New issue
Advanced search Search tips

Issue 758687 link

Starred by 1 user
Status: Fixed
Owner:
wjmaclean@chromium.org
Closed: Sep 2017
Cc:
tommycli@chromium.org
thestig@chromium.org
dtapu...@chromium.org
mcnee@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Gesture tap within plugin placeholders causes a crash.

Project Member Reported by amberwon@google.com, Aug 24 2017 
A gesture tap causes a crash within WebViewPlugin. The tap is converted to a series of mouse events. They are passed to EventHandler, where the crash occurs at this DCHECK: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/input/EventHandler.cpp?l=832&rcl=4fa660ddcdc1744e5f4380c336df5c8e2226642c

When the DCHECK is commented out, along with the DCHECK in HandleMouseRelease event (https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/input/EventHandler.cpp?l=980&rcl=4fa660ddcdc1744e5f4380c336df5c8e2226642c), there no longer is a crash and taps work as expected.

Steps to reproduce on Android (on Chromium build with DCHECK's on): 
1. Open http://chrome-pdf-test.appspot.com/embed.html
2. Tap within the placeholder

On desktop:
1. Enable the setting in chrome://settings/content/pdfDocuments
2. Open http://chrome-pdf-test.appspot.com/embed.html
3. In chrome developer tools, switch on device mode.
4. Tap within the placeholder

The stack trace:
[1:1:0824/120403.145916:FATAL:EventHandler.cpp(832)] Check failed: !mouse_event.FromTouch(). 
#0 0x7f372e3ced5d base::debug::StackTrace::StackTrace()
#1 0x7f372e3cd12c base::debug::StackTrace::StackTrace()
#2 0x7f372e45d64a logging::LogMessage::~LogMessage()
#3 0x7f371d13fadf blink::EventHandler::HandleMouseMoveOrLeaveEvent()
#4 0x7f371d13f3f6 blink::EventHandler::HandleMouseMoveEvent()
#5 0x7f371d715307 blink::PageWidgetEventHandler::HandleMouseMove()
#6 0x7f371d715019 blink::PageWidgetDelegate::HandleInputEvent()
#7 0x7f371ccb8818 blink::WebViewImpl::HandleInputEvent()
#8 0x560aa9bad6a6 WebViewPlugin::HandleInputEvent()
#9 0x7f371cc95f42 blink::WebPluginContainerImpl::HandleMouseEvent()
#10 0x7f371cc95c74 blink::WebPluginContainerImpl::HandleEvent()
#11 0x7f371cf1144b blink::HTMLPlugInElement::DefaultEventHandler()
#12 0x7f371cbf798a blink::EventDispatcher::DispatchEventPostProcess()
#13 0x7f371cbf6389 blink::EventDispatcher::Dispatch()
#14 0x7f371cc21ba4 blink::MouseEventDispatchMediator::DispatchEvent()
#15 0x7f371cbf53ea blink::EventDispatcher::DispatchEvent()
#16 0x7f371c9b1284 blink::Node::DispatchEventInternal()
#17 0x7f371cc13d7c blink::EventTarget::DispatchEvent()
#18 0x7f371d151373 blink::MouseEventManager::DispatchMouseEvent()
#19 0x7f371d1514b2 blink::MouseEventManager::SetMousePositionAndDispatchMouseEvent()
#20 0x7f371d14cbfe blink::GestureManager::HandleGestureTap()
#21 0x7f371d14c844 blink::GestureManager::HandleGestureEventInFrame()
#22 0x7f371d1438df blink::EventHandler::HandleGestureEventInFrame()
#23 0x7f371d14316e blink::EventHandler::HandleGestureEvent()
#24 0x7f371ccb6888 blink::WebViewImpl::HandleGestureEvent()
#25 0x7f371d7151ba blink::PageWidgetDelegate::HandleInputEvent()
#26 0x7f371ccb8818 blink::WebViewImpl::HandleInputEvent()
#27 0x7f371cdf590c blink::WebViewFrameWidget::HandleInputEvent()
#28 0x7f3729193d67 content::RenderWidgetInputHandler::HandleInputEvent()
#29 0x7f37293337fb content::RenderWidget::HandleInputEvent()
#30 0x7f3729320b7b content::RenderViewImpl::HandleInputEvent()
#31 0x7f37291881ef content::MainThreadEventQueue::HandleEventOnMainThread()
#32 0x7f37291891ed content::QueuedWebInputEvent::Dispatch()
#33 0x7f37291877eb content::MainThreadEventQueue::DispatchEvents()
#34 0x7f372918e3ef _ZN4base8internal13FunctorTraitsIMN7content20MainThreadEventQueueEFvvEvE6InvokeIRK13scoped_refptrIS3_EJEEEvS5_OT_DpOT0_
#35 0x7f372918e364 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN7content20MainThreadEventQueueEFvvEJRK13scoped_refptrIS5_EEEEvOT_DpOT0_
#36 0x7f372918e310 _ZN4base8internal7InvokerINS0_9BindStateIMN7content20MainThreadEventQueueEFvvEJ13scoped_refptrIS4_EEEEFvvEE7RunImplIRKS6_RKNSt3__15tupleIJS8_EEEJLm0EEEEvOT_OT0_NSF_16integer_sequenceImJXspT1_EEEE
#37 0x7f372918e25c _ZN4base8internal7InvokerINS0_9BindStateIMN7content20MainThreadEventQueueEFvvEJ13scoped_refptrIS4_EEEEFvvEE3RunEPNS0_13BindStateBaseE
#38 0x7f372e37a1f1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#39 0x7f372e3d39a7 base::debug::TaskAnnotator::RunTask()
#40 0x7f371b38929a blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#41 0x7f371b38443a blink::scheduler::TaskQueueManager::DoWork()
#42 0x7f371b390bd7 _ZN4base8internal13FunctorTraitsIMN5blink9scheduler16TaskQueueManagerEFvbEvE6InvokeIRKNS_7WeakPtrIS4_EEJRKbEEEvS6_OT_DpOT0_
#43 0x7f371b390b35 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN5blink9scheduler16TaskQueueManagerEFvbERKNS_7WeakPtrIS6_EEJRKbEEEvOT_OT0_DpOT1_
#44 0x7f371b390aad _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE7RunImplIRKS7_RKNSt3__15tupleIJS9_bEEEJLm0ELm1EEEEvOT_OT0_NSG_16integer_sequenceImJXspT1_EEEE
#45 0x7f371b3909bc _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvbEJNS_7WeakPtrIS5_EEbEEEFvvEE3RunEPNS0_13BindStateBaseE
#46 0x7f372e37a1f1 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#47 0x7f372e3d39a7 base::debug::TaskAnnotator::RunTask()
#48 0x7f372e4888d3 base::MessageLoop::RunTask()
#49 0x7f372e488b57 base::MessageLoop::DeferOrRunPendingTask()
#50 0x7f372e489844 base::MessageLoop::DoWork()
#51 0x7f372e490238 base::MessagePumpDefault::Run()
#52 0x7f372e488094 base::MessageLoop::Run()
#53 0x7f372e53e8cd base::RunLoop::Run()
#54 0x7f37293612eb content::RendererMain()
#55 0x7f3729821ecc content::RunZygote()
#56 0x7f3729822b99 content::RunNamedProcessTypeMain()
#57 0x7f37298255ee content::ContentMainRunnerImpl::Run()
#58 0x7f37298201cd content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
#59 0x7f372ecce8f5 service_manager::Main()
#60 0x7f372982186f content::ContentMain()
#61 0x560aa447e7ae ChromeMain

Comment 1 by amberwon@google.com, Aug 24 2017

Description: Show this description

Comment 2 by dtapu...@chromium.org, Aug 25 2017

Cc: dtapu...@chromium.org
Components: Blink>Input
Labels: Hotlist-Input-Dev
Owner: wjmaclean@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by wjmaclean@chromium.org, Aug 25 2017

Cc: mcnee@chromium.org
I'm curious about the Android repro steps, because WebViewPlugin doesn't exist there (or at least, it shouldn't ... mcnee@ removed a lot of WebView related stuff from the Android build, but perhaps he can check to make sure WebViewPlugin was part of that?).

The desktop steps require DevTools, which last I looked create synthetic touch events in device mode, and then routes them directly to the RWHI without them properly going through RenderWidgetHostInputEventRouter. I'll check to see if that's still the case.

Comment 4 by amberwon@google.com, Aug 25 2017

Summary: Gesture tap within plugin placeholders causes a crash. (was: Gesture tap within WebViewPlugin causes a crash.)
The stack trace in the description is from desktop, so it's possible the crash doesn't concern WebViewPlugin on Android. Might be more accurate to say that the crash occurs in a plugin placeholder.

Comment 5 by tommycli@chromium.org, Aug 25 2017

Cc: thestig@chromium.org
+thestig

The WebViewPlugin indeed exists on Android. If you go to the link in the original report, it should display a NonLoadablePluginPlaceholder, which uses WebViewPlugin.

The WebViewPlugin needs to continue existing on Android, as we use it to display the placeholder when there are no plugins (and there are never any plugins on Android).

Tommy

Comment 6 by amberwon@google.com, Aug 25 2017

Description: Show this description

Comment 7 by mcnee@chromium.org, Aug 28 2017 

My change just removed components/guest_view/ from the android build. But to make sure, I reverted the change locally and we still hit the DCHECK.

Comment 8 by wjmaclean@chromium.org, Sep 6 2017

Labels: -Pri-3 Pri-1
Project Member

Comment 9 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1073b2811cb80e737a0c2c64daa9704dcdfb871b

commit 1073b2811cb80e737a0c2c64daa9704dcdfb871b
Author: W. James MacLean <wjmaclean@chromium.org>
Date: Thu Sep 07 13:46:27 2017

Remove !FromTouch() DCHECK in EventHandler::HandleMouseOrLeaveEvent().

Given that WebViewImpls can be nested inside plugin containers, it's
possible for this DCHECK to fail if the FromTouch flag was set by a
containing WebViewImpl/EventHandler. In such a case, the event really
should hit test again.

The safest solution seems to be just removing the DCHECK.

Bug:  758687 
Change-Id: Ic73ede33ef30ff249759958505da2e1b3c3cfa87
Reviewed-on: https://chromium-review.googlesource.com/653802
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: James MacLean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500291}
[modify] https://crrev.com/1073b2811cb80e737a0c2c64daa9704dcdfb871b/third_party/WebKit/Source/core/input/EventHandler.cpp

Comment 10 by wjmaclean@chromium.org, Sep 7 2017

Cc: tommycli@chromium.org
Status: Fixed (was: Assigned)

Sign in to add a comment