Chrome crashes when gesture happens outside of the keyboard. |
||||||||||
Issue descriptionChrome Version: 58.0.3006.0 (Official Build) OS: 9202.18.0 (Official Build) dev-channel lulu test What steps will reproduce the problem? (1) Enable virtual keyboard. (2) Go to google.com and select the input form, and open the US keyboard, which supports gesture typing. (3) Swipe on the left side area of the virtual keyboard which doesn't have keys for several times. See the attached video. What is the expected result? Nothing happens. What happens instead? Chrome crashes. This also happens on Link.
,
Feb 15 2017
Log contains [ERROR]native : gesture_decoder_thread.cc:240 Gesture Decoder was not created. It's inside google3/i18n/input/engine/nacl/gesture_decoder_thread.cc. http://google3/i18n/input/engine/nacl/gesture_decoder_thread.cc?l=240&rcl=138371451 .
,
Feb 15 2017
,
Feb 15 2017
+wuyingbing@ Do you have any insight about this crash bug?
,
Feb 15 2017
Only gesture causes the crash. Moving mouse cursor holding the left button doesn't.
,
Feb 15 2017
Debug build's crash report: [6726:6726:0215/153330.678272:FATAL:app_current_window_internal_api.cc(202)] Check failed: params.get(). #0 0x7fb8b5e25657 base::debug::StackTrace::StackTrace() #1 0x7fb8b5e237bb base::debug::StackTrace::StackTrace() #2 0x7fb8b5e678cd logging::LogMessage::~LogMessage() #3 0x7fb8b39d4955 extensions::AppCurrentWindowInternalSetBoundsFunction::Run() #4 0x7fb8b38b3499 ExtensionFunction::RunWithValidation() #5 0x7fb8b38b72e0 extensions::ExtensionFunctionDispatcher::DispatchWithCallbackInternal() #6 0x7fb8b38b68fb extensions::ExtensionFunctionDispatcher::Dispatch() #7 0x7fb8b3921c03 extensions::ExtensionWebContentsObserver::OnRequest() #8 0x7fb8b1e91a3f _ZN3IPC20DispatchToMethodImplIN7content28RenderFrameDevToolsAgentHostEMS2_FvPNS1_15RenderFrameHostERK20DevToolsMessageChunkES3_St5tupleIJS5_EEJLm0EEEEvPT_T0_PT1_RKT2_N4base13IndexSequenceIJXsp T3_EEEE #9 0x7fb8b1e8f8fe _ZN3IPC16DispatchToMethodIN7content28RenderFrameDevToolsAgentHostENS1_15RenderFrameHostEJRK20DevToolsMessageChunkEJS4_EEENSt9enable_ifIXeqstDpT1_stDpT2_EvE4typeEPT_MSE_FvPT0_S9_ESH_RKSt5tupleI JSB_EE #10 0x7fb8b3921eca _ZN3IPC8MessageTI29ExtensionHostMsg_Request_MetaSt5tupleIJ31ExtensionHostMsg_Request_ParamsEEvE8DispatchIN10extensions28ExtensionWebContentsObserverES8_N7content15RenderFrameHostEMS8_FvPSA_RK S3_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #11 0x7fb8b39215f6 extensions::ExtensionWebContentsObserver::OnMessageReceived() #12 0x7fb8b9b51adb extensions::ChromeExtensionWebContentsObserver::OnMessageReceived() #13 0x7fb8b283d445 content::WebContentsImpl::OnMessageReceived() #14 0x7fb8b201dee7 content::RenderFrameHostImpl::OnMessageReceived() #15 0x7fb8b2528845 content::RenderProcessHostImpl::OnMessageReceived() #16 0x7fb8b6c1a4aa IPC::ChannelProxy::Context::OnDispatchMessage() #17 0x7fb8b6c2134a _ZN4base8internal13FunctorTraitsIMN3IPC12ChannelProxy7ContextEFvRKNS2_7MessageEEvE6InvokeIRK13scoped_refptrIS4_EJS7_EEEvS9_OT_DpOT0_ #18 0x7fb8b6c20ccb _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12ChannelProxy7ContextEFvRKNS4_7MessageEEJRK13scoped_refptrIS6_ES9_EEEvOT_DpOT0_ #19 0x7fb8b6c1f02b _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE7RunImplIRKSA_RKSt5tupleIJSC_S6_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenc eIJXspT1_EEEE #20 0x7fb8b6c1e070 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #21 0x7fb8b1edfc94 _ZNO4base8internal8RunMixinINS_8CallbackIFvvELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEE3RunEv #22 0x7fb8b602361d base::debug::TaskAnnotator::RunTask() #23 0x7fb8b5e86ec6 base::MessageLoop::RunTask() #24 0x7fb8b5e87022 base::MessageLoop::DeferOrRunPendingTask() #25 0x7fb8b5e8756b base::MessageLoop::DoWork() #26 0x7fb8b5ea08b2 base::MessagePumpLibevent::Run() #27 0x7fb8b5e86aa2 base::MessageLoop::RunHandler() #28 0x7fb8b5f115c9 base::RunLoop::Run() #29 0x7fb8b5246d8d ChromeBrowserMainParts::MainMessageLoopRun() #30 0x7fb8b1d2e2f4 content::BrowserMainLoop::RunMainMessageLoopParts() #31 0x7fb8b1d38e33 content::BrowserMainRunnerImpl::Run() #32 0x7fb8b1d2a068 content::BrowserMain() #33 0x7fb8b5122d1f content::RunNamedProcessTypeMain() #34 0x7fb8b5123f7a content::ContentMainRunnerImpl::Run() #35 0x7fb8b512202e content::ContentMain() #36 0x7fb8b0b479d4 ChromeMain #37 0x7fb8b0b478a0 main #38 0x7fb8ae4b3796 __libc_start_main #39 0x7fb8b0b47739 _start
,
Feb 16 2017
Crash report on samus: https://crash.corp.google.com/browse?q=reportid=%2744c9b0d840000000%27
,
Feb 16 2017
This happens even if all gesture events are consumed in PrehandleGestureEvent.
,
Feb 16 2017
It seems crash happens when the gesture preview window, which is another window from the virtual keyboard extension itself, receives a resize event. It explains why this issue only happens on US keyboard; other keyboards doesn't show the gesture preview window.
,
Feb 20 2017
Actually, crash happens when setBounds is called with {left:-0, ...} for the gesture suggestion window.
,
Feb 20 2017
,
Mar 22 2017
This issue should have been fixed with the fix of 694248
,
Apr 24 2017
My personal Kevin (M57 stable) crashed a few times at extensions::AppCurrentWindowInternalSetBoundsFunction::Run() while using the virtual keyboard. https://crash.corp.google.com/browse?stbtiq=d9d8c43640000000 is one of the reports. Is this the same issue?
,
Apr 27 2017
I think so. Pleasee refer to 694248. Crash happens on the said method if -0 is given.
,
May 12 2017
Verified in Chrome OS 9544.0.0, 60.0.3096.0. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by oka@chromium.org
, Feb 15 2017