New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 616407 link

Starred by 3 users
Status: Verified
Owner:
varkha@chromium.org
Closed: Aug 2016
Cc:
ajha@chromium.org
kavvaru@chromium.org
durga.behera@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Non-Regression: Chrome crashes on using undo in search field of switch option

Project Member Reported by sc00335...@techmahindra.com, Jun 1 2016 
Version: 52.0.2743.19/8350.14.0 (Official Build) dev-channel quawks,peppy,blaze,daisy
OS: Chrome os

What steps will reproduce the problem?
(1) Sign in to user, open any window and minimize it >> Hit switch button from keyboard[Button beside fullscreen] 
(2) Type Something so that text box appears >> Now right click and select undo option.

Expected: No browser crash should be seen on hitting undo.
Actual: Instead browser crashes.

Crash id: 644ec85a00000000.

This is a Non-Regression issue as it is also seen in 44.0.2403.125/7077.111.0 stable channel daisy.

Comment 1 by kavvaru@chromium.org, Jun 1 2016

Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on Peppy using chrome version 52.0.2743.19/8350.14.0.
Marking it as Untriaged to get more inputs from Dev team.

stack trace
==============
Thread 0 CRASHED [SIGSEGV @ 0xfffff5db6a43d800 ] MAGIC SIGNATURE THREAD
0x00007ff4da871e90	(chrome -free_list.h:79 )	tc_malloc
0x00007ff4d5890a4a	(chrome -allocator_shim.cc:150 )	ShimCppNew
0x00007ff4d675aabc	(chrome -render_text_harfbuzz.cc:1279 )	gfx::RenderTextHarfBuzz::ItemizeTextToRuns
0x00007ff4d675b101	(chrome -render_text_harfbuzz.cc:1546 )	gfx::RenderTextHarfBuzz::EnsureLayoutRunList
0x00007ff4d675beca	(chrome -render_text_harfbuzz.cc:1076 )	gfx::RenderTextHarfBuzz::EnsureLayout
0x00007ff4d6756a88	(chrome -render_text_harfbuzz.cc:807 )	gfx::RenderTextHarfBuzz::GetStringSizeF
0x00007ff4d674123a	(chrome -canvas_skia.cc:178 )	gfx::Canvas::SizeStringFloat
0x00007ff4d673eee8	(chrome -canvas.cc:79 )	gfx::Canvas::SizeStringInt
0x00007ff4d673ef6c	(chrome -canvas.cc:88 )	gfx::Canvas::GetStringWidth
0x00007ff4d800980c	(chrome -status_bubble_views.cc:433 )	StatusBubbleViews::StatusView::OnPaint
0x00007ff4d5c74b6c	(chrome -view.cc:850 )	views::View::Paint
0x00007ff4d5c60e60	(chrome -layer.cc:750 )	ui::Layer::PaintContentsToDisplayList
0x00007ff4d5ca32c3	(chrome -recording_source.cc:175 )	cc::RecordingSource::UpdateAndExpandInvalidation
0x00007ff4d5c9f077	(chrome -picture_layer.cc:114 )	cc::PictureLayer::Update
0x00007ff4d9a8acbb	(chrome -layer_tree_host.cc:1014 )	cc::LayerTreeHost::DoUpdateLayers
0x00007ff4d9a8af5e	(chrome -layer_tree_host.cc:878 )	cc::LayerTreeHost::UpdateLayers
0x00007ff4d9ab23c4	(chrome -single_thread_proxy.cc:813 )	cc::SingleThreadProxy::DoBeginMainFrame
0x00007ff4d9ab251e	(chrome -single_thread_proxy.cc:800 )	cc::SingleThreadProxy::BeginMainFrame
0x00007ff4d6467f45	(chrome -bind_internal.h:186 )	base::internal::Invoker<base::IndexSequence<0ul, 1ul>, base::internal::BindState<base::internal::RunnableAdapter<void (bluez::BluetoothAdapterBlueZ::*)(const device::BluetoothUUID&)>, void(bluez::BluetoothAdapterBlueZ*, const device::BluetoothUUID&), base::WeakPtr<bluez::BluetoothAdapterBlueZ>, device::BluetoothUUID&>, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (bluez::BluetoothAdapterBlueZ::*)(const device::BluetoothUUID&)> >, void()>::Run
0x00007ff4d588692c	(chrome -callback.h:397 )	base::debug::TaskAnnotator::RunTask
0x00007ff4d5874f5a	(chrome -message_loop.cc:478 )	base::MessageLoop::DoWork
0x00007ff4d586d2f2	(chrome -message_pump_libevent.cc:217 )	base::MessagePumpLibevent::Run
0x00007ff4d60e9337	(chrome -run_loop.cc:35 )	base::RunLoop::Run
0x00007ff4d97caa44	(chrome -chrome_browser_main.cc:1903 )	ChromeBrowserMainParts::MainMessageLoopRun
0x00007ff4d84bd5fa	(chrome -browser_main_loop.cc:972 )	content::BrowserMainLoop::RunMainMessageLoopParts
0x00007ff4d82f9a84	(chrome -browser_main_runner.cc:154 )	content::BrowserMainRunnerImpl::Run
0x00007ff4d82f9962	(chrome -browser_main.cc:46 )	content::BrowserMain
0x00007ff4d6096c20	(chrome -content_main_runner.cc:787 )	content::ContentMainRunnerImpl::Run
0x00007ff4d60957ba	(chrome -content_main.cc:20 )	content::ContentMain
0x00007ff4d5d24e3e	(chrome -chrome_main.cc:84 )	ChromeMain
0x00007ff4d31fefb5	(libc-2.19.so -libc-start.c:292 )	__libc_start_main
0x00007ff4d5d24ca3	(chrome + 0x0114dca3 )	_start
Project Member

Comment 2 by sheriffbot@chromium.org, Jul 7 2016

Labels: -M-53 M-54 MovedFrom-53
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by sc00335...@techmahindra.com, Aug 16 2016

Components: UI>Shell>OverviewMode
Owner: varkha@chromium.org
Status: Assigned (was: Untriaged)
Issue is still seen in 54.0.2826.0/8710.0.0 (Official Build) dev-channel daisy.

@varkha: Please confirm the issue.

Comment 4 by varkha@chromium.org, Aug 24 2016 

Yes, I can reproduce this on ToT. Somehow having a window minimized is important here.

Comment 5 by varkha@chromium.org, Aug 24 2016

Status: Started (was: Assigned)
This actually happens when clicking anywhere in or outside the context menu after it is opened. I have a draft CL that fixes that at https://codereview.chromium.org/2276853002.
Project Member

Comment 6 by bugdroid1@chromium.org, Aug 24 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/37b21c76cd431944d40c03a589798c09e1919dbd

commit 37b21c76cd431944d40c03a589798c09e1919dbd
Author: varkha <varkha@chromium.org>
Date: Wed Aug 24 18:51:01 2016

[ash-md] Does not cancel overview when focus shifts from text fitler

This fixes a crash when transferring focus from text filter to a context
menu causes overview mode to close which then causes focus to be
attempted to be set on a window that no longer exists (text filter).

BUG= 616407 
TEST=WindowSelectorTest.ShowTextFilterMenu

Review-Url: https://codereview.chromium.org/2276853002
Cr-Commit-Position: refs/heads/master@{#414115}

[modify] https://crrev.com/37b21c76cd431944d40c03a589798c09e1919dbd/ash/common/wm/overview/window_selector.cc
[modify] https://crrev.com/37b21c76cd431944d40c03a589798c09e1919dbd/ash/common/wm/overview/window_selector.h
[modify] https://crrev.com/37b21c76cd431944d40c03a589798c09e1919dbd/ash/wm/overview/window_selector_unittest.cc

Comment 7 by varkha@chromium.org, Aug 24 2016

Status: Fixed (was: Started)

Comment 8 by pbath...@chromium.org, Sep 28 2016

Status: Verified (was: Fixed)
verified on 54.0.2840.42

Sign in to add a comment