Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/compositing/overlap-map-stack-crash.html 

<!DOCTYPE html>
<html>
<head>

<style>
#container {
  position: absolute;
  z-index: 0;
  top: 50px;
  left: 50px;
  width: 300px;
  height: 300px;
  background-color: gray;
}

#compositedNegZIndex {
  position: absolute;
  z-index: -5;
  width: 100px;
  height: 100px;
  background-color: blue;
  overflow: scroll;
}

#tall {
  height: 1000px;
}

#innocentNegZIndex {
  position: absolute;
  z-index: -2;
  top: 200px;
  left: 200px;
  width: 100px;
  height: 100px;
  background-color: lime;
}

#explanation {
  position: absolute;
  top: 400px;
}
</style>

<script>
if (window.internals) {
    internals.settings.setPreferCompositingToLCDTextEnabled(true);
}

function doTest() {
    if (!window.internals)
        document.getElementById("explanation").style.display = "block";

    if (window.testRunner)
        testRunner.dumpAsText();
}

window.addEventListener("load", doTest, false);
</script>

</head>
<body>

<div id="container">
  <div id="compositedNegZIndex">
    <div id="tall"></div>
  </div>
  <div id="innocentNegZIndex"> </div>
</div>

<pre id="explanation" style="display:none;">
Crash after hitting below bottom of overlap stack: https://code.google.com/p/chromium/issues/detail?id=285979

The crashing scenario happened as follows:

 - force-compositing-mode is disabled.  As a result, compositing mode is
   disabled until a compositing trigger.

 - overflow-scroll as the compositing trigger, because it does not enable
   compositing mode before computeCompositingRequirements. Other triggers
   happen during CompositedLayerMapping incremental update entry points.
   (Note: CompositedLayerMapping was formerly known as LayerBacking.)

 - The above two requirements are necessary to create the scenario where
   the root layer does not create an overlap context.

 - The overflow-scroll element has a negative z-index which causes the
   parent layer to be composited, too.

 - As a result, subsequent children layers need to add themselves to the
   overlap map, even if they are not composited.

 - The problem, however, is that we never created an overlap context for
   these negative z-index non-composited layers. When the layers try to add
   themselves to the overlap, they try to access below the bottom of the
   stack, and crash.
</pre>

</body>

</html>