Issue 594475 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Mar 2016
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
TE-NeedsFurtherTriage M-51

[Autofill] DCHECK hit on https://online.pumb.ua/

Project Member Reported by se...@yandex-team.ru, Mar 14 2016

Issue description

URLs (if applicable) : https://online.pumb.ua/

What steps will reproduce the problem?
1. Run browser with enabled DCHECKs.
2. Open https://online.pumb.ua/.
3. Observe DCHECK hit.

What is the expected result?
No DCHECK hit.

What happens instead of that?
DCHECK hit.

In  http://crbug.com/427622  were added ignore of "lookup"-named address fields,
this ignore moves scanner forward, and if ignored field is the last in the form,
then next Parse* calls inside of AddressField::Parse is invalid.

Proposed fix is to move this ignore logic to the beginning of
AddressField::Parse().

I'll assign CL soon to this bug.



[6604:6036:0314/142507:FATAL:autofill_scanner.cc(41)] Check failed: saved_cursor_ != end_.
Backtrace:
        base::debug::StackTrace::StackTrace [0x100976D1+33] (c:\browser\chromium\chromium\src\base\debug\stack_trace_win.cc:215)
        logging::LogMessage::~LogMessage [0x100EC5EB+75] (c:\browser\chromium\chromium\src\base\logging.cc:522)
        autofill::AutofillScanner::Rewind [0x071CD9AB+251] (c:\browser\chromium\chromium\src\components\autofill\core\browser\autofill_scanner.cc:41)
        autofill::AddressField::ParseCountry [0x07173BC0+160] (c:\browser\chromium\chromium\src\components\autofill\core\browser\address_field.cc:244)
        autofill::AddressField::Parse [0x07172E92+306] (c:\browser\chromium\chromium\src\components\autofill\core\browser\address_field.cc:63)
        autofill::FormField::ParseFormFieldsPass [0x071EAB7F+63] (c:\browser\chromium\chromium\src\components\autofill\core\browser\form_field.cc:177)
        autofill::FormField::ParseFormFields [0x071EA9E9+169] (c:\browser\chromium\chromium\src\components\autofill\core\browser\form_field.cc:71)
        autofill::FormStructure::DetermineHeuristicTypes [0x071F2E82+162] (c:\browser\chromium\chromium\src\components\autofill\core\browser\form_structure.cc:366)
        autofill::AutofillManager::ParseForms [0x071A48B3+307] (c:\browser\chromium\chromium\src\components\autofill\core\browser\autofill_manager.cc:1673)
        autofill::AutofillManager::OnFormsSeen [0x071A3221+289] (c:\browser\chromium\chromium\src\components\autofill\core\browser\autofill_manager.cc:256)
        base::DispatchToMethodImpl<autofill::AutofillManager *,void (__thiscall autofill::AutofillManager::*)(std::vector<autofill::FormData,std::allocator<autofill::FormData> > const &,base::TimeTicks const &),std::vector<autofill::FormData,std::allocator<autofi [0x07693CCD+61] (c:\browser\chromium\chromium\src\base\tuple.h:166)
        base::DispatchToMethod<autofill::AutofillManager *,void (__thiscall autofill::AutofillManager::*)(std::vector<autofill::FormData,std::allocator<autofill::FormData> > const &,base::TimeTicks const &),std::vector<autofill::FormData,std::allocator<autofill:: [0x0769372A+42] (c:\browser\chromium\chromium\src\base\tuple.h:173)
        IPC::DispatchToMethod<autofill::AutofillManager,void (__thiscall autofill::AutofillManager::*)(std::vector<autofill::FormData,std::allocator<autofill::FormData> > const &,base::TimeTicks const &),void,std::tuple<std::vector<autofill::FormData,std::allocat [0x07693A08+24] (c:\browser\chromium\chromium\src\ipc\ipc_message_templates.h:25)
        IPC::MessageT<AutofillHostMsg_FormsSeen_Meta,std::tuple<std::vector<autofill::FormData,std::allocator<autofill::FormData> >,base::TimeTicks>,void>::Dispatch<autofill::AutofillManager,autofill::ContentAutofillDriver,void,void (__thiscall autofill::Autofill [0x07692CCE+94] (c:\browser\chromium\chromium\src\ipc\ipc_message_templates.h:119)
        autofill::ContentAutofillDriver::HandleMessage [0x07694792+418] (c:\browser\chromium\chromium\src\components\autofill\content\browser\content_autofill_driver.cc:172)
        autofill::ContentAutofillDriverFactory::OnMessageReceived [0x0769A6DF+47] (c:\browser\chromium\chromium\src\components\autofill\content\browser\content_autofill_driver_factory.cc:73)
        content::WebContentsImpl::OnMessageReceived [0x164F7834+420] (c:\browser\chromium\chromium\src\content\browser\web_contents\web_contents_impl.cc:576)
        content::WebContentsImpl::OnMessageReceived [0x164FA283+35] (c:\browser\chromium\chromium\src\content\browser\web_contents\web_contents_impl.cc:3808)
        content::RenderFrameHostImpl::OnMessageReceived [0x1598FFDA+474] (c:\browser\chromium\chromium\src\content\browser\frame_host\render_frame_host_impl.cc:507)
        content::RenderProcessHostImpl::OnMessageReceived [0x160CBBAA+1994] (c:\browser\chromium\chromium\src\content\browser\renderer_host\render_process_host_impl.cc:1804)
		...

Project Member

Comment 1 by bugdroid1@chromium.org, Mar 14 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a6c3faf29e00ffff8f31b97a09e77294f1b4eaae

commit a6c3faf29e00ffff8f31b97a09e77294f1b4eaae
Author: sense <sense@yandex-team.ru>
Date: Mon Mar 14 12:26:25 2016

Fix AddressField "lookup" fields ignore logic.

In  http://crbug.com/427622  were added ignore of "lookup"-named address
fields. This ignore moves scanner forward, and if ignored field is the
last in the form, then next Parse* calls inside of AddressField::Parse
is invalid.
This fix moves ignore logic to the beginning of AddressField::Parse.

R=estade@chromium.org
BUG= 594475 

Review URL: https://codereview.chromium.org/1797793003

Cr-Commit-Position: refs/heads/master@{#380956}

[add] https://crrev.com/a6c3faf29e00ffff8f31b97a09e77294f1b4eaae/chrome/test/data/autofill/heuristics/input/139_bug_594475.html
[add] https://crrev.com/a6c3faf29e00ffff8f31b97a09e77294f1b4eaae/chrome/test/data/autofill/heuristics/output/139_bug_594475.out
[modify] https://crrev.com/a6c3faf29e00ffff8f31b97a09e77294f1b4eaae/components/autofill/core/browser/address_field.cc

Comment 2 by ranjitkan@chromium.org, Mar 15 2016

Labels: Te-NeedsFurtherTriage

Comment 3 by rsleevi@chromium.org, Mar 15 2016

Labels: M-51
Status: Fixed (was: Unconfirmed)

►

Issue 594475 link

Issue metadata

[Autofill] DCHECK hit on https://online.pumb.ua/

Issue description

Comment 1 by bugdroid1@chromium.org, Mar 14 2016

Comment 1 Deleted

Comment 2 by ranjitkan@chromium.org, Mar 15 2016

Comment 2 Deleted

Comment 3 by rsleevi@chromium.org, Mar 15 2016

Comment 3 Deleted

Sign in to add a comment