MSan reports use of uninitalized value in RenderWidgetHostViewAura::UpdateInputMethodIfNecessary() |
|||
Issue descriptionSee https://build.chromium.org/p/chromium.memory.fyi/builders/Linux%20MSan%20Tests/builds/15017/steps/interactive_ui_tests%20on%20Ubuntu-12.04/logs/WebViewFocusInteractiveTest.Focus_FocusRestored: [ RUN ] WebViewFocusInteractiveTest.Focus_FocusRestored ... ==16072==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0xa3c0ebc in UpdateInputMethodIfNecessary content/browser/renderer_host/render_widget_host_view_aura.cc:869:33 #1 0xa6fbe91 in UpdateTextInputState content/browser/web_contents/web_contents_impl.cc:2284:5 #2 0xace3504 in DestroyGuestView content/browser/frame_host/render_widget_host_view_guest.cc:499:3 #3 0xace3504 in RenderProcessGone content/browser/frame_host/render_widget_host_view_guest.cc:182:0 #4 0xa399c37 in RendererExited content/browser/renderer_host/render_widget_host_impl.cc:1347:5 #5 0xa3509f7 in RenderProcessExited content/browser/renderer_host/render_view_host_impl.cc:586:3 #6 0xa3509f7 in ?? content/browser/renderer_host/render_view_host_impl.cc:580:0 #7 0xa319fcf in ProcessDied content/browser/renderer_host/render_process_host_impl.cc:2423:3 #8 0xa318d4b in FastShutdownIfPossible content/browser/renderer_host/render_process_host_impl.cc:1700:3 #9 0x18995ed in OnShutdownStarting chrome/browser/browser_shutdown.cc:135:10 #10 0x37dedd2 in OnWindowClosing chrome/browser/ui/browser.cc:704:5 #11 0x34c6879 in CanClose chrome/browser/ui/views/frame/browser_view.cc:1913:5 #12 0x31fbcf6 in Close ui/views/widget/widget.cc:563:17 #13 0x1818469 in CloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:166:5 #14 0x1818e1b in TryToCloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:79:3 #15 0x14e9047 in CloseAllBrowsers chrome/browser/lifetime/application_lifetime.cc:144:3 #16 0x14ea097 in AttemptExitInternal chrome/browser/lifetime/application_lifetime.cc:100:3 #17 0x14ea097 in AttemptExit chrome/browser/lifetime/application_lifetime.cc:223:0 #18 0x426b102 in Run base/callback.h:397:12 #19 0x426b102 in RunTask base/debug/task_annotator.cc:51:0 #20 0x40ca0ff in RunTask base/message_loop/message_loop.cc:479:3 #21 0x40cbb17 in DeferOrRunPendingTask base/message_loop/message_loop.cc:488:5 #22 0x40cc638 in DoWork base/message_loop/message_loop.cc:600:13 #23 0x4264b49 in HandleDispatch base/message_loop/message_pump_glib.cc:267:7 #24 0x4264b49 in WorkSourceDispatch base/message_loop/message_pump_glib.cc:109:0 #25 0x7f51babbf803 in g_main_dispatch /mnt/b/chromium/src/out-msan-chained-origins-precise/Release/obj/third_party/instrumented_libraries/msan-libglib2.0-0.gen/libglib2.0-0/glib2.0-2.32.4/glib/gmain.c:2539:21 #26 0x7f51babbf803 in g_main_context_dispatch /mnt/b/chromium/src/out-msan-chained-origins-precise/Release/obj/third_party/instrumented_libraries/msan-libglib2.0-0.gen/libglib2.0-0/glib2.0-2.32.4/glib/gmain.c:3075:0 #27 0x7f51babc0bc9 in g_main_context_iterate /mnt/b/chromium/src/out-msan-chained-origins-precise/Release/obj/third_party/instrumented_libraries/msan-libglib2.0-0.gen/libglib2.0-0/glib2.0-2.32.4/glib/gmain.c:3146:5 #28 0x7f51babc0f61 in g_main_context_iteration /mnt/b/chromium/src/out-msan-chained-origins-precise/Release/obj/third_party/instrumented_libraries/msan-libglib2.0-0.gen/libglib2.0-0/glib2.0-2.32.4/glib/gmain.c:3207:12 #29 0x4263ddc in ?? base/message_loop/message_pump_glib.cc:309:30 #30 0x414561b in Run base/run_loop.cc:35:3 #31 0xdf83786 in RunThisRunLoop content/public/test/test_utils.cc:135:3 #32 0xdf83604 in ?? content/public/test/test_utils.cc:122:3 #33 0x1e7fe04 in QuitBrowsers chrome/test/base/in_process_browser_test.cc:599:3 #34 0x1e7f58f in RunTestOnMainThreadLoop chrome/test/base/in_process_browser_test.cc:583:3 #35 0x1e93773 in ProxyRunTestOnMainThreadLoop content/public/test/browser_test_base.cc:309:3 #36 0x18f64d2 in Run base/callback.h:397:12 #37 0x18f64d2 in PreMainMessageLoopRunImpl chrome/browser/chrome_browser_main.cc:1800:0 #38 0x18f15cd in PreMainMessageLoopRun chrome/browser/chrome_browser_main.cc:1156:18 #39 0xaa60a3e in PreMainMessageLoopRun content/browser/browser_main_loop.cc:928:5 #40 0xb094bd7 in Run base/callback.h:397:12 #41 0xb094bd7 in RunAllTasksNow content/browser/startup_task_runner.cc:45:0 #42 0xaa586ff in CreateStartupTasks content/browser/browser_main_loop.cc:801:3 #43 0xaa6e42f in Initialize content/browser/browser_main_runner.cc:139:5 #44 0x16787195 in BrowserMain content/browser/browser_main.cc:41:19 #45 0xdf694e2 in RunNamedProcessTypeMain content/app/content_main_runner.cc:380:14 #46 0xdf6c943 in Run content/app/content_main_runner.cc:741:12 #47 0xdf656c7 in ContentMain content/app/content_main.cc:19:15 #48 0x1e929bf in SetUp content/public/test/browser_test_base.cc:282:3 #49 0x1e7b05c in SetUp chrome/test/base/in_process_browser_test.cc:254:3 #50 0x2a6e018 in HandleExceptionsInMethodIfSupported\u003Ctesting::Test, void> testing/gtest/src/gtest.cc:2458:12 #51 0x2a6e018 in Run testing/gtest/src/gtest.cc:2470:0 #52 0x2a71587 in Run testing/gtest/src/gtest.cc:2656:5 #53 0x2a72dd3 in Run testing/gtest/src/gtest.cc:2774:5 #54 0x2a9032e in RunAllTests testing/gtest/src/gtest.cc:4647:11 #55 0x2a8f335 in HandleExceptionsInMethodIfSupported\u003Ctesting::internal::UnitTestImpl, bool> testing/gtest/src/gtest.cc:2458:12 #56 0x2a8f335 in Run testing/gtest/src/gtest.cc:4255:0 #57 0xdf228b3 in RUN_ALL_TESTS testing/gtest/include/gtest/gtest.h:2237:10 #58 0xdf228b3 in Run base/test/test_suite.cc:230:0 #59 0x969bf4 in RunTestSuite chrome/test/base/interactive_ui_tests_main.cc:74:12 #60 0xdf778e4 in LaunchTests content/public/test/test_launcher.cc:517:12 #61 0x9699db in main chrome/test/base/interactive_ui_tests_main.cc:86:22 #62 0x7f51b2f5176c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226:0 #63 0x4abdc0 in _start ??:0 Uninitialized value was stored to memory at #0 0x4c9987 in __msan_memcpy ??:0 #1 0xa6fbdd9 in operator= content/common/text_input_state.h:16:23 #2 0xa6fbdd9 in UpdateTextInputState content/browser/web_contents/web_contents_impl.cc:2278:0 #3 0xace3504 in DestroyGuestView content/browser/frame_host/render_widget_host_view_guest.cc:499:3 #4 0xace3504 in RenderProcessGone content/browser/frame_host/render_widget_host_view_guest.cc:182:0 #5 0xa399c37 in RendererExited content/browser/renderer_host/render_widget_host_impl.cc:1347:5 #6 0xa3509f7 in RenderProcessExited content/browser/renderer_host/render_view_host_impl.cc:586:3 #7 0xa3509f7 in ?? content/browser/renderer_host/render_view_host_impl.cc:580:0 #8 0xa319fcf in ProcessDied content/browser/renderer_host/render_process_host_impl.cc:2423:3 #9 0xa318d4b in FastShutdownIfPossible content/browser/renderer_host/render_process_host_impl.cc:1700:3 #10 0x18995ed in OnShutdownStarting chrome/browser/browser_shutdown.cc:135:10 #11 0x37dedd2 in OnWindowClosing chrome/browser/ui/browser.cc:704:5 #12 0x34c6879 in CanClose chrome/browser/ui/views/frame/browser_view.cc:1913:5 #13 0x31fbcf6 in Close ui/views/widget/widget.cc:563:17 #14 0x1818469 in CloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:166:5 #15 0x1818e1b in TryToCloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:79:3 #16 0x14e9047 in CloseAllBrowsers chrome/browser/lifetime/application_lifetime.cc:144:3 #17 0x14ea097 in AttemptExitInternal chrome/browser/lifetime/application_lifetime.cc:100:3 #18 0x14ea097 in AttemptExit chrome/browser/lifetime/application_lifetime.cc:223:0 #19 0x426b102 in Run base/callback.h:397:12 #20 0x426b102 in RunTask base/debug/task_annotator.cc:51:0 #21 0x40ca0ff in RunTask base/message_loop/message_loop.cc:479:3 #22 0x40cbb17 in DeferOrRunPendingTask base/message_loop/message_loop.cc:488:5 #23 0x40cc638 in DoWork base/message_loop/message_loop.cc:600:13 #24 0x4264b49 in HandleDispatch base/message_loop/message_pump_glib.cc:267:7 #25 0x4264b49 in WorkSourceDispatch base/message_loop/message_pump_glib.cc:109:0 Uninitialized value was created by a heap allocation #0 0x513312 in operator new(unsigned long) ??:0 #1 0xa3e51ac in NotifyHostDelegateAboutShutdown content/browser/renderer_host/render_widget_host_view_base.cc:84:27 #2 0xace3504 in DestroyGuestView content/browser/frame_host/render_widget_host_view_guest.cc:499:3 #3 0xace3504 in RenderProcessGone content/browser/frame_host/render_widget_host_view_guest.cc:182:0 #4 0xa399c37 in RendererExited content/browser/renderer_host/render_widget_host_impl.cc:1347:5 #5 0xa3509f7 in RenderProcessExited content/browser/renderer_host/render_view_host_impl.cc:586:3 #6 0xa3509f7 in ?? content/browser/renderer_host/render_view_host_impl.cc:580:0 #7 0xa319fcf in ProcessDied content/browser/renderer_host/render_process_host_impl.cc:2423:3 #8 0xa318d4b in FastShutdownIfPossible content/browser/renderer_host/render_process_host_impl.cc:1700:3 #9 0x18995ed in OnShutdownStarting chrome/browser/browser_shutdown.cc:135:10 #10 0x37dedd2 in OnWindowClosing chrome/browser/ui/browser.cc:704:5 #11 0x34c6879 in CanClose chrome/browser/ui/views/frame/browser_view.cc:1913:5 #12 0x31fbcf6 in Close ui/views/widget/widget.cc:563:17 #13 0x1818469 in CloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:166:5 #14 0x1818e1b in TryToCloseBrowsers chrome/browser/lifetime/browser_close_manager.cc:79:3 #15 0x14e9047 in CloseAllBrowsers chrome/browser/lifetime/application_lifetime.cc:144:3 #16 0x14ea097 in AttemptExitInternal chrome/browser/lifetime/application_lifetime.cc:100:3 #17 0x14ea097 in AttemptExit chrome/browser/lifetime/application_lifetime.cc:223:0 #18 0x426b102 in Run base/callback.h:397:12 #19 0x426b102 in RunTask base/debug/task_annotator.cc:51:0 #20 0x40ca0ff in RunTask base/message_loop/message_loop.cc:479:3 #21 0x40cbb17 in DeferOrRunPendingTask base/message_loop/message_loop.cc:488:5 #22 0x40cc638 in DoWork base/message_loop/message_loop.cc:600:13 #23 0x4264b49 in HandleDispatch base/message_loop/message_pump_glib.cc:267:7 #24 0x4264b49 in WorkSourceDispatch base/message_loop/message_pump_glib.cc:109:0 SUMMARY: MemorySanitizer: use-of-uninitialized-value (/tmp/run3j7HTg/out/Release/interactive_ui_tests+0xa3c0ebc) Ehsan, can you please fix ASAP?
,
Apr 7 2016
Thanks for fixing this.
,
Apr 7 2016
,
Apr 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/46b778341feee9da0294c6138d860ad20dffca90 commit 46b778341feee9da0294c6138d860ad20dffca90 Author: ekaramad <ekaramad@chromium.org> Date: Mon Apr 18 20:44:49 2016 Revert "Browser Side Text Input State Tracking for OOPIF." The original patch (https://codereview.chromium.org/1652483002/) led to many regressions. This CL is a manual revert of that patch, plus several dependent CLs that landed subsequently. Revert "Browser Side Text Input State Tracking for OOPIF." This reverts commit 2bd4a2f0c0f114979d47f4498ea1bce9b091591e. Revert "Initialize TextInputState::TextInputState::show_ime_if_needed in the constructor." This reverts commit 0c15a6bce78d7dc48bdaac09d90dc8cd55893b6f. Revert "Add the missing text input state tracking code to RenderWidgetHostViewMac." This reverts commit 73a3921eff94c55d259dac5d1536a6b4bc88345a. BUG= 578168 , 546645 , 601424 , 601570 , 601738 , 602144 , 602488 , 602926, 602954 , 603209, 603676 , 603886 NOTRY=true NOPRESUBMIT=true CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation Review URL: https://codereview.chromium.org/1898803002 Cr-Commit-Position: refs/branch-heads/2704@{#108} Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251} [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/chrome/browser/apps/guest_view/web_view_interactive_browsertest.cc [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/chrome/test/data/extensions/platform_apps/web_view/text_input_state/background.js [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/chrome/test/data/extensions/platform_apps/web_view/text_input_state/guest.html [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/chrome/test/data/extensions/platform_apps/web_view/text_input_state/manifest.json [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/chrome/test/data/extensions/platform_apps/web_view/text_input_state/window.html [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/chrome/test/data/extensions/platform_apps/web_view/text_input_state/window.js [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/DEPS [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/browser_plugin/browser_plugin_guest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/browser_plugin/browser_plugin_guest.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/interstitial_page_impl.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/interstitial_page_impl.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_child_frame.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_child_frame.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_child_frame_unittest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_guest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_guest.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/frame_host/render_widget_host_view_guest_unittest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_delegate.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_delegate.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_impl.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_impl.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_unittest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_android.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_android.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_aura.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_aura.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_aura_unittest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_base.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_base.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_mac.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_mac.mm [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_mac_unittest.mm [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_mus.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/renderer_host/render_widget_host_view_mus.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/site_per_process_browsertest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/site_per_process_browsertest.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/web_contents/web_contents_impl.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/browser/web_contents/web_contents_impl.h [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/content/common/text_input_state.cc [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/content/common/text_input_state.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/common/view_messages.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/content_common.gypi [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/public/test/browser_test_utils.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/public/test/browser_test_utils.h [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/renderer/render_view_browsertest.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/renderer/render_widget.cc [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/content/test/data/textinput/page_with_input.html [delete] https://crrev.com/73ebab994224d08a93500fe8dc8e328ca0ac58ec/content/test/data/textinput/page_with_input_iframeX2_input.html [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/test/test_render_view_host.cc [modify] https://crrev.com/46b778341feee9da0294c6138d860ad20dffca90/content/test/test_render_view_host.h |
|||
►
Sign in to add a comment |
|||
Comment 1 by bugdroid1@chromium.org
, Apr 7 2016