New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 704456 link

Starred by 3 users
Status: Fixed
Owner:
csashi@google.com
Email to this user bounced
Closed: Mar 2017
Cc:
rsesek@chromium.org
rbasuvula@chromium.org
mac-bugs-priority@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Browser crashes when attempting to delete last autocomplete value

Reported by rich...@refinedwiki.com, Mar 23 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3048.0 Safari/537.36

Steps to reproduce the problem:
1. Use the attached HTML file
2. Submit the form to get an autocomplete value
3. Try to delete said value using Shift+Delete

What is the expected behavior?
Value is deleted

What went wrong?
Browser crashes

Crashed report ID: 33c92ac0-1ded-4d56-9e10-145ff997bacf

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 59.0.3048.0  Channel: canary
OS Version: OS X 10.11.6
Flash Version: Shockwave Flash 25.0 r0
test.html
264 bytes View Download
test.gif
86.0 KB View Download

Comment 1 by meh...@chromium.org, Mar 23 2017

Cc: rsesek@chromium.org
Thanks for the crash report.

Comment 2 by rsesek@chromium.org, Mar 23 2017

Components: UI>Browser>Autofill
Labels: -Pri-2 Pri-1
Status: Untriaged (was: Unconfirmed)
Thanks for the report.



Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000018

VM Regions Near 0x18:
--> 
    __TEXT                 000000010a870000-000000010a871000 [    4K] r-x/rwx SM=COW  /Applications/Google Chrome Canary.app/Contents/MacOS/Google Chrome Canary

Thread 0 Crashed:: CrBrowserMain  Dispatch queue: com.apple.main-thread
0   com.google.Chrome.framework   	0x000000010e75424e autofill::AutofillPopupLayoutModel::GetRowBounds(unsigned long) const + autofill_popup_layout_model.cc:69
1   com.google.Chrome.framework   	0x000000010e93a7ae -[AutofillPopupViewCocoa invalidateRow:] + autofill_popup_view_cocoa.mm:151
2   com.google.Chrome.framework   	0x000000010e93a2f1 autofill::AutofillPopupViewBridge::OnSelectedRowChanged(base::Optional<int>, base::Optional<int>) + autofill_popup_view_bridge.mm:55
3   com.google.Chrome.framework   	0x000000010e752ce4 autofill::AutofillPopupControllerImpl::SetSelectedLine(base::Optional<int>) + optional.h:207
4   com.google.Chrome.framework   	0x000000010e75335d autofill::AutofillPopupControllerImpl::RemoveSuggestion(int) + vector:638
5   com.google.Chrome.framework   	0x000000010b02144b content::RenderWidgetHostImpl::ForwardKeyboardEventWithCommands(content::NativeWebKeyboardEvent const&, std::__1::vector<content::EditCommand, std::__1::allocator<content::EditCommand> > const*) + render_widget_host_impl.cc:2131
6   com.google.Chrome.framework   	0x000000010b030a1b -[RenderWidgetHostViewCocoa keyEvent:wasKeyEquivalent:] + render_widget_host_view_mac.mm:0
7   com.google.Chrome.framework   	0x000000010b030315 -[RenderWidgetHostViewCocoa keyEvent:] + render_widget_host_view_mac.mm:2043
8   com.google.Chrome.framework   	0x000000010cdaad4e -[BaseView keyDown:] + base_view.mm:168
9   com.apple.AppKit              	0x00007fff904c8680 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 4086
10  com.apple.AppKit              	0x00007fff904c72be -[NSWindow(NSEventRouting) sendEvent:] + 541
11  com.google.Chrome.framework   	0x000000010e9774ef -[ChromeEventProcessingWindow sendEvent:] + chrome_event_processing_window.mm:79
12  com.apple.AppKit              	0x00007fff90350a1c -[NSApplication(NSEvent) sendEvent:] + 4768
13  com.google.Chrome.framework   	0x000000010bf1e8cc __34-[BrowserCrApplication sendEvent:]_block_invoke + chrome_browser_application_mac.mm:0
14  com.google.Chrome.framework   	0x000000010c372f2a base::mac::CallWithEHFrame(void () block_pointer) + 
15  com.google.Chrome.framework   	0x000000010bf1e6b5 -[BrowserCrApplication sendEvent:] + chrome_browser_application_mac.mm:0
16  com.apple.AppKit              	0x00007fff8fbcbf81 -[NSApplication run] + 1002
17  com.google.Chrome.framework   	0x000000010c382eee base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + message_pump_mac.mm:772
18  com.google.Chrome.framework   	0x000000010c38250c base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + message_pump_mac.mm:300
19  com.google.Chrome.framework   	0x000000010c3a0b63 base::RunLoop::Run() + run_loop.cc:38
20  com.google.Chrome.framework   	0x000000010bf23c75 ChromeBrowserMainParts::MainMessageLoopRun(int*) + chrome_browser_main.cc:1993
21  com.google.Chrome.framework   	0x000000010ada1c14 content::BrowserMainLoop::RunMainMessageLoopParts() + browser_main_loop.cc:1200
22  com.google.Chrome.framework   	0x000000010ada4ae2 content::BrowserMainRunnerImpl::Run() + memory:2586
23  com.google.Chrome.framework   	0x000000010ad9d7cc content::BrowserMain(content::MainFunctionParams const&) + browser_main.cc:46
24  com.google.Chrome.framework   	0x000000010beda3f0 content::ContentMainRunnerImpl::Run() + content_main_runner.cc:729
25  com.google.Chrome.framework   	0x000000010d66036c service_manager::Main(service_manager::MainParams const&) + main.cc:179
26  com.google.Chrome.framework   	0x000000010bed99d4 content::ContentMain(content::ContentMainParams const&) + content_main.cc:19
27  com.google.Chrome.framework   	0x000000010a8ed0e7 ChromeMain + chrome_main.cc:0
28  com.google.Chrome.canary      	0x000000010a870d9a main + 522
29  libdyld.dylib                 	0x00007fffa76a3255 start + 1

Comment 3 by shrike@chromium.org, Mar 23 2017

Labels: M-59
Owner: csashi@google.com
Status: Assigned (was: Untriaged)
Suspecting https://codereview.chromium.org/2727233003

Uses child views in Autofill Popup so we can trigger
GetAccessibleNodeData in each of the Autofill popup suggestions.

This is a re-merge of https://codereview.chromium.org/2670003002 with the
change to recreate child views when we redraw the popup.

BUG= 627860 ,697466

Comment 4 by csashi@google.com, Mar 23 2017 

I changed:

"""
  if (selected_line_ != kNoSelection &&
      static_cast<size_t>(selected_line_) < suggestions_.size())
    InvalidateRow(selected_line_);
"""

to

"""

  if (selected_line) {
    DCHECK_LT(*selected_line, GetLineCount());
    if (!CanAccept(suggestions_[*selected_line].frontend_id))
      selected_line = base::nullopt;
  }
 
  auto previous_selected_line(selected_line_);
  selected_line_ = selected_line;
  view_->OnSelectedRowChanged(previous_selected_line, selected_line_);

"""

previous_selected_line may be pointing out of bounds of suggestions_ leading to crash.

Comment 6 by csashi@google.com, Mar 28 2017

Status: Fixed (was: Assigned)

Comment 7 by rbasuvula@chromium.org, Apr 4 2017

Cc: rbasuvula@chromium.org
Labels: TE-Verified-M59 TE-Verified-59.0.3061.3
Tested the issue on Mac OS 10.12.3 using chrome latest Dev M59-59.0.3061.3 by following steps mentioned in the original comment. Observed that able to delete the values using Shift+Delete as expected. Hence adding TE-Verified label.

Please find the screen cast for reference.

Thank you!
704456.mp4
472 KB View Download

Comment 8 by rich...@refinedwiki.com, Apr 4 2017 

Woks for me as well, thanks for the speedy fix!

Sign in to add a comment