Issue metadata
Sign in to add a comment
|
MacViews: IME Memory leak on Sierra. |
||||||||||||||||||||||||
Issue description
Version: 56.0.2919.0
OS: Mac
What steps will reproduce the problem?
(1) Build Chrome with asan and chrome://flags/#mac-views-native-dialogs.
(2) Go to a Views textfield.
(3) Switch to Pinyin Simplified IME and type some text.
What is the expected result?
The entered text appears as a composition.
What happens instead?
Browser crashes.
Console message:
==83368==WARNING: AddressSanitizer failed to allocate 0xfffffffffffffffe bytes
==83368==AddressSanitizer's allocator is terminating the process instead of returning 0
==83368==If you don't like this behavior set allocator_may_return_null=1
==83368==AddressSanitizer CHECK failed: /b/build/slave/mac_upload_clang/build/src/third_party/llvm/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:220 "((0)) != (0)" (0x0, 0x0)
#0 0x10049063f (libclang_rt.asan_osx_dynamic.dylib+0x5d63f)
#1 0x1004a43bf in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (libclang_rt.asan_osx_dynamic.dylib+0x713bf)
This bug is similar to issue 654695 which affects the Web contents area.
,
Nov 17 2016
,
Nov 17 2016
Hi Erik. While the root cause is the same, don't think this is a dupe. This deals with the NSTextInputClient implementation for the BridgedContentView (specific to MacViews). Marking as not-a-dupe, to help in tracking.
,
Nov 18 2016
This particular crash is a macOS Sierra bug: https://bugs.chromium.org/p/chromium/issues/detail?id=654695#c45
,
Nov 18 2016
Yeah, I had seen issue 654695 . Was trying to figure out whether the crash on MacViews was due to not being spec compliant with the NSTextInputClient documentation or was it solely a Sierra bug. Since it seems it's the latter, merging again. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by karandeepb@chromium.org
, Nov 17 2016lldb backtrace: * thread #1: tid = 0x1fff44, 0x00007fffbfe83dda libsystem_kernel.dylib`__pthread_kill + 10, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = signal SIGABRT * frame #0: 0x00007fffbfe83dda libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x00007fffbff6f787 libsystem_pthread.dylib`pthread_kill + 90 frame #2: 0x00007fffbfde9420 libsystem_c.dylib`abort + 129 frame #3: 0x00000001001048a1 libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol977$$libclang_rt.asan_osx_dynamic.dylib + 65 frame #4: 0x0000000100100355 libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol906$$libclang_rt.asan_osx_dynamic.dylib + 117 frame #5: 0x00000001000ec70e libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol490$$libclang_rt.asan_osx_dynamic.dylib + 302 frame #6: 0x00000001001003c0 libclang_rt.asan_osx_dynamic.dylib`__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) + 80 frame #7: 0x00000001000f01d0 libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol568$$libclang_rt.asan_osx_dynamic.dylib + 80 frame #8: 0x0000000100091afa libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol34$$libclang_rt.asan_osx_dynamic.dylib + 522 frame #9: 0x00000001000e4741 libclang_rt.asan_osx_dynamic.dylib`___lldb_unnamed_symbol430$$libclang_rt.asan_osx_dynamic.dylib + 385 frame #10: 0x00007fffaa3e6812 HIToolbox`-[IMKInputSession _coreAttributesFromRange:whichAttributes:completionHandler:] + 61 frame #11: 0x00007fffaa3e8890 HIToolbox`-[IMKInputSession attributedSubstringFromRange:completionHandler:] + 186 frame #12: 0x00007fffaa3d908b HIToolbox`__61-[IMKInputSession imkxpc_attributedSubstringFromRange:reply:]_block_invoke + 530 frame #13: 0x00007fffaac0830c CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12 frame #14: 0x00007fffaabe9634 CoreFoundation`__CFRunLoopDoBlocks + 356 frame #15: 0x00007fffaabe9176 CoreFoundation`__CFRunLoopRun + 1894 frame #16: 0x00007fffaabe87b4 CoreFoundation`CFRunLoopRunSpecific + 420 frame #17: 0x00007fffaa3c031e HIToolbox`-[IMKInputSessionXPCInvocation invocationAwaitXPCReply] + 606 frame #18: 0x00007fffaa3c784a HIToolbox`__49-[IMKInputSession handleEvent:completionHandler:]_block_invoke_2.479 + 1720 frame #19: 0x00007fffaa3c6c68 HIToolbox`__49-[IMKInputSession handleEvent:completionHandler:]_block_invoke_2.438 + 566 frame #20: 0x00007fffaa3aaff4 HIToolbox`-[IMKClient switchedInputMode:completionHandler:] + 405 frame #21: 0x00007fffaa3c5b12 HIToolbox`-[IMKInputSession tryHandleEventSwitchedInputMode:eventWasHandled:continuationHandler:] + 122 frame #22: 0x00007fffaa3c6a0c HIToolbox`__49-[IMKInputSession handleEvent:completionHandler:]_block_invoke.437 + 170 frame #23: 0x00007fffaa3c684b HIToolbox`__49-[IMKInputSession handleEvent:completionHandler:]_block_invoke + 261 frame #24: 0x00007fffaa3d2a1f HIToolbox`-[IMKInputSession _eventIsOn:completionHandler:] + 1838 frame #25: 0x00007fffaa3c60c1 HIToolbox`-[IMKInputSession handleEvent:completionHandler:] + 890 frame #26: 0x00007fffaa376bec HIToolbox`IMKInputSessionProcessEventRefWithCompletionHandler + 120 frame #27: 0x00007fffaa375f9e HIToolbox`InputMethodInstanceProcessEventRef_WithCompletionHandler + 129 frame #28: 0x00007fffaa364152 HIToolbox`__TSMEventToInputMethod_WithCompletionHandler_block_invoke + 124 frame #29: 0x00007fffaa367fd8 HIToolbox`__SendTSMDocumentLockEvent_WithCompletionHandler_block_invoke + 95 frame #30: 0x00007fffaa1b61b2 HIToolbox`___ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec_block_invoke + 108 frame #31: 0x00007fffa8a04b95 AppKit`-[NSTextInputContext handleTSMEvent:completionHandler:] + 3298 frame #32: 0x00007fffa8a03e45 AppKit`_NSTSMEventHandler + 319 frame #33: 0x00007fffaa15d125 HIToolbox`DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1708 frame #34: 0x00007fffaa15c396 HIToolbox`SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 428 frame #35: 0x00007fffaa15c1df HIToolbox`SendEventToEventTargetWithOptions + 43 frame #36: 0x00007fffaa1b31a6 HIToolbox`SendTSMEvent_WithCompletionHandler + 408 frame #37: 0x00007fffaa364089 HIToolbox`TrySendLockEvent_BeforeEventToInputMethod_WithContinuationHandler + 351 frame #38: 0x00007fffaa363ec6 HIToolbox`TSMEventToInputMethod_WithCompletionHandler + 148 frame #39: 0x00007fffaa363e12 HIToolbox`TSMEventToKeyboardInputMethod_WithCompletionHandler + 127 frame #40: 0x00007fffaa1b2694 HIToolbox`TSMKeyEvent_WithCompletionHandler + 584 frame #41: 0x00007fffaa1b2413 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_4 + 251 frame #42: 0x00007fffaa1b2240 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_3 + 281 frame #43: 0x00007fffaa1b1f56 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_2 + 308 frame #44: 0x00007fffaa1b1c8d HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke + 300 frame #45: 0x00007fffaa1b11fd HIToolbox`TSMProcessRawKeyEventWithOptionsAndCompletionHandler + 3604 frame #46: 0x00007fffa91abc6f AppKit`__84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.903 + 116 frame #47: 0x00007fffa91aafd1 AppKit`__204-[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:]_block_invoke.835 + 121 frame #48: 0x00007fffa91aae3b AppKit`-[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:] + 285 frame #49: 0x00007fffa91ab6bc AppKit`-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:] + 1348 frame #50: 0x00007fffa91aacaa AppKit`-[NSTextInputContext _handleEvent:allowingSyntheticEvent:] + 114 frame #51: 0x00007fffa8a02850 AppKit`-[NSView interpretKeyEvents:] + 232 frame #52: 0x000000011c143057 libviews.dylib`::-[BridgedContentView keyDown:]() + 327 at bridged_content_view.mm:767 [opt] frame #53: 0x00007fffa90e3770 AppKit`-[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 4086 frame #54: 0x00007fffa90e23ae AppKit`-[NSWindow(NSEventRouting) sendEvent:] + 541 frame #55: 0x000000011c15e104 libviews.dylib`::-[NativeWidgetMacNSWindow sendEvent:]() + 820 at native_widget_mac_nswindow.mm:139 [opt] frame #56: 0x00007fffa8f832f4 AppKit`-[NSApplication(NSEvent) sendEvent:] + 4768 frame #57: 0x0000000104279c1c libchrome_dll.dylib`::__34-[BrowserCrApplication sendEvent:]_block_invoke() + 572 at chrome_browser_application_mac.mm:370 [opt] frame #58: 0x000000010f779eba libbase.dylib`base::mac::CallWithEHFrame(void () block_pointer) + 10 frame #59: 0x000000010427991b libchrome_dll.dylib`::-[BrowserCrApplication sendEvent:]() + 395 at chrome_browser_application_mac.mm:354 [opt] frame #60: 0x00007fffa8863589 AppKit`-[NSApplication run] + 1002 frame #61: 0x000000010f7afc2e libbase.dylib`::DoRun() + 1022 at message_pump_mac.mm:637 [opt] frame #62: 0x000000010f7ad5c5 libbase.dylib`::Run() + 389 at message_pump_mac.mm:210 [opt] frame #63: 0x000000010f7a1caf libbase.dylib`::RunHandler() + 399 at message_loop.cc:378 [opt] frame #64: 0x000000010f81fed7 libbase.dylib`::Run() + 519 at run_loop.cc:35 [opt] frame #65: 0x0000000104288cb3 libchrome_dll.dylib`::MainMessageLoopRun() + 643 at chrome_browser_main.cc:2010 [opt] frame #66: 0x00000001142fcc56 libcontent.dylib`::RunMainMessageLoopParts() + 310 at browser_main_loop.cc:977 [opt] frame #67: 0x00000001143056f2 libcontent.dylib`::Run() + 50 at browser_main_runner.cc:141 [opt] frame #68: 0x00000001142f107b libcontent.dylib`::BrowserMain() + 427 at browser_main.cc:46 [opt] frame #69: 0x000000011584d56f libcontent.dylib`::Run() + 1279 at content_main_runner.cc:774 [opt] frame #70: 0x000000011584b0ae libcontent.dylib`::ContentMain() + 142 at content_main.cc:20 [opt] frame #71: 0x00000001034b5722 libchrome_dll.dylib`::ChromeMain() + 338 at chrome_main.cc:97 [opt] frame #72: 0x0000000100001ca2 Chromium`main + 1010 at chrome_exe_main_mac.c:85 [opt] frame #73: 0x00007fffbfd55255 libdyld.dylib`start + 1