New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 669219 link

Starred by 1 user

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Investigate/Avoid sending IPCs which need WebFrameWidget when RenderViewImpl is swapped out.

Project Member Reported by ekaramad@chromium.org, Nov 28 2016

Issue description

This is currently happening for some IME IPCs which caused crashes in Mac (Issue 668106).

 
Marked it as All platforms since it is at least synthetically possible to trigger the issue by continuously pumping IPCs during navigation.
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 5 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9f554a235d98d212b0612cc8188c13de2884fed9

commit 9f554a235d98d212b0612cc8188c13de2884fed9
Author: ekaramad <ekaramad@chromium.org>
Date: Sun Feb 05 04:33:57 2017

Adding tests for two recent regressions due to RenderViewImpl's Swapped Out State

Due to RenderViewImpl::GetWebWidget() returning a WebViewImpl in a swapped out state, a few
regressions were caused where an incoming IPC (which should not have been sent by the browser
in the first place) where handled incorrectly by the renderer and lead to renderer crashes.

This CL will add a test to verify such IPCs do not lead to a crash. This test should be removed
later one when we make sure such IPCs will never be sent by the browser in the given state (perhaps
then the test should move to the browser side and verify we do not send those IPCs).

Some of the IPCs involved relate to IME and TextInputClientMac.

BUG=664890, 668106, 669219,  680438 ,683098

Review-Url: https://codereview.chromium.org/2656433002
Cr-Commit-Position: refs/heads/master@{#448175}

[modify] https://crrev.com/9f554a235d98d212b0612cc8188c13de2884fed9/content/renderer/render_view_browsertest_mac.mm

Project Member

Comment 3 by bugdroid1@chromium.org, Jan 12 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/655d7b8a62f2df682df01e868ae0bf313a20eb4a

commit 655d7b8a62f2df682df01e868ae0bf313a20eb4a
Author: Ehsan Karamad <ekaramad@chromium.org>
Date: Fri Jan 12 18:38:38 2018

Add RenderWidget::GetFrameWidget() to Consolidate all Casts to WebFrameWidget

Currently we cast WebWidget to WebFrameWidget in several places inside
render_widget.cc. This is not a good sign as we should not be sending
any IPCs which are intended for a WebFrameWidget, to a RenderWidget
which does not have a WebFrameWidget. One (the?) example is presented
in this document:
https://docs.google.com/a/chromium.org/document/d/10g-NjlALvgZbPL0sdGAaU9CxlOiJMRybvfonJDGdSLI/edit?usp=sharing

This CL replaces all such casts with a newly added method to clean up
the code in render_widget.cc (a little bit) and make it easier to track
the use cases of such cast.

Furtermore, the stale method RenderView::GetWebFrameWidget() and its
unused override in RenderViewImpl are removed.

Bug: 669219
Change-Id: I940f44aeb5af65f4b8cac9bf4fa593d52319d5c9
Reviewed-on: https://chromium-review.googlesource.com/786297
Commit-Queue: Ehsan Karamad <ekaramad@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#529002}
[modify] https://crrev.com/655d7b8a62f2df682df01e868ae0bf313a20eb4a/content/renderer/render_widget.cc
[modify] https://crrev.com/655d7b8a62f2df682df01e868ae0bf313a20eb4a/content/renderer/render_widget.h

Project Member

Comment 4 by bugdroid1@chromium.org, Jan 20 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f3ca2a8e7088069ffaad754c806fb7466dece61b

commit f3ca2a8e7088069ffaad754c806fb7466dece61b
Author: Ehsan Karamad <ekaramad@chromium.org>
Date: Sat Jan 20 01:05:25 2018

[refactor] - More cases of casts to WebFrameWidget replaced by GetFrameWidget()

This conitnues the refactor in
https://chromium-review.googlesource.com/q/I940f44aeb5af65f4b8cac9bf4fa593d52319d5c9.

Bug: 669219
Change-Id: I4a828d1534cce44d2d60eb5069e9aee9b0f5b89f
Reviewed-on: https://chromium-review.googlesource.com/876482
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Ehsan Karamad <ekaramad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#530705}
[modify] https://crrev.com/f3ca2a8e7088069ffaad754c806fb7466dece61b/content/renderer/render_widget.cc

Project Member

Comment 5 by sheriffbot@chromium.org, Jan 21 (2 days ago)

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment