Issue metadata
Sign in to add a comment
|
App crashes on performing voice search in incognito tab |
||||||||||||||||||||||
Issue descriptionApp Version: 62.0.3202.23 iOS Version: 9.3.5, 10.3.3, 11.0 Device: iPad only Steps to reproduce: 1. Launch chrome and open incognito tab 2. Search with any keyword 3. Open another incognito tab 4. Tap on mic icon 5. Give any voice query Observed results: The app crashes Note 1: If the app doesn’t crash, repeat step 2 to 5 again the app will crash Note 2: The same crash is also noticed some times in first incognito tab itself Expected results: The app shouldn’t crash Number of times you were able to reproduce: 4/5 Bug reproducible after clean install: Yes Bug reproducible after clearing cache and cookies: Yes Bug reproducible on Chrome Mobile on Android: Not tested Bug reproducible on Safari/Firefox: Firefox: NA, Safari: NA Bug reproducible on current stable build (App Version, iOS Version): No on m61 Bug reproducible on the current beta channel build (App Version, iOS Version): yes on M62 Link to video/image: https://drive.google.com/a/google.com/file/d/0B8Cek8RsDbF8R1IyMVdGbWRTNGM/view?usp=sharing Crash log: https://crash.corp.google.com/browse?stbtiq=18c4328bf6e45c9f&sql_dialect=googlesql Stack Trace: Thread 0 (id: 1027) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] MAGIC SIGNATURE THREAD Stack Quality80%Show frame trust levels 0x0020a82c (Chrome -web_toolbar_controller.mm:710 ) -[WebToolbarController updateToolbarState] 0x0020a82b (Chrome -web_toolbar_controller.mm:709 ) -[WebToolbarController updateToolbarState] 0x0021071b (Chrome -web_toolbar_controller.mm:1755 ) -[WebToolbarController updateIsTTSPlaying:] 0x1ce4fdb7 (CoreFoundation + 0x000a6db7 ) __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ 0x1ce4f6f7 (CoreFoundation + 0x000a66f7 ) _CFXRegistrationPost 0x1ce4f4df (CoreFoundation + 0x000a64df ) ___CFXNotificationPost_block_invoke 0x1ceaa307 (CoreFoundation + 0x00101307 ) -[_CFXNotificationRegistrar find:object:observer:enumerator:] 0x1cdb30f3 (CoreFoundation + 0x0000a0f3 ) _CFXNotificationPost 0x1d7000eb (Foundation + 0x000060eb ) -[NSNotificationCenter postNotificationName:object:userInfo:] 0x1d704b69 (Foundation + 0x0000ab69 ) -[NSNotificationCenter postNotificationName:object:] 0x00382d43 (Chrome -text_to_speech_player.mm:89 ) -[TextToSpeechPlayer beginPlayback] 0x00210591 (Chrome -web_toolbar_controller.mm:1739 ) -[WebToolbarController audioReadyForPlayback:] 0x1ce4fdb7 (CoreFoundation + 0x000a6db7 ) __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ 0x1ce4f6f7 (CoreFoundation + 0x000a66f7 ) _CFXRegistrationPost 0x1ce4f4df (CoreFoundation + 0x000a64df ) ___CFXNotificationPost_block_invoke 0x1ceaa307 (CoreFoundation + 0x00101307 ) -[_CFXNotificationRegistrar find:object:observer:enumerator:] 0x1cdb30f3 (CoreFoundation + 0x0000a0f3 ) _CFXNotificationPost 0x1d7000eb (Foundation + 0x000060eb ) -[NSNotificationCenter postNotificationName:object:userInfo:] 0x1d704b69 (Foundation + 0x0000ab69 ) -[NSNotificationCenter postNotificationName:object:] 0x00382a8d (Chrome -text_to_speech_player.mm:73 ) -[TextToSpeechPlayer prepareToPlayAudioData:] 0x006c072d (Chrome -voice_search_controller_impl.mm:337 ) VoiceSearchControllerImpl::ReceiveTextToSpeechAudioData(NSData*) 0x006c06a9 (Chrome -voice_search_controller_impl.mm:139 ) -[TextToSpeechListenerMediator textToSpeechListener:didReceiveResult:] 0x003f7c77 (Chrome -text_to_speech_listener.mm:72 ) ___ZN28TextToSpeechWebStateObserver10PageLoadedEN3web24PageLoadCompletionStatusE_block_invoke 0x003f84b9 (Chrome -text_to_speech_parser.mm:111 ) ___Z39ExtractVoiceSearchAudioDataFromWebStatePN3web8WebStateEU13block_pointerFvP6NSDataE_block_invoke 0x25390e5d (WebKit + 0x0022be5d ) std::__1::__function::__func<-[WKWebView evaluateJavaScript:completionHandler:]::$_0, std::__1::allocator<-[WKWebView evaluateJavaScript:completionHandler:]::$_0>, void (API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&, WebKit::CallbackBase::Error)>::operator()(API::SerializedScriptValue*&&, bool&&, WebCore::ExceptionDetails const&, WebKit::CallbackBase::Error&&) 0x252b6b2f (WebKit + 0x00151b2f ) WebKit::GenericCallback<API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&>::performCallbackWithReturnValue(API::SerializedScriptValue*, bool, WebCore::ExceptionDetails const&) 0x252b6a75 (WebKit + 0x00151a75 ) WebKit::WebPageProxy::scriptValueCallback(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, unsigned long long) 0x252cfe5f (WebKit + 0x0016ae5f ) void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, unsigned long long), std::__1::tuple<IPC::DataReference, bool, WebCore::ExceptionDetails, unsigned long long>, 0ul, 1ul, 2ul, 3ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, unsigned long long), std::__1::tuple<IPC::DataReference, bool, WebCore::ExceptionDetails, unsigned long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul>) 0x252cb575 (WebKit + 0x00166575 ) void IPC::handleMessage<Messages::WebPageProxy::ScriptValueCallback, WebKit::WebPage 0x252cb575 (WebKit + 0x00166575 ) void IPC::handleMessage<Messages::WebPageProxy::ScriptValueCallback, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, unsigned long long)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::DataReference const&, bool, WebCore::ExceptionDetails const&, unsigned long long)) 0x251b4079 (WebKit + 0x0004f079 ) IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 0x25306b3f (WebKit + 0x001a1b3f ) WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 0x2518752b (WebKit + 0x0002252b ) IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 0x2518951f (WebKit + 0x0002451f ) IPC::Connection::dispatchOneMessage() 0x20d06c59 (JavaScriptCore + 0x004f9c59 ) WTF::RunLoop::performWork() 0x20d06e0d (JavaScriptCore + 0x004f9e0d ) WTF::RunLoop::performWork(void*) 0x1ce5ffdb (CoreFoundation + 0x000b6fdb ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x1ce5faa3 (CoreFoundation + 0x000b6aa3 ) __CFRunLoopDoSources0 0x1ce5df4f (CoreFoundation + 0x000b4f4f ) __CFRunLoopRun 0x1cdb11ad (CoreFoundation + 0x000081ad ) CFRunLoopRunSpecific 0x1cdb0fcf (CoreFoundation + 0x00007fcf ) CFRunLoopRunInMode 0x1e55bb3f (GraphicsServices + 0x00009b3f ) GSEventRunModal 0x22133a51 (UIKit + 0x00072a51 ) UIApplicationMain 0x00014ffb (Chrome -chrome_exe_main.mm:51 ) main
,
Sep 21 2017
,
Sep 21 2017
I can reproduce this sporadically; here are some things I've discovered so far. I'm still trying to figure out how this occurs, however. - WebToolbarController's |-updateToolbarState|asks for the toolbar model from its delegate and immediately dereferences it afterward. It is null, which causes this crash. - When reproducing this, I checked and this is occurring because the delegate is nil, not because a non-nil delegate returns a nullptr. - The WebToolbarController's delegate is set at initialization and DCHECK'd that it is non-nil. - The delegate is unset from BVC's |-shutDown|,and DCHECKs ensure that this occurs before deallocation. - I overrode WebToolbarController's |-setDelegate:| and verified that it is not called before this crash occurs.
,
Sep 21 2017
,
Sep 22 2017
,
Sep 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fbd8715682cab88a66acf8f7c72bc482a628116a commit fbd8715682cab88a66acf8f7c72bc482a628116a Author: Kurt Horimoto <kkhorimoto@chromium.org> Date: Mon Sep 25 15:46:13 2017 [iOS] Stop listening to TTS notifications when the delegate is reset. Text-To-Speech functionality requires a delegate, so the toolbar should stop observing NSNotificationCenter when it's reset. Bug: 766496 Change-Id: Iab91b68431562556569112be0539d1d43cc3b49d Reviewed-on: https://chromium-review.googlesource.com/678507 Reviewed-by: Rohit Rao (ping after 24h) <rohitrao@chromium.org> Reviewed-by: Kurt Horimoto <kkhorimoto@chromium.org> Commit-Queue: Kurt Horimoto <kkhorimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#504067} [modify] https://crrev.com/fbd8715682cab88a66acf8f7c72bc482a628116a/ios/chrome/browser/ui/toolbar/web_toolbar_controller.mm
,
Sep 25 2017
,
Sep 25 2017
This bug requires manual review: Less than 18 days to go before AppStore submit on M62 Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 27 2017
Verified for the fix in Build - 63.0.3225.0 Canary- iPad mini iOS 11, iPhone 6 iOS 11 , iPad iOS 9.3.5, iPad, iOS 10.3.3 The issue “App crashes on performing voice search in incognito tab” no longer appears in Build
,
Sep 27 2017
,
Oct 2 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/40db61ae8574d87ecaa1d3fb228d15910854d64d commit 40db61ae8574d87ecaa1d3fb228d15910854d64d Author: Kurt Horimoto <kkhorimoto@chromium.org> Date: Mon Oct 02 20:24:11 2017 [iOS] Stop listening to TTS notifications when the delegate is reset. Text-To-Speech functionality requires a delegate, so the toolbar should stop observing NSNotificationCenter when it's reset. TBR=kkhorimoto@chromium.org (cherry picked from commit fbd8715682cab88a66acf8f7c72bc482a628116a) Bug: 766496 Change-Id: Iab91b68431562556569112be0539d1d43cc3b49d Reviewed-on: https://chromium-review.googlesource.com/678507 Reviewed-by: Rohit Rao (ping after 24h) <rohitrao@chromium.org> Reviewed-by: Kurt Horimoto <kkhorimoto@chromium.org> Commit-Queue: Kurt Horimoto <kkhorimoto@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#504067} Reviewed-on: https://chromium-review.googlesource.com/696122 Cr-Commit-Position: refs/branch-heads/3202@{#547} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/40db61ae8574d87ecaa1d3fb228d15910854d64d/ios/chrome/browser/ui/toolbar/web_toolbar_controller.mm
,
Oct 4 2017
Verified on: App Version: 62.0.3202.45 Devices: iPad Pro, iPad Air, iPhone 6 Plus iOS Versions: 9.3.5, 11.0 No crashes seen. Voice search works fine in Incognito tab. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by linds...@chromium.org
, Sep 20 2017Owner: kkhorimoto@chromium.org
Status: Assigned (was: Untriaged)