New issue
Advanced search Search tips

Issue 823305 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Components:
EstimatedDays: ----
NextAction: 2018-03-25
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

CHECK failure: cursor_position_ <= text.length() || cursor_position_ == base::string16::npos. T

Project Member Reported by ClusterFuzz, Mar 19 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5281762859810816

Fuzzer: ifratric_pdf_generic
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  cursor_position_ <= text.length() || cursor_position_ == base::string16::npos. T
  AutocompleteInput::Init
  AutocompleteInput::AutocompleteInput
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=523893:523905

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5281762859810816

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Mar 19 2018

Components: UI>Browser>Omnibox
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Labels: -Pri-1 Pri-3
Status: Available (was: Untriaged)
A few pieces of the puzzle from the stack trace below:
- The text is 'about:blank'.
- The cursor position, which should be less than the length of that text, is 82.
- The code path that triggers this check is through OmniboxEditModel::OnUpOrDownKeyPressed.

I'll take a closer look at this tomorrow.

[3699:3699:0319/032604.417626:FATAL:autocomplete_input.cc(130)] Check failed: cursor_position_ <= text.length() || cursor_position_ == base::string16::npos. Text: 'about:blank', cp:82
#0 0x563be807bd31 in __interceptor_backtrace third_party/llvm/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:3980:13
#1 0x7f2b9edb072f in base::debug::StackTrace::StackTrace(unsigned long) base/debug/stack_trace_posix.cc:808:41
#2 0x7f2b9eda9b83 in base::debug::StackTrace::StackTrace() base/debug/stack_trace.cc:199:28
#3 0x7f2b9ef5d4f7 in logging::LogMessage::~LogMessage() base/logging.cc:594:29
 #4 0x563bfac1d400 in AutocompleteInput::Init(std::__1::basic_string<unsigned short, base::string16_internals::string16_char_traits, std::__1::allocator<unsigned short> > const&, AutocompleteSchemeClassifier const&) components/omnibox/browser/autocomplete_input.cc:129:3
 #5 0x563bfac1ea2a in AutocompleteInput::AutocompleteInput(std::__1::basic_string<unsigned short, base::string16_internals::string16_char_traits, std::__1::allocator<unsigned short> > const&, unsigned long, metrics::OmniboxEventProto_PageClassification, AutocompleteSchemeClassifier const&) components/omnibox/browser/autocomplete_input.cc:106:3
#6 0x563bfbc1c03d in OmniboxEditModel::StartAutocomplete(bool, bool) components/omnibox/browser/omnibox_edit_model.cc:442:12
#7 0x563bfbc1a452 in OmniboxEditModel::UpdateInput(bool, bool) components/omnibox/browser/omnibox_edit_model.cc:388:3
#8 0x563bfce1040a in OmniboxViewViews::UpdatePopup() chrome/browser/ui/views/omnibox/omnibox_view_views.cc:460:12
#9 0x563bfbc2d452 in OmniboxEditModel::OnUpOrDownKeyPressed(int) components/omnibox/browser/omnibox_edit_model.cc:1055:12
#10 0x563bfce1c689 in OmniboxViewViews::ExecuteTextEditCommand(ui::TextEditCommand) chrome/browser/ui/views/omnibox/omnibox_view_views.cc:1033:16
#11 0x563bfce1cf18 in OmniboxViewViews::HandleKeyEvent(views::Textfield*, ui::KeyEvent const&) chrome/browser/ui/views/omnibox/omnibox_view_views.cc:1112:9
#12 0x7f2b6bf3bb3b in views::Textfield::OnKeyPressed(ui::KeyEvent const&) ui/views/controls/textfield/textfield.cc:713:46
NextAction: 2018-03-25
The NextAction date has arrived: 2018-03-25
Project Member

Comment 5 by ClusterFuzz, Mar 27 2018

ClusterFuzz has detected this issue as fixed in range 546054:546055.

Detailed report: https://clusterfuzz.com/testcase?key=5281762859810816

Fuzzer: ifratric_pdf_generic
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  cursor_position_ <= text.length() || cursor_position_ == base::string16::npos. T
  AutocompleteInput::Init
  AutocompleteInput::AutocompleteInput
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=523893:523905
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=546054:546055

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5281762859810816

Additional requirements: Requires Gestures

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Mar 27 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 5281762859810816 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment