TextFinder should reset its state when frame to show another document |
|||||||||||
Issue descriptionRunning tot (551e4143b7c8) as follows: out/Release/chrome --user-data-dir=$(mktemp -d) --no-first-run 'http://127.0.0.1:8000/' while running "python -m SimpleHTTPServer" in my home directory. Pressing Ctrl+F in the directory listing to search for "junk". Pressing Ctrl+G a few times until the listing shows the file junk.html, on which I click. Then Chrome crashes: [1:1:0509/111509.574674:FATAL:SelectionTemplate.cpp(103)] Check failed: base_.GetDocument() == document (#document vs. #document)Selection(base: #text "junk"@offsetInAnchor[0], extent: #text "junk"@offsetInAnchor[4]) #0 0x7f4c26a64cc7 base::debug::StackTrace::StackTrace() #1 0x7f4c26a8a2fd logging::LogMessage::~LogMessage() #2 0x7f4c1fc1289b blink::SelectionTemplate<>::AssertValidFor() #3 0x7f4c1fbedd92 blink::FrameSelection::SetSelectionDeprecated() #4 0x7f4c1fbedca4 blink::FrameSelection::SetSelection() #5 0x7f4c1e851b4d blink::WebLocalFrameImpl::SetFindEndstateFocusAndSelection() #6 0x7f4c1e853718 blink::WebLocalFrameImpl::StopFinding() #7 0x7f4c2477dfa1 _ZN3IPC8MessageTI25FrameMsg_StopFinding_MetaSt5tupleIJN7content14StopFindActionEEEvE8DispatchINS3_15RenderFrameImplES8_vMS8_FvS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #8 0x7f4c247716cb content::RenderFrameImpl::OnMessageReceived() #9 0x7f4c26e83659 IPC::MessageRouter::RouteMessage() #10 0x7f4c26e83594 IPC::MessageRouter::OnMessageReceived() #11 0x7f4c23d08b8d content::ChildThreadImpl::OnMessageReceived() #12 0x7f4c26e6a485 IPC::ChannelProxy::Context::OnDispatchMessage() #13 0x7f4c26e6d3ea _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #14 0x7f4c26a4ffe1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #15 0x7f4c26a655e3 base::debug::TaskAnnotator::RunTask() #16 0x7f4c1ec23b43 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue() #17 0x7f4c1ec2125e blink::scheduler::TaskQueueManager::DoWork() #18 0x7f4c1ec25f87 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE #19 0x7f4c26a4ffe1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #20 0x7f4c26a655e3 base::debug::TaskAnnotator::RunTask() #21 0x7f4c26a9698d base::MessageLoop::RunTask() #22 0x7f4c26a96d7c base::MessageLoop::DeferOrRunPendingTask() #23 0x7f4c26a97146 base::MessageLoop::DoWork() #24 0x7f4c26a989a9 base::MessagePumpDefault::Run() #25 0x7f4c26a966f5 base::MessageLoop::RunHandler() #26 0x7f4c26acb6cc base::RunLoop::Run() #27 0x7f4c247db59f content::RendererMain() #28 0x7f4c2494da4a content::RunZygote() #29 0x7f4c2494dff0 content::RunNamedProcessTypeMain() #30 0x7f4c2494ed22 content::ContentMainRunnerImpl::Run() #31 0x7f4c26f99574 service_manager::Main() #32 0x7f4c2494d822 content::ContentMain() #33 0x7f4c275b6571 ChromeMain #34 0x7f4c1b336f45 __libc_start_main #35 0x7f4c275b63df <unknown> Received signal 6 #0 0x7f4c26a64cc7 base::debug::StackTrace::StackTrace() #1 0x7f4c26a6483f base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7f4c26beb330 <unknown> #3 0x7f4c1b34bc37 gsignal #4 0x7f4c1b34f028 abort #5 0x7f4c26a62d62 base::debug::BreakDebugger() #6 0x7f4c26a8a6c0 logging::LogMessage::~LogMessage() #7 0x7f4c1fc1289b blink::SelectionTemplate<>::AssertValidFor() #8 0x7f4c1fbedd92 blink::FrameSelection::SetSelectionDeprecated() #9 0x7f4c1fbedca4 blink::FrameSelection::SetSelection() #10 0x7f4c1e851b4d blink::WebLocalFrameImpl::SetFindEndstateFocusAndSelection() #11 0x7f4c1e853718 blink::WebLocalFrameImpl::StopFinding() #12 0x7f4c2477dfa1 _ZN3IPC8MessageTI25FrameMsg_StopFinding_MetaSt5tupleIJN7content14StopFindActionEEEvE8DispatchINS3_15RenderFrameImplES8_vMS8_FvS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #13 0x7f4c247716cb content::RenderFrameImpl::OnMessageReceived() #14 0x7f4c26e83659 IPC::MessageRouter::RouteMessage() #15 0x7f4c26e83594 IPC::MessageRouter::OnMessageReceived() #16 0x7f4c23d08b8d content::ChildThreadImpl::OnMessageReceived() #17 0x7f4c26e6a485 IPC::ChannelProxy::Context::OnDispatchMessage() #18 0x7f4c26e6d3ea _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #19 0x7f4c26a4ffe1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #20 0x7f4c26a655e3 base::debug::TaskAnnotator::RunTask() #21 0x7f4c1ec23b43 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue() #22 0x7f4c1ec2125e blink::scheduler::TaskQueueManager::DoWork() #23 0x7f4c1ec25f87 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE #24 0x7f4c26a4ffe1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #25 0x7f4c26a655e3 base::debug::TaskAnnotator::RunTask() #26 0x7f4c26a9698d base::MessageLoop::RunTask() #27 0x7f4c26a96d7c base::MessageLoop::DeferOrRunPendingTask() #28 0x7f4c26a97146 base::MessageLoop::DoWork() #29 0x7f4c26a989a9 base::MessagePumpDefault::Run() #30 0x7f4c26a966f5 base::MessageLoop::RunHandler() #31 0x7f4c26acb6cc base::RunLoop::Run() #32 0x7f4c247db59f content::RendererMain() #33 0x7f4c2494da4a content::RunZygote() #34 0x7f4c2494dff0 content::RunNamedProcessTypeMain() #35 0x7f4c2494ed22 content::ContentMainRunnerImpl::Run() #36 0x7f4c26f99574 service_manager::Main() #37 0x7f4c2494d822 content::ContentMain() #38 0x7f4c275b6571 ChromeMain #39 0x7f4c1b336f45 __libc_start_main #40 0x7f4c275b63df <unknown> r8: ffff8299a91cf1a8 r9: ffff8299a91cf198 r10: 0000000000000008 r11: 0000000000000202 r12: 00007f4c1bce5940 r13: 00007ffce29823e0 r14: 00000000000000d8 r15: 00007ffce29823d8 di: 0000000000000001 si: 0000000000000001 bp: 00007ffce29823d8 bx: 00007ffce2981f90 dx: 0000000000000006 ax: 0000000000000000 cx: ffffffffffffffff sp: 00007ffce2981df8 ip: 00007f4c1b34bc37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Calling _exit(1). Core file will not be generated.
,
May 15 2017
Started bisect job https://chromeperf.appspot.com/buildbucket_job_status/8979501651454113312
,
May 15 2017
=== BISECT JOB RESULTS === NO Perf regression found Bisect Details Configuration: mac_10_11_perf_bisect Benchmark : v8.runtimestats.browsing_desktop_classic Metric : v8-gc-memory-mark-compactor_sum/browse_media/browse_media_pinterest Revision Result N chromium@469744 61.264 +- 62.8217 21 good chromium@469835 55.77 +- 80.6367 21 bad To Run This Test src/tools/perf/run_benchmark -v --browser=release --output-format=chartjson --upload-results --pageset-repeat=1 --also-run-disabled-tests --story-filter=browse.media.pinterest v8.runtimestats.browsing_desktop_classic Debug Info https://chromeperf.appspot.com/buildbucket_job_status/8979501651454113312 Is this bisect wrong? https://chromeperf.appspot.com/bad_bisect?try_job_id=5846236424306688 | O O | Visit http://www.chromium.org/developers/speed-infra/perf-bug-faq | X | for more information addressing perf regression bugs. For feedback, | / \ | file a bug with component Speed>Bisection. Thank you!
,
May 15 2017
Started bisect job https://chromeperf.appspot.com/buildbucket_job_status/8979488208558818736
,
May 16 2017
=== BISECT JOB RESULTS === NO Perf regression found Bisect Details Configuration: mac_10_11_perf_bisect Benchmark : v8.runtimestats.browsing_desktop_classic Metric : v8-gc-memory-mark-compactor_sum/browse_media/browse_media_pinterest Revision Result N chromium@469744 57.909 +- 73.6061 20 good chromium@469835 60.1521 +- 61.1004 21 bad To Run This Test src/tools/perf/run_benchmark -v --browser=release --output-format=chartjson --upload-results --pageset-repeat=1 --also-run-disabled-tests --story-filter=browse.media.pinterest v8.runtimestats.browsing_desktop_classic Debug Info https://chromeperf.appspot.com/buildbucket_job_status/8979488208558818736 Is this bisect wrong? https://chromeperf.appspot.com/bad_bisect?try_job_id=5846236424306688 | O O | Visit http://www.chromium.org/developers/speed-infra/perf-bug-faq | X | for more information addressing perf regression bugs. For feedback, | / \ | file a bug with component Speed>Bisection. Thank you!
,
May 16 2017
,
Jun 1 2017
Please have a look, this is still happening.
,
Jun 2 2017
Lower to Pri-3, since we don't have bandwidth to fix this issue and this happens
on *fast* transition after find-in-page.
|TextFinder| should reset its state when LocalFrame changes document to hold.
Possible dirty hack is:
void WebLocalFrameImpl::SetFindEndstateFocusAndSelection() {
if (!text_finder_ || !text_finder_->ActiveMatchFrame())
return;
if (Range* active_match = text_finder_->ActiveMatch()) {
+ if (active_match->OwnerDocument() != GetFrame()->GetDocument()) {
+ // LocalFrame holds a document different from the match, we should not
+ // use |active_match|.
+ text_finder_->ResetActiveMatch();
+ return;
+ }
,
Jun 2 2017
,
Jun 2 2017
sorry, triggering DCHECKs are at least P1. Please either remove the dcheck or fix this as fast as possible, as it makes debugging Chromium for the entire team really hard.
,
Jun 5 2017
Mark "Available" to pick up by someone
,
Jun 5 2017
,
Jun 7 2017
,
Jun 15 2017
,
Jun 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7920530b27ad7c75a12f02b410ba8dbf923a2df8 commit 7920530b27ad7c75a12f02b410ba8dbf923a2df8 Author: yosin <yosin@chromium.org> Date: Thu Jun 15 08:14:55 2017 Make WebLocalFrameImpl::Load() to reset active match This patch changes |WebLocalFrameImpl::Load()| to reset active match, which is represented by |Range|, to avoid setting selection with document not hosted by |WebLocalFrameImpl|. This is caused by processing |WebLocalFrame::StopFInding()| with |kStopFindActionKeepSelection| from |FindRequestManager| in browser process is happend after completion of loading document. BUG= 719880 TEST=run_webkit_unit_tests All/ParameterizedWebFrameTest.FindInPageStopFindActionKeepSelectionInAnotherDocument/* Review-Url: https://codereview.chromium.org/2942623003 Cr-Commit-Position: refs/heads/master@{#479636} [modify] https://crrev.com/7920530b27ad7c75a12f02b410ba8dbf923a2df8/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp [modify] https://crrev.com/7920530b27ad7c75a12f02b410ba8dbf923a2df8/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
,
Jun 15 2017
,
Jun 19 2017
,
Jun 23 2017
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by neis@chromium.org
, May 9 2017