eu-strip --sofile="./lib.unstripped/libmonochrome.so" --tocfile="./libmonochrome.so.TOC" --output="./libmonochrome.so" -- ../../third_party/llvm-build/Release+Asserts/bin/clang++ -shared -Wl,--version-script=gen/android_webview/monochrome_linker_script.txt -Wl,--hash-style=gnu -Wl,--fatal-warnings -fPIC -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro -Wl,-z,defs -Wl,--as-needed --gcc-toolchain=../../third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64 -fuse-ld=lld -Wl,-z,max-page-size=4096 -Wl,--icf=all -Wl,--color-diagnostics -Wl,--exclude-libs=libgcc.a -Wl,--exclude-libs=libvpx_assembly_arm.a --target=aarch64-linux-android -Werror -Wl,--warn-shared-textrel -Wl,-O2 -Wl,--gc-sections --sysroot=../../third_party/android_ndk/platforms/android-21/arch-arm64 -nostdlib -Wl,--warn-shared-textrel -Wl,--pack-dyn-relocs=android -Wl,-wrap,calloc -Wl,-wrap,free -Wl,-wrap,malloc -Wl,-wrap,memalign -Wl,-wrap,posix_memalign -Wl,-wrap,pvalloc -Wl,-wrap,realloc -Wl,-wrap,valloc -Wl,--dynamic-linker,/system/bin/linker64 -L../../third_party/android_ndk/sources/cxx-stl/llvm-libc++/libs/arm64-v8a -o "./lib.unstripped/libmonochrome.so" -Wl,-soname="libmonochrome.so" @"./libmonochrome.so.rsp" ld.lld: error: undefined symbol: blink::LayoutBlock::ImageChanged(void*, blink::ImageResourceObserver::CanDeferInvalidation) >>> referenced by layout_svg_block.cc >>> svg_layout/layout_svg_block.o:(vtable for blink::LayoutSVGBlock) in archive obj/third_party/blink/renderer/core/layout/svg/libsvg_layout.a ld.lld: error: undefined symbol: blink::LayoutBlock::ImageChanged(void*, blink::ImageResourceObserver::CanDeferInvalidation) >>> referenced by layout_svg_foreign_object.cc >>> svg_layout/layout_svg_foreign_object.o:(vtable for blink::LayoutSVGForeignObject) in archive obj/third_party/blink/renderer/core/layout/svg/libsvg_layout.a From https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Android%20Release%20%28Nexus%205X%29/15049
,
Jan 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ac2dc886674e80d0ca221a4042a83f47ac0ed162 commit ac2dc886674e80d0ca221a4042a83f47ac0ed162 Author: Dominic Battré <battre@chromium.org> Date: Tue Jan 15 10:12:26 2019 Reland "Reland "Reland "[PE] Fix background-image on ::first-line""" This reverts commit 36dab48068086f08eacf7f283293d6ce49493440. Reason for revert: Reverting broke the compilation. A broken test is better than a non-compiling tree. Original change's description: > Revert "Reland "Reland "[PE] Fix background-image on ::first-line""" > > This reverts commit bd339720737e44c9d730bb8a71990f30f6dd4ccf. > > Reason for revert: test still failing, see crbug.com/920115 > > Original change's description: > > Reland "Reland "[PE] Fix background-image on ::first-line"" > > > > This reverts commit 3edb3f1bbe315083871126bcbe4d422556b0d69f. > > > > Fix by moving UpdateFirstLineImageObservers() from > > CachedFirstLineStyle() into GetCachedPseudoStyle() to ensure > > we update image observers for the correct object. > > > > Original change's description: > > > Revert "Reland "[PE] Fix background-image on ::first-line"" > > > > > > This reverts commit f6facb87f009321e336fea1db249ad41f4116bb8. > > > > > > Reason for revert: Still can't ensure strictly paired AddClient/RemoveClient. > > > > > > Bug: 921337 ,921341 > > > > > > Original change's description: > > > > Reland "[PE] Fix background-image on ::first-line" > > > > > > > > This reverts commit 3b58524dfeb579392545998cbb64841138cc5a6e. > > > > > > > > The original patch failed to call RemoveClient for the background-image > > > > in the first line style. > > > > > > > > Original change's description: > > > > > Revert "[PE] Fix background-image on ::first-line" > > > > > > > > > > This reverts commit fe023954ad31e422d0deb4116d7867098e11b688. > > > > > > > > > > Reason for revert: crbug.com/920115 > > > > > > > > > > Bug: 920115 > > > > > > > > > > Original change's description: > > > > > > [PE] Fix background-image on ::first-line > > > > > > > > > > > > This CL ensures correct handling of background-image on ::first-line > > > > > > from style change to paint invalidation. > > > > > > > > > > > > Bug: 918881 > > > > > > Change-Id: I2e3a7bf60cb0f851b203fc7f5135c4186cc731a3 > > > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1396154 > > > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > > > > Cr-Commit-Position: refs/heads/master@{#620921} > > > > > > > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > > > > > > > Change-Id: Iba8387598922eaccd35f44bcaceac1cff59ea83a > > > > > No-Presubmit: true > > > > > No-Tree-Checks: true > > > > > No-Try: true > > > > > Bug: 918881 > > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1403315 > > > > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > > Cr-Commit-Position: refs/heads/master@{#621178} > > > > > > > > Bug: 920115, 918881 > > > > Change-Id: I3ea101ae09ad062de657a8917d77b1ec34e329e4 > > > > Reviewed-on: https://chromium-review.googlesource.com/c/1403316 > > > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > > Cr-Commit-Position: refs/heads/master@{#622298} > > > > > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > > > > > Change-Id: I6d31b858b2bf61bb123c6bdb09780f33e05b4878 > > > No-Presubmit: true > > > No-Tree-Checks: true > > > No-Try: true > > > Bug: 920115, 918881 > > > Reviewed-on: https://chromium-review.googlesource.com/c/1407974 > > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#622325} > > > > Change-Id: I2509073937be3b1eb8f4bdc0d6f5151c93253851 > > Bug: 921337 , 921341, 920115, 918881 > > Reviewed-on: https://chromium-review.googlesource.com/c/1408358 > > Reviewed-by: Rune Lillesveen <futhark@chromium.org> > > Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> > > Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#622542} > > TBR=wangxianzhu@chromium.org,futhark@chromium.org > > Change-Id: I3f5aca68d9e5e739f262187171530fc718ff71a9 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: 921337 , 921341, 920115, 918881 > Reviewed-on: https://chromium-review.googlesource.com/c/1411534 > Reviewed-by: Dominic Battré <battre@chromium.org> > Commit-Queue: Dominic Battré <battre@chromium.org> > Cr-Commit-Position: refs/heads/master@{#622787} TBR=wangxianzhu@chromium.org,battre@chromium.org,futhark@chromium.org Change-Id: I46dca78e51fe16ff7091674028b184a6d7cc1b83 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 921337 , 921341, 920115, 918881 Reviewed-on: https://chromium-review.googlesource.com/c/1411595 Reviewed-by: Dominic Battré <battre@chromium.org> Commit-Queue: Dominic Battré <battre@chromium.org> Cr-Commit-Position: refs/heads/master@{#622796} [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/layout/layout_block.cc [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/layout/layout_block.h [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/layout/layout_object.cc [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/layout/layout_object.h [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/layout/layout_object_test.cc [modify] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/renderer/core/paint/README.md [add] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/web_tests/external/wpt/css/css-backgrounds/background-image-first-line.html [add] https://crrev.com/ac2dc886674e80d0ca221a4042a83f47ac0ed162/third_party/blink/web_tests/external/wpt/css/css-backgrounds/reference/background-image-first-line-ref.html |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jan 12Labels: Test-Predator-Auto-Components