Chrome crashes when a context menu is opened while a MenuController is run non-blocking |
|||
Issue descriptionVersion: 51.0.2687.0 OS: Linux, Chrome OS What steps will reproduce the problem? (1) Install a few extensions (2) Resize omnibox such that some extensions show in toolbar and some show in the app menu. (3) Start a drag of an extension button from chrome toolbar into the app menu. (4) Once the app menu opens, use keyboard to select an extension item. (5) Press [context menu] key on a keyboard (Alt+Space on a chromebook). What is the expected output? No crash What do you see instead? crash (id = bcc6bf3800000000) Please use labels and text to provide additional information.
,
Mar 24 2016
I am hitting an earlier DCHECK in debug build on Linux: [18770:18770:0324/132018:FATAL:menu_controller.cc(1207)] Check failed: blocking_run_. #0 0x7f1bac203c3e base::debug::StackTrace::StackTrace() #1 0x7f1bac25f08f logging::LogMessage::~LogMessage() #2 0x7f1b9f78bb9e views::MenuController::OnKeyDown() #3 0x7f1b9f88ab9e views::MenuKeyEventHandler::OnKeyEvent() #4 0x7f1ba5d07235 ui::EventHandler::OnEvent() #5 0x7f1ba5d02830 ui::EventDispatcher::DispatchEvent() ... #56 0x7f1b9f8cf95b views::DesktopWindowTreeHostX11::DispatchEvent() #57 0x7f1ba5c1b93f ui::PlatformEventSource::DispatchEvent() #58 0x7f1b9f4e09f4 ui::X11EventSourceGlib::ProcessXEvent() #59 0x7f1b9f4ce2e0 ui::X11EventSource::ExtractCookieDataDispatchEvent() #60 0x7f1b9f4ce25a ui::X11EventSource::DispatchXEvents() #61 0x7f1b9f4e0bb5 ui::(anonymous namespace)::XSourceDispatch()
,
Mar 24 2016
,
Mar 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/896fcf08e23a57d82ff9eeb003b7b875ecb17d2b commit 896fcf08e23a57d82ff9eeb003b7b875ecb17d2b Author: jonross <jonross@chromium.org> Date: Tue Mar 29 14:25:19 2016 Fix MenuRunnerImpl Crash for context menu during drag-and-drop A user could cause a crash in release builds of chromium by dragging an extension from the toolbar into the app menu. Then while not releasing the dragged item, use arrow keys to select another extension icon. Then pressing right-click-menu key on a keyboard. This was because MenuRunner was not expecting nesting of MenuControllerDelegates within drag-ang-drop menus. This was not caught earlier as key handling in MenuController had a DCHECK to prevent key handling during drag-and-drop. This change addressed the crash in MenuRunnerImpl. Additionally both MenuController::OnKeyDown and MenuController::SelectByChar will exit instead of handling key events. We don't want a multi-model drag-and-drop / keyboard interaction model. TEST=MenuRunnerTest.NestingDuringDrag and manual testing BUG= 597669 Review URL: https://codereview.chromium.org/1834823002 Cr-Commit-Position: refs/heads/master@{#383717} [modify] https://crrev.com/896fcf08e23a57d82ff9eeb003b7b875ecb17d2b/ui/views/controls/menu/menu_controller.cc [modify] https://crrev.com/896fcf08e23a57d82ff9eeb003b7b875ecb17d2b/ui/views/controls/menu/menu_runner_impl.cc [modify] https://crrev.com/896fcf08e23a57d82ff9eeb003b7b875ecb17d2b/ui/views/controls/menu/menu_runner_unittest.cc
,
Mar 29 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by varkha@chromium.org
, Mar 24 2016