Regression:Webview process of pdf crashes after hitting shift+tab key from keyboard.
Reported by
vku...@etouch.net,
May 17 2017
|
||||||
Issue descriptionChrome Version: 60.0.3102.0 (Official Build) 1b9cbad892fea821579566528be23955f159555c-refs/heads/master@{#472262} 32/64 bit OS: Windows (7,8,10),Linux(14.04 LTS) and Mac(10.11.6, 10.12.3) What steps will reproduce the problem? (1)Launch chrome and navigate to http://foersom.com/net/HowTo/data/OoPdfFormExample.pdf (2)Click on 'country' field press tab key such that focus reaches drop down button, hit 'space bar' key (3)Again press tab key and then shift+tab to navigate back,observe Actual: Webview process of pdf crashes after hitting shift+tab key. Crash ID 544541b8-8175-490c-ad14-ce892044d2b4 (Server ID: e67e907170000000) Expected: Webview process of pdf should not crash after hitting shift+tab key. This is a regression issue broken in 'M60' and below is the manual regression range Good Build: 60.0.3100.0 Bad Build: 60.0.3101.0
,
May 17 2017
Narrow bisect info: https://chromium.googlesource.com/chromium/src/+log/57bb4b6713175b902e2c4e19df6df3872d69e885..6db0fde5caaa551bbf6e61b69d798a08cffcf11d?pretty=fuller&n=50 Suspecting: 471864 ? Kindly help to reassign if this is not related to your change
,
May 17 2017
Adding RB Label as this is a recent Regression. Please remove if not required. Providing Stack Trace for the Crash ID -- e67e907170000000 Stack Trace :: =============== Thread 0 CRASHED [EXC_BAD_ACCESS / EXC_I386_GPFLT @ 0x00000001122215bd ] MAGIC SIGNATURE THREAD Stack Quality81%Show frame trust levels 0x00000001122215bd (Google Chrome Framework -memory:2270 ) CPWL_ComboBox::~CPWL_ComboBox() 0x00000001120a2385 (Google Chrome Framework -cffl_formfiller.cpp:384 ) CFFL_FormFiller::DestroyPDFWindow(CPDFSDK_PageView*) 0x00000001120a0268 (Google Chrome Framework -cffl_combobox.cpp:236 ) CFFL_ComboBox::ResetPDFWindow(CPDFSDK_PageView*, bool) 0x00000001120a1bb0 (Google Chrome Framework -cffl_formfiller.cpp:246 ) CFFL_FormFiller::SetFocusForAnnot(CPDFSDK_Annot*, unsigned int) 0x00000001120a40e8 (Google Chrome Framework -cffl_interactiveformfiller.cpp:414 ) CFFL_InteractiveFormFiller::OnSetFocus(CFX_Observable<CPDFSDK_Annot>::ObservedPtr*, unsigned int) 0x00000001120727dc (Google Chrome Framework -cpdfsdk_formfillenvironment.cpp:705 ) CPDFSDK_FormFillEnvironment::SetFocusAnnot(CFX_Observable<CPDFSDK_Annot>::ObservedPtr*) 0x000000011206d1dc (Google Chrome Framework -cpdfsdk_annothandlermgr.cpp:212 ) CPDFSDK_AnnotHandlerMgr::Annot_OnKeyDown(CPDFSDK_Annot*, int, int) 0x00000001120855eb (Google Chrome Framework -fpdfformfill.cpp:366 ) FORM_OnKeyDown 0x00000001120605c4 (Google Chrome Framework -pdfium_engine.cc:1960 ) chrome_pdf::PDFiumEngine::OnKeyDown(pp::KeyboardInputEvent const&) 0x000000011205f21b (Google Chrome Framework -pdfium_engine.cc:1320 ) chrome_pdf::PDFiumEngine::HandleEvent(pp::InputEvent const&) 0x0000000112051796 (Google Chrome Framework -out_of_process_instance.cc:616 ) chrome_pdf::OutOfProcessInstance::HandleInputEvent(pp::InputEvent const&) 0x000000010d9ef02c (Google Chrome Framework -module.cc:53 ) pp::InputEvent_HandleEvent(int, int) 0x0000000111cf29b6 (Google Chrome Framework -proxy_lock.h:135 ) ppapi::proxy::PPP_InputEvent_Proxy::OnMsgHandleFilteredInputEvent(int, ppapi::InputEventData const&, PP_Bool*) 0x0000000111cf2859 (Google Chrome Framework -tuple.h:117 ) bool IPC::MessageT<PpapiMsg_PPPInputEvent_HandleFilteredInputEvent_Meta, std::__1::tuple<int, ppapi::InputEventData>, std::__1::tuple<PP_Bool> >::Dispatch<ppapi::proxy::PPP_InputEvent_Proxy, ppapi::proxy::PPP_InputEvent_Proxy, void, void (ppapi::proxy::PPP_InputEvent_Proxy::*)(int, ppapi::InputEventData const&, PP_Bool*)>(IPC::Message const*, ppapi::proxy::PPP_InputEvent_Proxy*, ppapi::proxy::PPP_InputEvent_Proxy*, void*, void (ppapi::proxy::PPP_InputEvent_Proxy::*)(int, ppapi::InputEventData const&, PP_Bool*)) 0x0000000111cf252a (Google Chrome Framework -ppp_input_event_proxy.cc:85 ) ppapi::proxy::PPP_InputEvent_Proxy::OnMessageReceived(IPC::Message const&) 0x0000000111cd23e0 (Google Chrome Framework -plugin_dispatcher.cc:249 ) ppapi::proxy::PluginDispatcher::OnMessageReceived(IPC::Message const&) 0x000000010e4e78ba (Google Chrome Framework -ipc_channel_proxy.cc:329 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) 0x000000010df36980 (Google Chrome Framework -callback.h:91 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010df5d3ea (Google Chrome Framework -message_loop.cc:404 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010df5d72e (Google Chrome Framework -message_loop.cc:415 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x000000010df5d972 (Google Chrome Framework -message_loop.cc:503 ) base::MessageLoop::DoWork() 0x000000010df60bb9 (Google Chrome Framework -message_pump_mac.mm:439 ) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010df51a59 (Google Chrome Framework + 0x01ad0a59 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010df604ce (Google Chrome Framework -message_pump_mac.mm:415 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff837b6880 (CoreFoundation + 0x000aa880 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff83795fbb (CoreFoundation + 0x00089fbb ) __CFRunLoopDoSources0 0x00007fff837954de (CoreFoundation + 0x000894de ) __CFRunLoopRun 0x00007fff83794ed7 (CoreFoundation + 0x00088ed7 ) CFRunLoopRunSpecific 0x000000010df60f6e (Google Chrome Framework -message_pump_mac.mm:663 ) base::MessagePumpCFRunLoop::DoRun(base::MessagePump::Delegate*) 0x000000010df60a1b (Google Chrome Framework -message_pump_mac.mm:311 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010df81a02 (Google Chrome Framework -run_loop.cc:105 ) base::RunLoop::Run() 0x000000010d9d1562 (Google Chrome Framework -ppapi_plugin_main.cc:157 ) content::PpapiPluginMain(content::MainFunctionParams const&) 0x000000010da9231a (Google Chrome Framework -content_main_runner.cc:705 ) content::ContentMainRunnerImpl::Run() 0x000000010f360a72 (Google Chrome Framework -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x000000010da916f3 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x000000010c48528e (Google Chrome Framework -chrome_main.cc:109 ) ChromeMain 0x000000010c24cda9 (Google Chrome Helper -chrome_exe_main_mac.c:85 ) main 0x00007fff88e445ac (libdyld.dylib + 0x000035ac ) start Thank You.
,
May 17 2017
tsepez@ this is crashing in the ComboBox destructor. The roll includes your combobox leak potential fix [1]. I'm guessing these are related. 1- https://pdfium.googlesource.com/pdfium.git/+/b084c1f615e9b5d82a36aeedcff2339b7ac91265
,
May 17 2017
Issue 723710 has been merged into this issue.
,
May 17 2017
Thanks, will revert.
,
May 18 2017
revert at CL https://pdfium-review.googlesource.com/5655 Subsequent pdfium roll should fix the issue.
,
May 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/088e5560ca41e5b991c3662cd406f42c8a01e0fd commit 088e5560ca41e5b991c3662cd406f42c8a01e0fd Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Fri May 19 00:56:47 2017 Roll src/third_party/pdfium/ cfd56852b..690d456ad (8 commits) https://pdfium.googlesource.com/pdfium.git/+log/cfd56852b637..690d456ad54f $ git log cfd56852b..690d456ad --date=short --no-merges --format='%ad %ae %s' 2017-05-18 tsepez Use UnownedPtr to check CFX_*StringC lifetimes 2017-05-18 npm Fix typo in CFX_ImageTransformer::Continue 2017-05-18 dsinclair Adding fm2js embedder tests 2017-05-18 npm Add kerning test for bug 528103 2017-05-18 tsepez Break linkage from CPDFXA_DocEnvironment to IJS_EventContext. 2017-05-18 tsepez Bad cast to CPDF_Document in FPDFEditEmbeddertest 2017-05-18 tsepez Revert "Smells like a leak in PWL_ComboBox.cpp" 2017-05-17 dsinclair Remove CXFA_FMErrorInfo Created with: roll-dep src/third_party/pdfium BUG= 723415 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: Id89ba2959012f11d70a0c6da3ad8fd28dc85702f Reviewed-on: https://chromium-review.googlesource.com/508446 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#473001} [modify] https://crrev.com/088e5560ca41e5b991c3662cd406f42c8a01e0fd/DEPS
,
May 23 2017
Verified the issue on windows 10, Mac 10.12.4 and Ubuntu 14.04 using chrome dev version #60.0.3107.4 as per comment #0. Observed that webview process of pdf did not crash after hitting shift+tab key. Hence, the fix is working as expected. Attaching screen cast for reference. Hence, adding the verified labels. Thanks...!! |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by vku...@etouch.net
, May 17 2017