New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 625050 link

Starred by 3 users
Status: Fixed
Owner:
tkent@chromium.org
Closed: Jul 2016
Cc:
durga.behera@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 0
Type: Bug-Regression



Sign in to add a comment

Possible crash after r403093

Project Member Reported by tkent@chromium.org, Jul 1 2016 
The code in https://chromium.googlesource.com/chromium/src/+/ef9c38f033c0f5b11defe2210d2d00737c41b76e

+                    index = m_listItems.find(&subject);
+                    DCHECK_NE(index, WTF::kNotFound);
+                }
+                m_listItems.remove(index);

This might cause release crash in mlistItems.remove().
Project Member

Comment 1 by bugdroid1@chromium.org, Jul 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/760c56deb503e184f25a77782e743b6d46732cb6

commit 760c56deb503e184f25a77782e743b6d46732cb6
Author: tkent <tkent@chromium.org>
Date: Fri Jul 01 06:28:36 2016

Update a comment and fix a possible crash in HTMLSelectElement::setRecalcListItems.

This is a follow-up of crrev.com/403093.

- Replace a TODO comment with an explanation, and add a test to reproduce the
  scenario.

- Fix a possible crash by m_listItems.remove(WTF::kNotFound) just in case.
  We don't find a reproduction.

BUG= 625050 

Review-Url: https://codereview.chromium.org/2103663006
Cr-Commit-Position: refs/heads/master@{#403416}

[modify] https://crrev.com/760c56deb503e184f25a77782e743b6d46732cb6/third_party/WebKit/Source/core/html/HTMLSelectElement.cpp
[modify] https://crrev.com/760c56deb503e184f25a77782e743b6d46732cb6/third_party/WebKit/Source/core/html/HTMLSelectElementTest.cpp

Comment 2 by tkent@chromium.org, Jul 1 2016

Status: Fixed (was: Started)

Comment 3 by tkent@chromium.org, Jul 1 2016

Labels: -Type-Bug -Pri-3 Merge-Request-53 Stability-Crash ReleaseBlock-Dev Pri-0 Type-Bug-Regression

Comment 4 by dimu@google.com, Jul 1 2016

Labels: -Merge-Request-53 Merge-Approved-53 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M53 (branch: 2785)
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 1 2016

Labels: -merge-approved-53 merge-merged-2785
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3fe2c3902b205e99caff0e774a1b4d19c019276d

commit 3fe2c3902b205e99caff0e774a1b4d19c019276d
Author: Kent Tamura <tkent@chromium.org>
Date: Fri Jul 01 22:30:55 2016

Merge "Update a comment and fix a possible crash in HTMLSelectElement::setRecalcListItems." to M53.

This is a follow-up of crrev.com/403093.

- Replace a TODO comment with an explanation, and add a test to reproduce the
  scenario.

- Fix a possible crash by m_listItems.remove(WTF::kNotFound) just in case.
  We don't find a reproduction.

BUG= 625050 ,625091

Review-Url: https://codereview.chromium.org/2103663006
Cr-Commit-Position: refs/heads/master@{#403416}
(cherry picked from commit 760c56deb503e184f25a77782e743b6d46732cb6)

Review URL: https://codereview.chromium.org/2118973003 .

Cr-Commit-Position: refs/branch-heads/2785@{#3}
Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382}

[modify] https://crrev.com/3fe2c3902b205e99caff0e774a1b4d19c019276d/third_party/WebKit/Source/core/html/HTMLSelectElement.cpp
[modify] https://crrev.com/3fe2c3902b205e99caff0e774a1b4d19c019276d/third_party/WebKit/Source/core/html/HTMLSelectElementTest.cpp

Comment 6 by tkent@chromium.org, Jul 3 2016 

Issue 625091 has been merged into this issue.

Comment 7 by durga.behera@chromium.org, Jul 7 2016

Cc: durga.behera@chromium.org
Labels: Needs-Feedback
Tested the issue on Win 7,Mac 10.11.5 and Ubuntu 14.04 using 53.0.2785.8 referring to the comment www. crbug.com/623891#c2 , and https://output.jsbin.com/fojaza.
The page shows unresponsive message while tried to delete 500000 and after clicked once or twice on "wait" option it deletes the options.If clicked on "Kill" the Aw,Snap! page is seen.

tkent@: Could you please review the attached screen shot and update if its fine.
625050_July_7.png
64.4 KB View Download

Comment 8 by tkent@chromium.org, Jul 7 2016 

#7, it's unrelated to this bug, and it's an expected behavior.

Comment 9 by durga.behera@chromium.org, Jul 8 2016

Labels: -Needs-Feedback TE-Verified-53.0.2785.8 TE-Verified-53
Thanks for the update, Adding the respective TE-Verified labels for the same.

Sign in to add a comment