CHECK failure: !performing_user_action_ in textfield.cc |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5833854729584640 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !performing_user_action_ in textfield.cc views::Textfield::OnBeforeUserAction views::Textfield::DoInsertChar Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=443258:443393 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94fMo6YI8YAbFGUmXpKzIYeNymh7MPh9UKRsxO8Acxw2a1Ttc7n4iqjpnqe3sAjlZeUKHs5kHa_UJbj1a9ffLqeth2Rovyk15aPrCCtZRKWpPC9gW3XBmYDi_YBZE62dRGFg2yu5LcCBhqzsCwgJvwZnamCtPczlYXChBgtZF5IgpsGgWH_CczzevKJstd97lVt2qYP_gLh57rcq3eigT1gUl8OljfBFzrrnQARXnqNBk92QU0M8BVnjn3djU0LOlp5ehvGzsxv-TfH3QzmfjKi1U3AWfur4ahUYgtPn3wSBiEadfyitG8CwFxvjj6yXX9ZTEw_6VBQnEkW_i6J2I37y1sotmC6jiLGq9AGUkVlqmm9sZzq2fyy3I6u_Y7sKX84IwfDpSGVZJWVZAWCScb3mv8Lmw?testcase_id=5833854729584640 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 3 2017
here is the regression range clusterfuzz found: https://chromium.googlesource.com/chromium/src/+log/b65ab0c7ef82e115a49e79ab0d413d2de7df2f11..b5c9bcd8091d35691e61a939eb2aa8201baf57c8?pretty=fuller my CL is not in that range and I don't see any obvious candidates. Over to owner.
,
Apr 3 2017
A wider view of the stack trace shows that getting the selection clipboard text spins a RunLoop, which allows further input event handling, triggering an unexpected state in the textfield (inserting a character while pasting text). erg@ and/or pkotwicz@: can we get selection clipboard text without spinning a RunLoop? Can we do something to delay/re-post (or block) input events during this time? Otherwise, I guess the Textfield can try to handle this and early-out (not accept further text input while performing a text input operation). I'm reducing the priority, since this is very unlikely for someone to trigger in the wild. [13085:13085:0403/000008.784342:21458514358:FATAL:textfield.cc(1983)] Check failed: !performing_user_action_. #0 0x0000004e47d1 __interceptor_backtrace #1 0x7f1a779bb25b base::debug::StackTrace::StackTrace() #2 0x7f1a779b5d57 base::debug::StackTrace::StackTrace() #3 0x7f1a77b4444c logging::LogMessage::~LogMessage() #4 0x7f1a44afefc9 views::Textfield::OnBeforeUserAction() #5 0x7f1a44b14206 views::Textfield::DoInsertChar() #6 0x7f1a44b0fbdf views::Textfield::InsertChar() #7 0x7f1a688221af ui::InputMethodAuraLinux::ProcessKeyEventDone() #8 0x7f1a6881f653 ui::InputMethodAuraLinux::DispatchKeyEvent() #9 0x7f1a44e744e0 views::DesktopWindowTreeHostX11::DispatchKeyEvent() #10 0x7f1a44e75d77 views::DesktopWindowTreeHostX11::DispatchEvent() #11 0x7f1a70897dba ui::PlatformEventSource::DispatchEvent() #12 0x7f1a3e534a50 ui::X11EventSourceGlib::ProcessXEvent() #13 0x7f1a3e5019ab ui::X11EventSource::ExtractCookieDataDispatchEvent() #14 0x7f1a3e501701 ui::X11EventSource::DispatchXEvents() #15 0x7f1a3e535632 ui::(anonymous namespace)::XSourceDispatch() #16 0x7f1a4244fce5 g_main_context_dispatch #17 0x7f1a42450048 <unknown> #18 0x7f1a424500ec g_main_context_iteration #19 0x7f1a77c01a49 base::MessagePumpGlib::Run() #20 0x7f1a77bc9b0a base::MessageLoop::RunHandler() #21 0x7f1a77e222f7 base::RunLoop::Run() #22 0x7f1a703258f4 ui::SelectionRequestor::BlockTillSelectionNotifyForRequest() #23 0x7f1a70323527 ui::SelectionRequestor::PerformBlockingConvertSelection() #24 0x7f1a7036bdd5 ui::ClipboardAuraX11::AuraX11Details::WaitAndGetTargetsList() #25 0x7f1a7036ac4e ui::ClipboardAuraX11::AuraX11Details::RequestAndWaitForTypes() #26 0x7f1a7037626f ui::ClipboardAuraX11::ReadText() #27 0x7f1a44b146e3 views::Textfield::GetSelectionClipboardText() #28 0x7f1a44b15aab views::Textfield::PasteSelectionClipboard() #29 0x7f1a44c1b795 views::SelectionController::OnMousePressed() #30 0x7f1a44afc117 views::Textfield::OnMousePressed() #31 0x7f1a44c50ff7 views::View::ProcessMousePressed() #32 0x7f1a44c50185 views::View::OnMouseEvent() #33 0x7f1a69dbbbdc ui::EventHandler::OnEvent() #34 0x7f1a69dad471 ui::EventDispatcher::DispatchEvent() #35 0x7f1a69da908b ui::EventDispatcher::ProcessEvent() #36 0x7f1a69da8153 ui::EventDispatcherDelegate::DispatchEventToTarget() #37 0x7f1a69da7a3a ui::EventDispatcherDelegate::DispatchEvent() #38 0x7f1a44ca56a9 views::internal::RootView::OnMousePressed() #39 0x7f1a44ccb0ac views::Widget::OnMouseEvent() #40 0x7f1a44dca812 views::DesktopNativeWidgetAura::OnMouseEvent() #41 0x7f1a69dbbbdc ui::EventHandler::OnEvent() #42 0x7f1a69dad471 ui::EventDispatcher::DispatchEvent() #43 0x7f1a69da908b ui::EventDispatcher::ProcessEvent() #44 0x7f1a69da8153 ui::EventDispatcherDelegate::DispatchEventToTarget() #45 0x7f1a69da7a3a ui::EventDispatcherDelegate::DispatchEvent() #46 0x7f1a69dbeb54 ui::EventProcessor::OnEventFromSource() #47 0x7f1a69dbf391 ui::EventProcessor::OnEventFromSource() #48 0x7f1a69dc5864 ui::EventSource::DeliverEventToSink() #49 0x7f1a69dc4024 ui::EventSource::SendEventToSink() #50 0x7f1a44e72fef views::DesktopWindowTreeHostX11::DispatchMouseEvent() #51 0x7f1a44e77ad4 views::DesktopWindowTreeHostX11::DispatchEvent() #52 0x7f1a70897dba ui::PlatformEventSource::DispatchEvent() #53 0x7f1a3e534a50 ui::X11EventSourceGlib::ProcessXEvent() #54 0x7f1a3e5019ab ui::X11EventSource::ExtractCookieDataDispatchEvent() #55 0x7f1a3e501701 ui::X11EventSource::DispatchXEvents() #56 0x7f1a3e535632 ui::(anonymous namespace)::XSourceDispatch() #57 0x7f1a4244fce5 g_main_context_dispatch #58 0x7f1a42450048 <unknown> #59 0x7f1a424500ec g_main_context_iteration #60 0x7f1a77c01a49 base::MessagePumpGlib::Run() #61 0x7f1a77bc9b0a base::MessageLoop::RunHandler()
,
Apr 4 2017
On Desktop Linux, clipboard operations are asynchronous. Thus we need a RunLoop in order for the clipboard operations to appear synchronous. There isn't a real clipboard on Desktop Linux. In order to get the clipboard text: - Chrome needs to communicate with the clipboard manager to figure out which app has control of the clipboard - Chrome needs to communicate with the app which controls the clipboard in order to get the clipboard text
,
Apr 4 2017
We should be able to post / delay events during the time that the clipboard run loop is running. This is not as straight forward as it it seems. A "paste operation" can occur as a result of the user pressing a keyboard key (Ctrl+v). I am unsure whether we should delay the "key release" event of the 'v' in Ctrl+v
,
Apr 21 2017
Since I'm not actively working on Textfield, this would be better owned by someone else.
,
May 21 2017
ClusterFuzz testcase 5833854729584640 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 22 2017
,
Mar 9 2018
Un-cc-ing me from all bugs on my final day.
,
Sep 13
Archiving old bugs that haven't been actively assigned in over 180 days. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks! |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by msrchandra@chromium.org
, Apr 3 2017Labels: Test-Predator-Wrong M-59
Owner: est...@chromium.org
Status: Assigned (was: Untriaged)