New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 146689 link

Starred by 2 users

Issue metadata

Status: Verified
Owner:
Closed: Sep 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Repeatedly clicking the speech input icon crashes chrome

Reported by emim...@gmail.com, Sep 6 2012

Issue description

Chrome Version       : 22.0.1229.26 beta-m
URLs (if applicable) : http://www.google.com
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5: NOT APPLICABLE
Firefox 4.x:
IE 7/8/9:

What steps will reproduce the problem?
1. Visit google.com.
2. Click on the microphone button 3-4 times, fast.
3. Chrome crashes.

What is the expected result?

Nothing

What happens instead?

Chrome crashes

Please provide any additional information below. Attach a screenshot if
possible.

Windows 7, 64-bit.

Sincerely yours,

Emil Müller
 

Comment 1 by wtc@chromium.org, Sep 8 2012

Labels: Stability-Crash

Comment 2 by pavanv@chromium.org, Sep 17 2012

Labels: -Type-Bug -Area-Undefined Type-Regression Area-UI Mstone-22
Status: Untriaged
works fine in stable (M21), fails in latest beta 22.0.1229.56. 
Note: I had to click close to 10 times on step(2) to repro the crash

Following is the bisect info for reference -

Revision 145582 is [(g)ood/(b)ad/(u)nknown/(q)uit]: g
You are probably looking for a change made after 145582 (known good), but no lat
er than 145587 (first known bad).
CHANGELOG URL:
  http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/tru
nk/src&range=145582%3A145587

Comment 3 Deleted

Pavan .. Could u pls provide with the crash id from chrome://crashes

Comment 5 by k...@google.com, Sep 18 2012

Cc: mnissler@chromium.org
Owner: primiano@chromium.org
Status: Assigned
Based on range above, guessing it's either http://src.chromium.org/viewvc/chrome?view=rev&revision=145586 or http://src.chromium.org/viewvc/chrome?view=rev&revision=145587
Cc: h...@chromium.org
CC: +hans@ 

Does it happens also with trunk version, or a recent Canary build?

Comment 7 by h...@chromium.org, Sep 19 2012

Cc: -h...@chromium.org primiano@chromium.org
Owner: h...@chromium.org
Will look at this first thing tomorrow.

Comment 8 by h...@chromium.org, Sep 19 2012

Summary: Repeatedly clicking the speech input icon crashes chrome
Trying this on trunk on Linux with a debug build, I hit an assert if repeatedly clicking the speech icon.
Project Member

Comment 9 by bugdroid1@chromium.org, Sep 20 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=157777

------------------------------------------------------------------------
r157777 | hans@chromium.org | 2012-09-20T15:56:21.924036Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/speech/chrome_speech_recognition_manager_delegate.cc?r1=157777&r2=157776&pathrev=157777

Speech Input: always abort when user clicks outside speech bubble.

This prevents a race which would lead to a browser crash (null ptr deref) when
a speech input icon is clicked on repeatedly:

 1. User clicks speech icon
 2. We show speech bubble, ask sound system to start recording
 3. User clicks outside bubble, we close it
 3a. Speech system not recording yet, so we don't abort session
 4. Sound system calls back: "Here's some audio!"
 5. We try to update the bubble which dosn't exist anymore.

This patch fixes 3a; we should just always abort here.

BUG= 146689 
TEST=manual (click speech icon rapidly many times)


Review URL: https://chromiumcodereview.appspot.com/10960010
------------------------------------------------------------------------

Comment 10 by h...@chromium.org, Sep 20 2012

Status: Fixed
The patch above should fix this.

Let's have this shipped in Canary for a day, and then get it merged.

Comment 11 by k...@google.com, Sep 20 2012

Labels: Merge-Approved
Status: Started
Let's land now, and if there are issues in canary, we can revert.
Project Member

Comment 12 by bugdroid1@chromium.org, Sep 20 2012

Labels: -Merge-Approved merge-merged-1229
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=157778

------------------------------------------------------------------------
r157778 | hans@chromium.org | 2012-09-20T16:15:36.918608Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1229/src/chrome/browser/speech/chrome_speech_recognition_manager_delegate.cc?r1=157778&r2=157777&pathrev=157778

Merge 157777 - Speech Input: always abort when user clicks outside speech bubble.

This prevents a race which would lead to a browser crash (null ptr deref) when
a speech input icon is clicked on repeatedly:

 1. User clicks speech icon
 2. We show speech bubble, ask sound system to start recording
 3. User clicks outside bubble, we close it
 3a. Speech system not recording yet, so we don't abort session
 4. Sound system calls back: "Here's some audio!"
 5. We try to update the bubble which dosn't exist anymore.

This patch fixes 3a; we should just always abort here.

BUG= 146689 
TEST=manual (click speech icon rapidly many times)


Review URL: https://chromiumcodereview.appspot.com/10960010

TBR=hans@chromium.org
Review URL: https://codereview.chromium.org/10968014
------------------------------------------------------------------------

Comment 13 by k...@google.com, Sep 20 2012

Status: Fixed
To fixed for verification.
Status: Verified
Working fine in the latest canary - Version 24.0.1273.0 canary

Comment 15 by kareng@google.com, Sep 21 2012

Labels: -Mstone-22 Mstone-23 Merge-Approved
merge approved for M23 - branch 1271.
Project Member

Comment 16 by bugdroid1@chromium.org, Sep 24 2012

Labels: -Merge-Approved merge-merged-1271
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=158235

------------------------------------------------------------------------
r158235 | hans@chromium.org | 2012-09-24T07:53:33.316955Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1271/src/chrome/browser/speech/chrome_speech_recognition_manager_delegate.cc?r1=158235&r2=158234&pathrev=158235

Merge 157777 - Speech Input: always abort when user clicks outside speech bubble.

This prevents a race which would lead to a browser crash (null ptr deref) when
a speech input icon is clicked on repeatedly:

 1. User clicks speech icon
 2. We show speech bubble, ask sound system to start recording
 3. User clicks outside bubble, we close it
 3a. Speech system not recording yet, so we don't abort session
 4. Sound system calls back: "Here's some audio!"
 5. We try to update the bubble which dosn't exist anymore.

This patch fixes 3a; we should just always abort here.

BUG= 146689 
TEST=manual (click speech icon rapidly many times)


Review URL: https://chromiumcodereview.appspot.com/10960010

TBR=hans@chromium.org
------------------------------------------------------------------------
Project Member

Comment 17 by bugdroid1@chromium.org, Mar 9 2013

Labels: -Type-Regression -Area-Internals -Mstone-23 Type-Bug-Regression Cr-Internals M-23

Sign in to add a comment