New issue
Advanced search Search tips

Issue 827286 link

Starred by 2 users
Status: Duplicate
Merged: issue 838616
Owner:
sahel@chromium.org
Closed: May 2018
Cc:
dtapu...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Gesture fling causes browser to crash

Project Member Reported by xidac...@chromium.org, Mar 29 2018 
Chrome Version: (copy from chrome://version) ToT
OS: (e.g. Win7, OSX 10.9.5, etc...) Android

What steps will reproduce the problem?
(1) Open this page: http://output.jsbin.com/yodibuy, either with a real android device or using devtool emulator to emulate an android device
(2) Do a fling left gesture on the blue rect, now do fling down on the blue rect
(3) Browser crashes.

What is the expected result?
Browser should not crash.

What happens instead?
Browser crashes. I put fprintf in the TouchAction::FilterGestureEvent to check the event type, it seems that when we fling left, there is no ScrollEnd gesture event after the FlingStart event, which is probably causing the problem.

Comment 1 by sahel@chromium.org, Mar 29 2018 

Could you please send the trace as well? Is it a DCHECK hit or a crash?

Comment 2 by xidac...@chromium.org, Mar 29 2018 

26606:26606:0329/152611.554863:FATAL:render_widget_host_impl.cc(1209)] Check failed: !is_in_gesture_scroll_[gesture_event.SourceDevice()] || FlingCancellationIsDeferred(). 
#0 0x7fa95bcc941c base::debug::StackTrace::StackTrace()
#1 0x7fa95bcf372b logging::LogMessage::~LogMessage()
#2 0x7fa9595982d3 content::RenderWidgetHostImpl::ForwardGestureEventWithLatencyInfo()
#3 0x7fa9595981b1 content::RenderWidgetHostImpl::ForwardGestureEvent()
#4 0x7fa95951159a content::TouchEmulator::OnGestureEvent()
#5 0x7fa94dc8eae2 ui::TouchDispositionGestureFilter::SendGesture()
#6 0x7fa94dc8d472 ui::TouchDispositionGestureFilter::FilterAndSendPacket()
#7 0x7fa94dc8e001 ui::TouchDispositionGestureFilter::SendAckedEvents()
#8 0x7fa94dc8db2d ui::TouchDispositionGestureFilter::OnTouchEventAck()
#9 0x7fa959511373 content::TouchEmulator::HandleTouchEventAck()
#10 0x7fa95959cd7e content::RenderWidgetHostImpl::OnTouchEventAck()
#11 0x7fa9594fb1c1 content::InputRouterImpl::OnTouchEventAck()
#12 0x7fa9595053ae content::PassthroughTouchEventQueue::AckCompletedEvents()
#13 0x7fa959505a55 content::PassthroughTouchEventQueue::ProcessTouchAck()
#14 0x7fa9594faf8a content::InputRouterImpl::TouchEventHandled()

Comment 3 by sahel@chromium.org, May 17 2018

Mergedinto: 838616
Status: Duplicate (was: Assigned)

Sign in to add a comment