[WebPayments] Segfault when validating addresses |
|||||||||
Issue descriptionNo clue what's causing it, but I have a reliable repro: 1. Go to https://rsolomakhin.github.io/pr/us/ 2. Go to the shipping address sheet 3. Pick a Canadian address 4. Wait for processing; the address will be rejected 5. Pick a US address 6. Segfault! This was on near-tip-of-tree as well as Canary 62.0.3168.0 da2455bea333a5a4bfe61ba1fcfe9e325dc368e1-refs/heads/master@{#489803}
,
Jul 27 2017
Received signal 11 <unknown> 000000000000 #0 0x7f3f5fd5a8bd base::debug::StackTrace::StackTrace() #1 0x7f3f5fd58c8c base::debug::StackTrace::StackTrace() #2 0x7f3f5fd5a275 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f3f603bc330 <unknown> #4 0x55bf4b4bbe13 payments::PaymentRequestItemList::Item::SetSelected() #5 0x55bf4b4bced3 payments::PaymentRequestItemList::UnselectSelectedItem() #6 0x55bf4b4bc059 payments::PaymentRequestItemList::SelectItem() #7 0x55bf4b4bbf32 payments::PaymentRequestItemList::Item::ButtonPressed() #8 0x7f3f546e5a47 views::Button::NotifyClick() #9 0x7f3f546e9777 views::CustomButton::NotifyClick() #10 0x7f3f546e84f6 views::CustomButton::OnMouseReleased() #11 0x7f3f547db0f2 views::View::ProcessMouseReleased() #12 0x7f3f547dabb7 views::View::OnMouseEvent() #13 0x7f3f546ba966 views::InkDropHostView::OnMouseEvent() #14 0x7f3f561f2df3 ui::EventHandler::OnEvent() #15 0x7f3f561ee400 ui::EventDispatcher::DispatchEvent() #16 0x7f3f561ecb12 ui::EventDispatcher::ProcessEvent() #17 0x7f3f561ec59f ui::EventDispatcherDelegate::DispatchEventToTarget() #18 0x7f3f561ec44f ui::EventDispatcherDelegate::DispatchEvent() #19 0x7f3f547f14a6 views::internal::RootView::OnMouseReleased() #20 0x7f3f547fa8dc views::Widget::OnMouseEvent() #21 0x7f3f54840488 views::NativeWidgetAura::OnMouseEvent() #22 0x7f3f561f2df3 ui::EventHandler::OnEvent() #23 0x7f3f561ee400 ui::EventDispatcher::DispatchEvent() #24 0x7f3f561ecb12 ui::EventDispatcher::ProcessEvent() #25 0x7f3f561ec59f ui::EventDispatcherDelegate::DispatchEventToTarget() #26 0x7f3f561ec44f ui::EventDispatcherDelegate::DispatchEvent() #27 0x7f3f561f3d75 ui::EventProcessor::OnEventFromSource() #28 0x7f3f561f3fec ui::EventProcessor::OnEventFromSource() #29 0x7f3f561f5bcf ui::EventSource::DeliverEventToSink() #30 0x7f3f561f53c1 ui::EventSource::SendEventToSink() #31 0x7f3f54866b85 views::DesktopWindowTreeHostX11::DispatchMouseEvent() #32 0x7f3f54867b45 views::DesktopWindowTreeHostX11::DispatchEvent() #33 0x7f3f5e4c473d ui::PlatformEventSource::DispatchEvent() #34 0x7f3f46e04c84 ui::X11EventSourceGlib::ProcessXEvent() #35 0x7f3f46df2fd8 ui::X11EventSource::ExtractCookieDataDispatchEvent() #36 0x7f3f46df2f40 ui::X11EventSource::DispatchXEvents() #37 0x7f3f46e04fe5 ui::(anonymous namespace)::XSourceDispatch() #38 0x7f3f49097ce5 g_main_context_dispatch #39 0x7f3f49098048 <unknown> #40 0x7f3f490980ec g_main_context_iteration #41 0x7f3f5fe2044f base::MessagePumpGlib::Run() #42 0x7f3f5fe17814 base::MessageLoop::Run() #43 0x7f3f5fecc5cd base::RunLoop::Run() #44 0x55bf4848b59b ChromeBrowserMainParts::MainMessageLoopRun() #45 0x7f3f596686b6 content::BrowserMainLoop::RunMainMessageLoopParts() #46 0x7f3f5967111f content::BrowserMainRunnerImpl::Run() #47 0x7f3f5965cd9b content::BrowserMain() #48 0x7f3f5b2450e4 content::RunNamedProcessTypeMain() #49 0x7f3f5b247cbf content::ContentMainRunnerImpl::Run() #50 0x7f3f5b242b9d content::ContentServiceManagerMainDelegate::RunEmbedderProcess() #51 0x7f3f606593b5 service_manager::Main() #52 0x7f3f5b243f5f content::ContentMain() #53 0x55bf467800de ChromeMain #54 0x55bf4677fff2 main #55 0x7f3f49cddf45 __libc_start_main #56 0x55bf4677fed4 <unknown> r8: 0000041e55b88b78 r9: fffffffffffffec8 r10: fffffffffffffeb8 r11: 00007f3f49e46110 r12: 0000041e53fa9200 r13: 00007f3f49355920 r14: 00007f3f46e04fc0 r15: 0000041e53fac390 di: 3636363636363636 si: 0000000000000000 bp: 00007ffdf93a3720 bx: 0000000000000000 dx: 0000000000000001 ax: 3636363636363636 cx: 0000041e55b88800 sp: 00007ffdf93a36e0 ip: 000055bf4b4bbe13 efl: 0000000000010206 cgf: 0000000000000033 erf: 0000000000000000 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace]
,
Jul 27 2017
Looking into this.
,
Jul 28 2017
Well, the issue appears to be the call to GetNameForDataType in UpdateAccessibleName, so apparently the "pure virtual" complaint that popped up intermittently was related. Now to figure out *why* this method no longer exists when called from OnSpecUpdated...
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3e1e533b08a069e8efa6e34f48760ce665f4e5ee commit 3e1e533b08a069e8efa6e34f48760ce665f4e5ee Author: Tommy Martino <tmartino@chromium.org> Date: Wed Aug 02 14:25:21 2017 [WebPayments] Fixing segfault which occurs after spec update Bug: 749815 Change-Id: Ife1a72146c3f75020286fb588f5e78a12e8d747a Reviewed-on: https://chromium-review.googlesource.com/596412 Reviewed-by: Anthony Vallee-Dubois <anthonyvd@chromium.org> Commit-Queue: Tommy Martino <tmartino@chromium.org> Cr-Commit-Position: refs/heads/master@{#491366} [modify] https://crrev.com/3e1e533b08a069e8efa6e34f48760ce665f4e5ee/chrome/browser/ui/views/payments/payment_request_item_list.cc
,
Aug 2 2017
Marking as RBS since this is a crasher and a regression. Fix was submitted today; will verify in tomorrow's canary and request merge.
,
Aug 3 2017
Verified in today's Canary. Requesting merge to M61. This is a fix for a regression in M61, which causes a crash. The diff is one line.
,
Aug 3 2017
Approving merge to M61 Chrome OS.
,
Aug 7 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/724141836b2eff662e69b8840fb958c7e299d825 commit 724141836b2eff662e69b8840fb958c7e299d825 Author: Tommy Martino <tmartino@chromium.org> Date: Tue Aug 08 16:05:18 2017 [WebPayments] Fixing segfault which occurs after spec update TBR=tmartino@chromium.org (cherry picked from commit 3e1e533b08a069e8efa6e34f48760ce665f4e5ee) Bug: 749815 Change-Id: Ife1a72146c3f75020286fb588f5e78a12e8d747a Reviewed-on: https://chromium-review.googlesource.com/596412 Reviewed-by: Anthony Vallee-Dubois <anthonyvd@chromium.org> Commit-Queue: Tommy Martino <tmartino@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#491366} Reviewed-on: https://chromium-review.googlesource.com/605971 Reviewed-by: Tommy Martino <tmartino@chromium.org> Cr-Commit-Position: refs/branch-heads/3163@{#380} Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528} [modify] https://crrev.com/724141836b2eff662e69b8840fb958c7e299d825/chrome/browser/ui/views/payments/payment_request_item_list.cc
,
Aug 9 2017
Tested the issue #61 .0.3163.39 on Mac 10.12.6 and did not observe any Segfault (Crash) by following the steps mentioned in comment #0. Please find the screenshot. @tmartino: Could you please confirm the behavior. Thanks!!
,
Aug 9 2017
Correction ========== Tested the issue using #61.0.3163.39 on Mac 10.12.6.
,
Aug 9 2017
Per request, I've just verified that the issue does not occur in the upcoming Mac Beta 61.0.3163.39. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by rouslan@chromium.org
, Jul 27 2017Status: Assigned (was: Untriaged)