New issue
Advanced search Search tips

Issue 664679 link

Starred by 3 users
Status: Fixed
Owner:
ekaramad@chromium.org
Closed: Dec 2016
Cc:
ekaramad@chromium.org
erikc...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

DCHECK in IME on Mac

Project Member Reported by erikc...@chromium.org, Nov 12 2016 
Note that this is unrelated to my recent IME changes, as it still occurs when I revert my CL: https://bugs.chromium.org/p/chromium/issues/detail?id=664554#c5

"""
[24366:1295:1111/134707:FATAL:PlainTextRange.cpp(49)] Check failed: start >= 0 (-1 vs. 0)
0   libbase.dylib                       0x000000010f46fdae _ZN4base5debug10StackTraceC2Ev + 30
1   libbase.dylib                       0x000000010f46fe15 _ZN4base5debug10StackTraceC1Ev + 21
2   libbase.dylib                       0x000000010f508d70 _ZN7logging10LogMessageD2Ev + 80
3   libbase.dylib                       0x000000010f506925 _ZN7logging10LogMessageD1Ev + 21
4   libblink_core.dylib                 0x0000000122d2f3e9 _ZN5blink14PlainTextRangeC2Eii + 217
5   libblink_core.dylib                 0x0000000122d2f551 _ZN5blink14PlainTextRangeC1Eii + 33
6   libblink_web.dylib                  0x000000012151987b _ZNK5blink17WebLocalFrameImpl26firstRectForCharacterRangeEjjRNS_7WebRectE + 235
7   libcontent.dylib                    0x0000000116340eb9 _ZN7content23TextInputClientObserver28OnFirstRectForCharacterRangeEN3gfx5RangeE + 217
8   libcontent.dylib                    0x0000000116341f53 _ZN4base20DispatchToMethodImplIPN7content23TextInputClientObserverEMS2_FvN3gfx5RangeEERKNSt3__15tupleIJS5_EEEJLm0EEEEvRKT_T0_OT1_NS_13IndexSequenceIJXspT2_EEEE + 179
9   libcontent.dylib                    0x0000000116341e90 _ZN4base16DispatchToMethodIPN7content23TextInputClientObserverEMS2_FvN3gfx5RangeEERKNSt3__15tupleIJS5_EEEEEvRKT_T0_OT1_ + 96
10  libcontent.dylib                    0x0000000116341e0d _ZN3IPC16DispatchToMethodIN7content23TextInputClientObserverEMS2_FvN3gfx5RangeEEvNSt3__15tupleIJS4_EEEEEvPT_T0_PT1_RKT2_ + 109
11  libcontent.dylib                    0x0000000116340d72 _ZN3IPC8MessageTI50TextInputClientMsg_FirstRectForCharacterRange_MetaNSt3__15tupleIJN3gfx5RangeEEEEvE8DispatchIN7content23TextInputClientObserverESA_vMSA_FvS5_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ + 482
12  libcontent.dylib                    0x00000001163401b9 _ZN7content23TextInputClientObserver17OnMessageReceivedERKN3IPC7MessageE + 697
13  libcontent.dylib                    0x0000000116282609 _ZN7content12RenderWidget17OnMessageReceivedERKN3IPC7MessageE + 153
14  libcontent.dylib                    0x00000001162583aa _ZN7content14RenderViewImpl17OnMessageReceivedERKN3IPC7MessageE + 10458
15  libipc.dylib                        0x00000001135e371b _ZN3IPC13MessageRouter12RouteMessageERKNS_7MessageE + 91
16  libcontent.dylib                    0x00000001137a58a8 _ZN7content15ChildThreadImpl24ChildThreadMessageRouter12RouteMessageERKN3IPC7MessageE + 40
17  libipc.dylib                        0x00000001135e369e _ZN3IPC13MessageRouter17OnMessageReceivedERKNS_7MessageE + 94
18  libcontent.dylib                    0x00000001137b2e96 _ZN7content15ChildThreadImpl17OnMessageReceivedERKN3IPC7MessageE + 20
"""

Repro steps:
1) compile with DCHECKs
2) in a text field, with chinese (simplified pinyin) IME, type:  q 1 q

The first "q 1" inserts a chinese character. The second q will hit the DCHECK.

Comment 1 by ekaramad@chromium.org, Nov 14 2016

Status: Started (was: Assigned)
Thanks! I will take a look today.

Comment 2 by ekaramad@chromium.org, Nov 14 2016 

I dug into this and found that RWHVCocoa::firstRectForCharacterRange is called with NSNotFound range (invalid range value) which later causes this crash. I wonder if it is a duplicate of issue 580808 and  issue 86460 .

erikchen@ should we mark this as duplicate? Specifically, please take a look at comment 7 of  issue 84460 . I sounds similar to the issue you had with macOS Sierra crash.

Comment 3 by erikc...@chromium.org, Nov 14 2016 

firstRectForCharacterRange needs to support invalid range [equivalent to 0-length]. 
https://developer.apple.com/reference/appkit/nstextinputclient/1438240-firstrectforcharacterrange?language=objc
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/98dc75fb675ed90a69f1cb29d724bab7aa9650ef

commit 98dc75fb675ed90a69f1cb29d724bab7aa9650ef
Author: ekaramad <ekaramad@chromium.org>
Date: Thu Dec 01 20:14:00 2016

Handling firstRectForCharacterRange when range argument has invalid range (Mac)

When the value of requested range is invalid, the TextInputClientObserver will return
the rect corresponding to the current cursor position instead.

BUG= 664679 

Review-Url: https://codereview.chromium.org/2537363002
Cr-Commit-Position: refs/heads/master@{#435691}

[modify] https://crrev.com/98dc75fb675ed90a69f1cb29d724bab7aa9650ef/content/renderer/text_input_client_observer.cc

Comment 5 by ekaramad@chromium.org, Dec 1 2016

Status: Fixed (was: Started)
Marking as fixed since the DCHECK is no longer firing following the repro steps.

Comment 6 by ekaramad@chromium.org, Feb 27 2017

Cc: ekaramad@chromium.org
 Issue 696492  has been merged into this issue.

Sign in to add a comment