Issue metadata
Sign in to add a comment
|
passwort_autofill_agent: potential leak in browser_test in filling? |
||||||||||||||||||||
Issue description
There is a potential leak in either in browser_test helpers or in our password_autofill_agent. It happens if SimulateElementClick(<any>) is followed by any filling function.
Functions other than filling were not yet tested.
Example test:
TEST_F(PasswordAutofillAgentTest, CauseALeak) {
SimulateElementClick(username_element_); // SetFocused(_) would work.
SimulateOnFillPasswordForm(fill_data_);
// Other filling functions work as well, e.g.:
// password_autofill_agent_->FillIntoFocusedField(_, _);
}
What will leak:
../../content/public/test/render_view_test.cc:395 to :404:
result->number_of_live_documents --> 0 != 1
result->number_of_live_nodes --> 0 != 22
result->number_of_live_pausable_objects --> 0 != 1
result->number_of_live_frames --> 0 != 1
result->number_of_live_resource_fetchers --> 0 != 1
What logs will look like:
(from https://logs.chromium.org/v/?s=chromium%2Fbuildbucket%2Fcr-buildbucket.appspot.com%2F8943083515827599008%2F%2B%2Fsteps%2Fbrowser_tests__with_patch_%2F0%2Flogs%2FPasswordAutofillAgentTest.FillIntoFocusedFieldOnWritableTextFields%2F0)
[ RUN ] PasswordAutofillAgentTest.FillIntoFocusedFieldOnWritableTextFields
../../content/public/test/render_view_test.cc:395: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_documents
Which is: 1
<< Stacktrace leading to ../../content/public/test/render_view_test.cc >>
../../content/public/test/render_view_test.cc:396: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_nodes
Which is: 22
<< Stacktrace leading to ../../content/public/test/render_view_test.cc >>
../../content/public/test/render_view_test.cc:399: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_pausable_objects
Which is: 1
<< Stacktrace leading to ../../content/public/test/render_view_test.cc >>
../../content/public/test/render_view_test.cc:401: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_frames
Which is: 1
<< Stacktrace leading to ../../content/public/test/render_view_test.cc >>
../../content/public/test/render_view_test.cc:404: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_resource_fetchers
Which is: 1
<< Stacktrace leading to ../../content/public/test/render_view_test.cc >>
[ FAILED ] PasswordAutofillAgentTest.FillIntoFocusedFieldOnWritableTextFields (1267 ms)
Test configuration:
gn args:
is_asan = true
is_lsan = true
enable_nacl = false
is_debug = fals
Call this to ensure leak checker is running:
ASAN_OPTIONS="detect_leaks=1 symbolize=1 external_symbolizer_path=$SRC/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer" \
./out/asan/browser_tests --gtest_filter=PasswordAutofillAgentTest.* --no-sandbox 2>&1 | tools/valgrind/asan/asan_symbolize.py
,
Oct 11
Logs:
[ RUN ] PasswordAutofillAgentTest.FillIntoFocusedWritableTextField
../../content/public/test/render_view_test.cc:402: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_documents
Which is: 1
<< Stack trace >>
../../content/public/test/render_view_test.cc:403: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_nodes
Which is: 22
<< Stack trace >>
../../content/public/test/render_view_test.cc:406: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_pausable_objects
Which is: 1
<< Stack trace >>
../../content/public/test/render_view_test.cc:408: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_frames
Which is: 1
<< Stack trace >>
../../content/public/test/render_view_test.cc:411: Failure
Expected equality of these values:
0u
Which is: 0
result->number_of_live_resource_fetchers
Which is: 1
<< Stack trace >>
[ FAILED ] PasswordAutofillAgentTest.FillIntoFocusedWritableTextField (1495 ms)
,
Dec 18
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c7e76040b198adbb7f3644ad3f1a27e043e84442 commit c7e76040b198adbb7f3644ad3f1a27e043e84442 Author: Vaclav Brozek <vabr@chromium.org> Date: Tue Dec 18 17:38:39 2018 Mark disabled PasswordAutofillAgentTests properly Six of those tests fail because of leaks, as described in the associated bug. However, the current comments (except for one) don't provide enough context, so this CL is adding TODOs annotated with the bug. Bug: 855383 Change-Id: I64e14aa902529a289a36c210990190e7fac9ae3b Reviewed-on: https://chromium-review.googlesource.com/c/1380674 Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Vaclav Brozek <vabr@chromium.org> Cr-Commit-Position: refs/heads/master@{#617551} [modify] https://crrev.com/c7e76040b198adbb7f3644ad3f1a27e043e84442/chrome/renderer/autofill/password_autofill_agent_browsertest.cc
,
Dec 19
Did you rerun these tests? They did not report any leaks for me.
,
Dec 19
Did you use the ASAN setup?
,
Dec 19
I enabled is_asan but missed the full instructions. With those I am able to reproduce this.
,
Dec 19
My current status is that the culprit seems to be the SpellCheckProvider. If I remove new SpellCheckProvider(render_frame, spellcheck_.get(), this); from chrome_content_renderer_client.cc the leak goes away.
,
Dec 19
Blink>Editing>Spellchecking team, could you please help with this issue? The reproduction steps are: gn args: is_asan = true is_lsan = true enable_nacl = false is_debug = fals ASAN_OPTIONS="detect_odr_violation=0 detect_leaks=1 symbolize=1 external_symbolizer_path=`pwd`/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer" ./out/my_build/browser_tests --gtest_also_run_disabled_tests --gtest_filter='PasswordAutofillAgentTest.DISABLED_AutocompleteForPrefilledUsernameValue' --no-sandbox 2>&1 | tools/valgrind/asan/asan_symbolize.py Observe a number of leaks as described in the first comment. Then change SpellChecker::IsSpellCheckingEnabled() in third_party/blink/renderer/core/editing/spellcheck/spell_checker.cc to always return false. Observe that the leaks are gone.
,
Dec 30
(Thanks, Dominic, for further investigating and routing this to appropriate owners. Removing myself for now, as the initial question from #4 has been resolved outside of this bugreport, but happy to be added back for follow-up questions.)
,
Jan 8
The NextAction date has arrived: 2019-01-08
,
Jan 19
(4 days ago)
Sorry I somehow didn't notice this bug earlier... There's an unfinished SpellCheckRequest holding a reference to the document and causing the leak. Investigating why it's not cleared at test tear down.
,
Today
(12 hours ago)
I see. Timeline: 1. Test page is setup 2. Operations on text fields trigger spellchecker, which stores references to Blink elements in SpellCheckProvider (which is out of Blink) 3. Test finishes and runs RenderViewTest::TearDown() 4. RenderViewTest::TearDown() shuts down and clears all pages 5. RenderViewTest::TearDown() calls BlinkLeakDetector::PerformLeakDetection() 5.1 BlinkLeakDetector::PerformLeakDetection() tries to go through all pages and all frames to release resources and prepare for leak detection 5.2 BlinkLeakDetector::PerformLeakDetection() performs actual leak detection The issue is that, the page is already cleared in step 4 (while the stored references in SpellCheckProvider remain there). So in step 5.1, it fails to get a reference to the page, and therefore, fails to call SpellChecker::PrepareForLeakDetection() to clear the stored references . So a leak is detected. To fix the leak, we need to clear all stored spellcheck requests when a document is shut down. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ioanap@chromium.org
, Oct 11