New issue
Advanced search Search tips

Issue 747207 link

Starred by 2 users
Status: Available
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

DCHECK failure in blink::Document::SetSequentialFocusNavigationStartingPoint

Project Member Reported by tkent@chromium.org, Jul 21 2017 
Chrome Version: ToT Debug build
OS: All but iOS

What steps will reproduce the problem?
(1) Open the following HTML with Debug build Chromium
(2) Click on "Press me" text

<!DOCTYPE html>
<div onmousedown="handleDown(this)">Press me</div>
<script>
function handleDown(node) {
  var d2 = new Document();
  d2.appendChild(node);
}
</script>


What is the expected result?
No crash.

What happens instead?
DCHECK failure.

[88220:775:0721/120416.494034:FATAL:Document.cpp(4437)] Check failed: node->GetDocument() == this (#document vs. #document)
0   libbase.dylib                       0x000000010bd905ae base::debug::StackTrace::StackTrace(unsigned long) + 174
1   libbase.dylib                       0x000000010bd9067d base::debug::StackTrace::StackTrace(unsigned long) + 29
2   libbase.dylib                       0x000000010bd8e91c base::debug::StackTrace::StackTrace() + 28
3   libbase.dylib                       0x000000010be2d62f logging::LogMessage::~LogMessage() + 479
4   libbase.dylib                       0x000000010be2afa5 logging::LogMessage::~LogMessage() + 21
5   libblink_core.dylib                 0x000000013f39a990 blink::Document::SetSequentialFocusNavigationStartingPoint(blink::Node*) + 304
6   libblink_core.dylib                 0x000000013fef1cdf blink::MouseEventManager::HandleMousePressEvent(blink::EventWithHitTestResults<blink::WebMouseEvent> const&) + 1231
7   libblink_core.dylib                 0x000000013fed88be blink::EventHandler::HandleMousePressEvent(blink::WebMouseEvent const&) + 3198
8   libblink_core.dylib                 0x0000000140713ca3 blink::PageWidgetEventHandler::HandleMouseDown(blink::LocalFrame&, blink::WebMouseEvent const&) + 83
9   libblink_web.dylib                  0x000000014c3c9ed4 blink::WebViewImpl::HandleMouseDown(blink::LocalFrame&, blink::WebMouseEvent const&) + 1220


blink::MouseEventManager::HandleMousePressEvent should call SetSequentialFocusNavigationStartingPoint for inner_node's Document, not frame_->GetDocument().

Comment 1 by kochi@chromium.org, Jul 21 2017

Owner: kochi@chromium.org
Status: Assigned (was: Available)
In this repro's specific case, the clicked element is adopted in another
document and will not have any visible area.

Sequential navigation starting point should always be some visible position,
which means the document should be associated with a frame.

So I don't think MouseEventManager is the culprit, if we pass inner_node's
Document, sequential navigation starting point will become a point in an
invisible document, thus it may cause another undefined behavior.

Comment 2 by benhenry@chromium.org, Sep 29 2017

Components: Blink>HTML>Focus

Comment 3 by benhenry@chromium.org, Sep 29 2017

Components: -Blink>Focus

Comment 4 by kochi@chromium.org, Oct 17 2017

Cc: kochi@chromium.org
Owner: ----
bulk edit to remove owner=me where I'm not actively looking at.

Comment 5 by kochi@chromium.org, Oct 17 2017

Status: Available (was: Assigned)
mark it available.
Project Member

Comment 6 by sheriffbot@chromium.org, Oct 17

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by tkent@chromium.org, Oct 18

Cc: -kochi@chromium.org
Labels: -Hotlist-Recharge-Cold
Status: Available (was: Untriaged)

Sign in to add a comment