Issue metadata
Sign in to add a comment
|
App crashes dismissing the voice search and closing the incognito tab |
||||||||||||||||||||||
Issue descriptionApp Version: 57.0.2977.0 Canary iOS Version: 9.3.5, iOS 10 Device: iPhone 6+,6s+,7+ Steps to reproduce: 1. Launch chrome 2. Tap on Menu > New Incognito tab. 3. Perform GLIF voice search and navigate to Youtube.com. 4. Tap on any video. 5. Change the device orientation to landscape mode. 6. Wait for few seconds to video to be played. 7. Tap on tab switcher > tap on menu > tap on New incognito tab. 8. Tap on tab switcher > Quickly close all the tabs by swiping upwards. Observed results: App crashes. Expected results: App should not crash Number of times you were able to reproduce: 3/5 Bug reproducible after clean install: Yes Bug reproducible after clearing cache and cookies: Yes Bug reproducible on Chrome Mobile on Android: NA Bug reproducible on Dolphin/Safari/Firefox: NA Bug reproducible on current stable build (App Version, iOS Version): No in M55.0.2883.79 Bug reproducible on the current beta channel build (App Version, iOS Version): No in 56.0.2924.57 dev Link to Video : https://drive.google.com/a/google.com/file/d/0B--UpU2GW2EpTURQOGlZYktGODA/view?usp=sharing Console log : https://crash.corp.google.com/browse?stbtiq=a5064bd080000000 Stack Trace : Thread 0 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000010 ] MAGIC SIGNATURE THREAD Stack Quality81%Show frame trust levels 0x0000000188066f30 (libobjc.A.dylib + 0x0001af30 ) objc_msgSend 0x0000000100397dfc (Chrome -scoped_nsobject.h:75 ) -[BrowserViewController .cxx_destruct] 0x0000000188052f0c (libobjc.A.dylib + 0x00006f0c ) object_cxxDestructFromClass(objc_object*, objc_class*) 0x000000018805f6dc (libobjc.A.dylib + 0x000136dc ) objc_destructInstance 0x000000018805f740 (libobjc.A.dylib + 0x00013740 ) object_dispose 0x000000018f812dd8 (UIKit + 0x003addd8 ) -[UIResponder dealloc] 0x000000018f5f9a00 (UIKit + 0x00194a00 ) -[UIViewController dealloc] 0x0000000100387578 (Chrome -browser_view_controller.mm:956 ) -[BrowserViewController dealloc] 0x000000018806dfdc (libobjc.A.dylib + 0x00021fdc ) (anonymous namespace)::AutoreleasePoolPage::pop(void*) 0x00000001003f51f4 (Chrome -browser_view_wrangler.mm:276 ) -[BrowserViewWrangler deleteIncognitoTabModelState:] 0x00000001000e40d0 (Chrome -main_controller.mm:847 ) -[MainController deleteIncognitoBrowserState] 0x00000001000ea888 (Chrome -bind_internal.h:164 ) void base::internal::FunctorTraits<void (*)(base::mac::ScopedBlock<void () block_pointer>), void>::Invoke<base::mac::ScopedBlock<void () block_pointer> const&>(void (*)(base::mac::ScopedBlock<void () block_pointer>), base::mac::ScopedBlock<void () block_pointer> const&&&) 0x00000001006f362c (Chrome -callback.h:85 ) base::(anonymous namespace)::PostTaskAndReplyRelay::RunReplyAndSelfDestruct() 0x00000001006ae30c (Chrome -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00000001006c36ec (Chrome -message_loop.cc:421 ) base::MessageLoop::RunTask(base::PendingTask*) 0x00000001006c3934 (Chrome -message_loop.cc:430 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x00000001006c3bf4 (Chrome -message_loop.cc:523 ) base::MessageLoop::DoWork() 0x0000000100712fa4 (Chrome -message_pump_mac.mm:302 ) base::MessagePumpCFRunLoopBase::RunWork() 0x00000001007129e4 (Chrome -message_pump_mac.mm:278 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00000001895c8274 (CoreFoundation + 0x000dd274 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00000001895c7bbc (CoreFoundation + 0x000dcbbc ) __CFRunLoopDoSources0 0x00000001895c57bc (CoreFoundation + 0x000da7bc ) __CFRunLoopRun 0x00000001894f4044 (CoreFoundation + 0x00009044 ) CFRunLoopRunSpecific 0x000000018af7a194 (GraphicsServices + 0x0000c194 ) GSEventRunModal 0x000000018f4e02f8 (UIKit + 0x0007b2f8 ) -[UIApplication _run] 0x000000018f4db030 (UIKit + 0x00076030 ) UIApplicationMain 0x00000001000e0e28 (Chrome -chrome_exe_main.mm:66 ) main 0x00000001884d85b4 (libdyld.dylib + 0x000045b4 ) start
,
Jan 10 2017
Updating summary and narrow down steps: This issue reproduces on iPads as well. Steps to reproduce Launch Google Chrome canary Open New incognito tab Tap on GLIF Voice Search Icon Dismiss the Voice Search UI Close the incognito tab. (iPad: simply tap on close, iPhone: Enter stack view and then close tab) App Crashes. Good Version: 57.0.2964.0 #21b0c2f Bad Version: 57.0.2965.0 #8fa5f27 Video: https://drive.google.com/file/d/0B-xmXLQhjeKuWVZhak1yNS1GQTA/view
,
Jan 11 2017
,
Jan 12 2017
Users experienced this crash on the following builds: Ios Dev 57.0.2976.0 - 274.50 CPM, 1 reports, 1 clients (signature -[BrowserViewController .cxx_destruct]) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Jan 18 2017
,
Jan 18 2017
,
Jan 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d297fb597145bbfc86fb1c243091669f09dc6df5 commit d297fb597145bbfc86fb1c243091669f09dc6df5 Author: kkhorimoto <kkhorimoto@chromium.org> Date: Tue Jan 24 18:57:01 2017 Fix memory management of VoiceSearchBarView. The VoiceSearchProvider is written in ARC, so the returned value is autoreleased despite the function having "Created" in the name. This CL correctly retains the returned value to prevent over-releasing the view. BUG= 679719 Review-Url: https://codereview.chromium.org/2644703003 Cr-Commit-Position: refs/heads/master@{#445769} [modify] https://crrev.com/d297fb597145bbfc86fb1c243091669f09dc6df5/ios/public/provider/chrome/browser/voice/voice_search_provider.h [modify] https://crrev.com/d297fb597145bbfc86fb1c243091669f09dc6df5/ios/public/provider/chrome/browser/voice/voice_search_provider.mm
,
Jan 24 2017
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/ios_internal.git/+/8e196493490369651c7b2c95b98e92126feca3a1 commit 8e196493490369651c7b2c95b98e92126feca3a1 Author: kkhorimoto <kkhorimoto@google.com> Date: Tue Jan 24 20:27:32 2017
,
Jan 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268 commit c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268 Author: kkhorimoto <kkhorimoto@chromium.org> Date: Tue Jan 24 21:37:37 2017 Remove VoiceSearchProvider::CreateVoiceSearchBar(). This functionality is now covered by BuildVoiceSearchBar(). BUG= 679719 Review-Url: https://codereview.chromium.org/2642783008 Cr-Commit-Position: refs/heads/master@{#445825} [modify] https://crrev.com/c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268/ios/chrome/browser/ui/browser_view_controller.mm [modify] https://crrev.com/c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268/ios/public/provider/chrome/browser/voice/voice_search_provider.h [modify] https://crrev.com/c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268/ios/public/provider/chrome/browser/voice/voice_search_provider.mm
,
Jan 27 2017
,
Jan 27 2017
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions. Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 30 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 31 2017
Verified the issue on the latest version 58.0.2998.0 canary tested on iPhone7+(iOS 10) and iPad (iOS10). App doesn't crashes with the steps mentioned in Comment#0 and comment#2, works fine
,
Feb 3 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ebb52eebdb931dfab0012eb169a82f4b6064c072 commit ebb52eebdb931dfab0012eb169a82f4b6064c072 Author: Kurt Horimoto <kkhorimoto@chromium.org> Date: Tue Mar 07 05:32:53 2017 Fix memory management of VoiceSearchBarView. The VoiceSearchProvider is written in ARC, so the returned value is autoreleased despite the function having "Created" in the name. This CL correctly retains the returned value to prevent over-releasing the view. BUG= 679719 Review-Url: https://codereview.chromium.org/2644703003 Cr-Commit-Position: refs/heads/master@{#445769} (cherry picked from commit d297fb597145bbfc86fb1c243091669f09dc6df5) Review-Url: https://codereview.chromium.org/2738653002 . Cr-Commit-Position: refs/branch-heads/2987@{#780} Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943} [modify] https://crrev.com/ebb52eebdb931dfab0012eb169a82f4b6064c072/ios/public/provider/chrome/browser/voice/voice_search_provider.h [modify] https://crrev.com/ebb52eebdb931dfab0012eb169a82f4b6064c072/ios/public/provider/chrome/browser/voice/voice_search_provider.mm
,
Mar 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/80fa10e4c879c2e549952b1bbb505c8ee8958356 commit 80fa10e4c879c2e549952b1bbb505c8ee8958356 Author: Kurt Horimoto <kkhorimoto@chromium.org> Date: Tue Mar 07 05:36:39 2017 Remove VoiceSearchProvider::CreateVoiceSearchBar(). This functionality is now covered by BuildVoiceSearchBar(). BUG= 679719 Review-Url: https://codereview.chromium.org/2642783008 Cr-Commit-Position: refs/heads/master@{#445825} (cherry picked from commit c2cdf6f411f8c5e8e7232fbf32b4b1eacea48268) Review-Url: https://codereview.chromium.org/2737563003 . Cr-Commit-Position: refs/branch-heads/2987@{#781} Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943} [modify] https://crrev.com/80fa10e4c879c2e549952b1bbb505c8ee8958356/ios/chrome/browser/ui/browser_view_controller.mm [modify] https://crrev.com/80fa10e4c879c2e549952b1bbb505c8ee8958356/ios/public/provider/chrome/browser/voice/voice_search_provider.h [modify] https://crrev.com/80fa10e4c879c2e549952b1bbb505c8ee8958356/ios/public/provider/chrome/browser/voice/voice_search_provider.mm
,
Mar 7 2017
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/ios_internal.git/+/0bd3318a86393abd79d969ed2c621701663adb4a commit 0bd3318a86393abd79d969ed2c621701663adb4a Author: kkhorimoto <kkhorimoto@google.com> Date: Tue Mar 07 07:36:20 2017
,
Mar 8 2017
verified the issue on the build 57.0.2987.96 dev tested on iPad and iPhone on iOS 10. App doesn't crashes with the steps mentioned in Comment#0 and comment#2, works fine
,
Apr 27 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by linds...@chromium.org
, Jan 10 2017