omnibox autocomplete sometimes crashes on backspace |
|||
Issue descriptionChrome Version: 62 OS: Android What steps will reproduce the problem? (0) Make sure that SpannableInlineAutocomplete flag is turned on. (1) Go to omnibox. (2) Type 'google.com' and submit it. (3) Go back to omnibox. (4) Type 'g' and check that inline autocomplete 'oogle.com' shows up. (5) Press backspace to delete the autocomplete text. What is the expected result? Autocomplete gets deleted. What happens instead? Chrome crashes Please use labels and text to provide additional information. For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report.
,
Aug 25 2017
Ok, after more investigation, I found that this is the right code flow that leads to a crash:
g[o]
beginBatchEdit
sendKeyEvent(BACKSPACE)
delete āoā
sendKeyEvent(BACKSPACE)
dispatchKeyEvent()
beginBatchEdit
onBeginImeCommand
onEndImeCommand
restoreBackspacedText
mDelete = o
super.dispatchKeyEvent() - deletes āgā
none left
endBatchEdit
onBeginImeCommand
delete o --> crash
onEndImeCommand
endBatchEdit
The hidden assumption of https://chromium-review.googlesource.com/c/606047 was that onEndImeCommand will be immediately followed by a call to onBeginImeCommand.
However, in the case of dispatchKeyEvent(), super.dispatchKeyEvent() is called outside onBeginImeCommand-onEndImeCommand scope.
I think we should keep this assumption and allow beginBatchEdit() and endBatchEdit() to be called only by outside our inputconnection.
,
Aug 28 2017
This issue is marked as a release blocker with no milestone associated. Please add an appropriate milestone. All release blocking issues should have milestones associated to it, so that the issue can tracked and the fixes can be pushed promptly. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 28 2017
,
Aug 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c5cb5942be1b00b0997a4911f780d625e7c7e538 commit c5cb5942be1b00b0997a4911f780d625e7c7e538 Author: Changwan Ryu <changwan@chromium.org> Date: Tue Aug 29 23:55:15 2017 Fix a crash in dispatchKeyEvent() In dispatchKeyEvent(), we call beginBatchEdit() super.dispatchKeyEvent() endBatchEdit() and from https://chromium-review.googlesource.com/c/606047, we restore the diff in onEndImeCommand() and then delete it in the following onBeginImeCommand(). Because of the behavior above, the following sequence may lead to a crash: beginBatchEdit() dispatchKeyEvent(BACKSPACE) dispatchKeyEvent(BACKSPACE) endBatchEdit() as the second call to super.dispatchKeyEvent() deletes the text and onBeginImeCommand() from endBatchEdit() immediately after it also tries to delete more text. The fix should be simply to ensure that super.dispatchKeyEvent() is called between onBeginImeCommand() and onEndImeCommand(). Also adds missing InputConnection methods to ensure that each IME operation calls onBeginImeCommand / onEndImeCommand to avoid a potential crash. Unfortunately, we cannot add a robolectric test as ShadowKeyCharacterMap does not support KEYCODE_DEL. BUG= 758730 add logs Change-Id: I19d19f7da1d94a9b3e0955ed38e38dd45ad4f76d Reviewed-on: https://chromium-review.googlesource.com/634644 Commit-Queue: Changwan Ryu <changwan@chromium.org> Reviewed-by: Alexandre Elias <aelias@chromium.org> Reviewed-by: Ted Choc <tedchoc@chromium.org> Cr-Commit-Position: refs/heads/master@{#498290} [modify] https://crrev.com/c5cb5942be1b00b0997a4911f780d625e7c7e538/chrome/android/java/src/org/chromium/chrome/browser/omnibox/SpannableAutocompleteEditTextModel.java
,
Aug 30 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by changwan@chromium.org
, Aug 24 2017This is the code flow that leads to a crash: g[o] dispatchKeyEvent(BACKSPACE) beginBatchEdit onBeginImeCommand onEndImeCommand restoreBackspacedText mDelete = o super.dispatchKeyEvent() no text left endBatchEdit onBeginImeCommand delete o --> crashes This is introduced by https://chromium-review.googlesource.com/c/606047 .