Issue metadata
Sign in to add a comment
|
type '하' (hangul, compositing), chrome tab was crashed in slack, It is ok while type english
Reported by
ganad...@gmail.com,
Mar 31 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: 1. open slack 2. type hangul to send message 3. What is the expected behavior? sent message What went wrong? chrome tab was crashed Crashed report ID: ebdb7ff1-2e7b-4847-a04e-51e1f07e7d06 How much crashed? Just one tab Is it a problem with a plugin? N/A Did this work before? Yes 56 Chrome version: 57.0.2987.133 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version:
,
Mar 31 2017
ganadist@ Could you please confirm is this issue is observed only while typing in slack? Is there any other repro steps available to test this issue? If it's a consistent crash please provide the crash ID's from chrome crashes For Example :Crash ID Chrome (Server ID: 81a8281640000000) Thanks!
,
Mar 31 2017
Yes, it crashed while just typing some characters through IME composition. And I found there are same issues on Linux 64bit chromium build (archlinux, not chrome official build, 57.0.2987.110) It seems it didn't reproduce in incognito window. Crash ID: crash/2381839810000000 Crash ID: crash/e0e3c11ce0000000 Crash ID: crash/068b111ce0000000
,
Mar 31 2017
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 3 2017
Stack Trace: --------------- Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000008 ] MAGIC SIGNATURE THREAD Stack Quality99%Show frame trust levels 0x0ffe1b74 (chrome_child.dll -position.cpp:462 ) blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::lastPositionInNode(blink::Node *) 0x10505fd1 (chrome_child.dll -ephemeralrange.cpp:127 ) blink::EphemeralRangeTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::rangeOfContents(blink::Node const &) 0x11549fcd (chrome_child.dll -plaintextrange.cpp:77 ) blink::PlainTextRange::createRangeFor(blink::ContainerNode const &,blink::PlainTextRange::GetRangeFor) 0x11549f7f (chrome_child.dll -plaintextrange.cpp:55 ) blink::PlainTextRange::createRange(blink::ContainerNode const &) 0x1156ff98 (chrome_child.dll -typingcommand.cpp:96 ) blink::`anonymous namespace'::createSelection 0x109b5f5a (chrome_child.dll -typingcommand.cpp:273 ) blink::TypingCommand::adjustSelectionAfterIncrementalInsertion(blink::LocalFrame *,unsigned int) 0x109b5f02 (chrome_child.dll -typingcommand.cpp:537 ) blink::TypingCommand::insertText(WTF::String const &,bool,blink::EditingState *) 0x10362b3b (chrome_child.dll -typingcommand.cpp:338 ) blink::TypingCommand::insertText(blink::Document &,WTF::String const &,blink::VisibleSelectionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> > const &,unsigned int,blink::TypingCommand::TextCompositionType,bool) 0x10362a28 (chrome_child.dll -typingcommand.cpp:253 ) blink::TypingCommand::insertText(blink::Document &,WTF::String const &,unsigned int,blink::TypingCommand::TextCompositionType,bool) 0x115493b1 (chrome_child.dll -inputmethodcontroller.cpp:147 ) blink::`anonymous namespace'::insertTextDuringCompositionWithEvents 0x11549724 (chrome_child.dll -inputmethodcontroller.cpp:575 ) blink::InputMethodController::setComposition(WTF::String const &,WTF::Vector<blink::CompositionUnderline,0,WTF::PartitionAllocator> const &,int,int) 0x113f67d5 (chrome_child.dll -webinputmethodcontrollerimpl.cpp:89 ) blink::WebInputMethodControllerImpl::setComposition(blink::WebString const &,blink::WebVector<blink::WebCompositionUnderline> const &,int,int) 0x1181a9bc (chrome_child.dll -render_widget.cc:1543 ) content::RenderWidget::OnImeSetComposition(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> > const &,gfx::Range const &,int,int) 0x11819316 (chrome_child.dll -ipc_message_templates.h:26 ) IPC::DispatchToMethod<content::RenderWidget,void ( content::RenderWidget::*)(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> > const &,gfx::Range const &,int,int),void,std::tuple<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> >,gfx::Range,int,int> >(content::RenderWidget *,void ( content::RenderWidget::*)(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> > const &,gfx::Range const &,int,int),void *,std::tuple<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> >,gfx::Range,int,int> const &) 0x118189a9 (chrome_child.dll -ipc_message_templates.h:121 ) IPC::MessageT<InputMsg_ImeSetComposition_Meta,std::tuple<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> >,gfx::Range,int,int>,void>::Dispatch<content::RenderWidget,content::RenderWidget,void,void ( content::RenderWidget::*)(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> > const &,gfx::Range const &,int,int)>(IPC::Message const *,content::RenderWidget *,content::RenderWidget *,void *,void ( content::RenderWidget::*)(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,std::vector<blink::WebCompositionUnderline,std::allocator<blink::WebCompositionUnderline> > const &,gfx::Range const &,int,int)) 0x10966ca8 (chrome_child.dll -render_widget.cc:599 ) content::RenderWidget::OnMessageReceived(IPC::Message const &) 0x10213eb0 (chrome_child.dll -render_view_impl.cc:1265 ) content::RenderViewImpl::OnMessageReceived(IPC::Message const &) 0x10211f40 (chrome_child.dll -message_router.cc:56 ) IPC::MessageRouter::RouteMessage(IPC::Message const &) 0x10211f0e (chrome_child.dll -message_router.cc:48 ) IPC::MessageRouter::OnMessageReceived(IPC::Message const &) 0x10383f95 (chrome_child.dll -child_thread_impl.cc:750 ) content::ChildThreadImpl::OnMessageReceived(IPC::Message const &) 0x106a66c8 (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool ( content::ChildThreadImpl::*)(IPC::Message const &)>,base::internal::UnretainedWrapper<content::RenderThreadImpl> >,void >::Run(base::internal::BindStateBase *,IPC::Message const &) 0x0ffbd342 (chrome_child.dll -callback.h:85 ) base::internal::RunMixin<base::Callback<void ,1,1> >::Run(scoped_refptr<media::VideoFrame> const &) 0x1069a490 (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<void ( base::CancelableCallback<void >::*)(IPC::Message const &),base::WeakPtr<base::CancelableCallback<void > > >,void >::Run(base::internal::BindStateBase *,IPC::Message const &) 0x0ffbd342 (chrome_child.dll -callback.h:85 ) base::internal::RunMixin<base::Callback<void ,1,1> >::Run(scoped_refptr<media::VideoFrame> const &) 0x0ffbd08a (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<base::Callback<void ,1,1>,scoped_refptr<media::VideoFrame> >,void >::Run(base::internal::BindStateBase *) 0x1005695e (chrome_child.dll -task_annotator.cc:52 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x1005a627 (chrome_child.dll -task_queue_manager.cc:377 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,blink::scheduler::LazyNow,base::TimeTicks *) 0x101e829f (chrome_child.dll -task_queue_manager.cc:245 ) blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks,bool) 0x101e71da (chrome_child.dll -bind_internal.h:339 ) base::internal::Invoker<base::internal::BindState<void ( blink::scheduler::TaskQueueManager::*)(base::TimeTicks,bool),base::WeakPtr<blink::scheduler::TaskQueueManager>,base::TimeTicks,bool>,void >::Run(base::internal::BindStateBase *) 0x1005695e (chrome_child.dll -task_annotator.cc:52 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x1005a2e6 (chrome_child.dll -message_loop.cc:421 ) base::MessageLoop::RunTask(base::PendingTask *) 0x10057bd0 (chrome_child.dll -message_loop.cc:523 ) base::MessageLoop::DoWork() 0x10058af2 (chrome_child.dll -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x0ffbf06e (chrome_child.dll -run_loop.cc:37 ) base::RunLoop::Run() 0x104118ab (chrome_child.dll -renderer_main.cc:200 ) content::RendererMain(content::MainFunctionParams const &) 0x103a4e0a (chrome_child.dll -content_main_runner.cc:416 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x103a400a (chrome_child.dll -content_main_runner.cc:793 ) content::ContentMainRunnerImpl::Run() 0x103a3f24 (chrome_child.dll -content_main.cc:20 ) content::ContentMain(content::ContentMainParams const &) 0x103a4f01 (chrome_child.dll -chrome_main.cc:112 ) ChromeMain 0x01015dc0 (chrome.exe -main_dll_loader_win.cc:208 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x010122b9 (chrome.exe -chrome_exe_main_win.cc:284 ) wWinMain 0x0107b297 (chrome.exe -exe_common.inl:253 ) __scrt_common_main_seh 0x772c3369 (kernel32.dll + 0x00013369 ) BaseThreadInitThunk 0x777f9901 (ntdll.dll + 0x00039901 ) __RtlUserThreadStart 0x777f98d4 (ntdll.dll + 0x000398d4 ) _RtlUserThreadStart This issue is seen from M56 - 56.0.2924.87, Below link gives in details of the number of instances in which the crash has occurred for associated builds: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20%20AND%20custom_data.ChromeCrashProto.channel%3D%27%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3APositionTemplate%3Cblink%3A%3AEditingAlgorithm%3Cblink%3A%3ANodeTraversal%3E%20%3E%3A%3AlastPositionInNode%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D Note: ===== 1) This is a renderer crash listed under stable build 57.0.2987.133 for Windows on 25 different client ID's. 2) Currently this crash has 61 instances 3) This crash is observed only on Windows OS 4) This crash is not observed on latest beta, dev and canary channels 5) Observing little spike on latest M-57 builds for the below builds 57.0.2987.133 33.89% 61 57.0.2987.110 13.89% 25 57.0.2987.98 50.00% 90 Used code search for the file "typingcommand.cpp" from above stack trace and observed some recent changes for the below file https://codereview.chromium.org/2530843003 yabinh@: Could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner. Thanks!
,
Apr 4 2017
,
Apr 10 2017
It seems that |anchorNode| is null in blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::lastPositionInNode. In TypingCommand::adjustSelectionAfterIncrementalInsertion(), I think we should replace DCHECK with early return: DCHECK(element); --> if(!element) return;
,
Apr 10 2017
There's no more crash reports with this signature for M58 or M59 though, so I presume this was fixed by something else anyway. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nyerramilli@chromium.org
, Mar 31 2017