Crash in blink::PaintArtifactCompositor::LayerizeGroup |
|
Issue descriptionWe are receiving crash reports of a NPE in blink::PaintArtifactCompositor::LayerizeGroup: blink::PaintPropertyNode<blink::ClipPaintPropertyNode>::Unalias() const blink::PaintArtifactCompositor::LayerizeGroup(blink::PaintArtifact const&, blink::PaintArtifactCompositor::Settings const&, WTF::Vector<blink::PaintArtifactCompositor::PendingLayer, 0u, WTF::PartitionAllocator>&, blink::EffectPaintPropertyNode const&, blink::PaintChunk const*&) blink::PaintArtifactCompositor::LayerizeGroup(blink::PaintArtifact const&, blink::PaintArtifactCompositor::Settings const&, WTF::Vector<blink::PaintArtifactCompositor::PendingLayer, 0u, WTF::PartitionAllocator>&, blink::EffectPaintPropertyNode const&, blink::PaintChunk const*&) blink::PaintArtifactCompositor::Update(scoped_refptr<blink::PaintArtifact const>, std::__ndk1::unordered_set<cc::ElementId, cc::ElementIdHash, std::__ndk1::equal_to<cc::ElementId>, std::__ndk1::allocator<cc::ElementId> >&, blink::PaintArtifactCompositor::ViewportProperties const&, blink::PaintArtifactCompositor::Settings const&) blink::LocalFrameView::UpdateLifecyclePhases(blink::DocumentLifecycle::LifecycleState, blink::DocumentLifecycle::LifecycleUpdateReason) (see: go/crash/a910bda95821e273) Looking at PaintArtifactCompositor::LayerizeGroup, the only calls to ClipNode::Unalias seem to be from CanUpcastTo. Maybe we could put in some speculative CHECKS that the ClipNodes are non-null? We could also add a speculative "return false" for those conditions. Vlad, do you have cycles to take a look at this? I don't think this is related to your work on aliasing; I think it's just a general paint bug.
,
Yesterday
(33 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e24232b80612cbb268a7b9da20b5d498a12f2391 commit e24232b80612cbb268a7b9da20b5d498a12f2391 Author: Vladimir Levin <vmpstr@chromium.org> Date: Mon Jan 21 21:04:39 2019 Ensure to do SafeUnalias while layerizing a group. This patch is a speculative fix for the referenced bug. R=pdr@chromium.org Bug: 923729 Change-Id: If635382198a89d8f58bffda19d059baa9d87881a Reviewed-on: https://chromium-review.googlesource.com/c/1426017 Reviewed-by: Philip Rogers <pdr@chromium.org> Commit-Queue: vmpstr <vmpstr@chromium.org> Cr-Commit-Position: refs/heads/master@{#624667} [modify] https://crrev.com/e24232b80612cbb268a7b9da20b5d498a12f2391/third_party/blink/renderer/platform/graphics/compositing/paint_artifact_compositor.cc
,
Today
(12 hours ago)
Issue 924066 has been merged into this issue. |
|
►
Sign in to add a comment |
|
Comment 1 by schenney@chromium.org
, Yesterday (35 hours ago)