PDF XFA: Crash when typing letter in date field |
|||
Issue descriptionOn an XFA-enabled build: 1. Open https://www.canada.ca/content/dam/ircc/migration/ircc/english/pdf/kits/forms/imm5257e.pdf 2. Click the field "8. Previous Countries [...] From YYYY-MM-DD". 3. Type 'a'. 4. If not crashed, press Tab. Expected: either 'a' appears or validation prevents that. Actual: Crash with stack: Received signal 4 ILL_ILLOPN 559fad36ddb6 #0 0x7f303c1c944d base::debug::StackTrace::StackTrace() #1 0x7f303bf0f36c base::debug::StackTrace::StackTrace() #2 0x7f303c1c8ea4 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f301cde20c0 <unknown> #4 0x559fad36ddb6 base::internal::CheckOnFailure::HandleFailure<>() #5 0x559fb3ed1ddd pdfium::base::internal::CheckedNumeric<>::ValueOrDie<>() #6 0x559fb3f44e00 fxcrt::StringDataTemplate<>::Create() #7 0x559fb3f44f79 fxcrt::StringDataTemplate<>::Create() #8 0x559fb3f41d85 fxcrt::WideString::Concat() #9 0x559fb3f41faf fxcrt::WideString::operator+=() #10 0x559fb454b1ab CFDE_TextEditEngine::GetSelectedText() #11 0x559fb451a142 CFWL_Edit::Copy() #12 0x559fb458cdb1 CXFA_FFTextEdit::Copy() #13 0x559fb466b6a5 CXFA_FFWidgetHandler::GetSelectedText() #14 0x559fb3f2b0ca CPDFSDK_XFAWidgetHandler::GetSelectedText() #15 0x559fb3eeed84 CPDFSDK_AnnotHandlerMgr::Annot_GetSelectedText() #16 0x559fb3ee57b3 CPDFSDK_PageView::GetSelectedText() #17 0x559fb3ee22fe FORM_GetSelectedText #18 0x559fb3e79085 chrome_pdf::PDFiumEngine::SetFormSelectedText() #19 0x559fb3e77edb chrome_pdf::PDFiumEngine::OnKeyUp() #20 0x559fb3e75fb6 chrome_pdf::PDFiumEngine::HandleEvent() #21 0x559fb3e4ca57 chrome_pdf::OutOfProcessInstance::HandleInputEvent() #22 0x559fae7f967f pp::InputEvent_HandleEvent() #23 0x7f302922461f ppapi::CallWhileUnlocked<>() #24 0x7f3029223acb ppapi::proxy::PPP_InputEvent_Proxy::OnMsgHandleFilteredInputEvent() #25 0x7f302922486b _ZN4base20DispatchToMethodImplIPN5ppapi5proxy20PPP_InputEvent_ProxyEMS3_FviRKNS1_14InputEventDataEP7PP_BoolENSt3__15tupleIJiS5_EEENSD_IJS8_EEEJLm0ELm1EEJLm0EEEEvRKT_T0_OT1_PT2_NSC_16integer_sequenceImJXspT3_EEEENSO_ImJXspT4_EEEE #26 0x7f302922475b _ZN4base16DispatchToMethodIPN5ppapi5proxy20PPP_InputEvent_ProxyEMS3_FviRKNS1_14InputEventDataEP7PP_BoolENSt3__15tupleIJiS5_EEENSD_IJS8_EEEEEvRKT_T0_OT1_PT2_ #27 0x7f3029224535 _ZN3IPC8MessageTI52PpapiMsg_PPPInputEvent_HandleFilteredInputEvent_MetaNSt3__15tupleIJiN5ppapi14InputEventDataEEEENS3_IJ7PP_BoolEEEE8DispatchINS4_5proxy20PPP_InputEvent_ProxyESC_vMSC_FviRKS5_PS7_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #28 0x7f302922396b ppapi::proxy::PPP_InputEvent_Proxy::OnMessageReceived() #29 0x7f302917bb51 ppapi::proxy::Dispatcher::OnMessageReceived() #30 0x7f30291ca7e9 ppapi::proxy::PluginDispatcher::OnMessageReceived() #31 0x7f303a0ba1f5 IPC::ChannelProxy::Context::OnDispatchMessage() #32 0x7f303a0c034f _ZN4base8internal13FunctorTraitsIMN3IPC12ChannelProxy7ContextEFvRKNS2_7MessageEEvE6InvokeIS9_RK13scoped_refptrIS4_EJS7_EEEvT_OT0_DpOT1_ #33 0x7f303a0c02af _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12ChannelProxy7ContextEFvRKNS4_7MessageEEJRK13scoped_refptrIS6_ES9_EEEvOT_DpOT0_ #34 0x7f303a0c023d _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE7RunImplIRKSA_RKNSt3__15tupleIJSC_S6_EEEJLm0ELm1EEEEvOT_OT0_NSJ_16integer_sequenceImJXspT1_EEEE #35 0x7f303a0c014c _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #36 0x7f303bebe54e _ZNO4base12OnceCallbackIFvvEE3RunEv #37 0x7f303bf10832 base::debug::TaskAnnotator::RunTask() #38 0x7f303bf9da89 base::internal::IncomingTaskQueue::RunTask() #39 0x7f303bfa7877 base::MessageLoop::RunTask() #40 0x7f303bfa7ae8 base::MessageLoop::DeferOrRunPendingTask() #41 0x7f303bfa7e19 base::MessageLoop::DoWork() #42 0x7f303bfab147 base::MessagePumpDefault::Run() #43 0x7f303bfa706b base::MessageLoop::Run() #44 0x7f303c0530cd base::RunLoop::Run() #45 0x7f30345246d6 content::PpapiPluginMain() #46 0x7f30376717d4 content::RunZygote() #47 0x7f3037674769 content::RunOtherNamedProcessTypeMain() #48 0x7f3037676937 content::ContentMainRunnerImpl::Run() #49 0x7f303766af25 content::ContentServiceManagerMainDelegate::RunEmbedderProcess() #50 0x7f303c46a0d4 service_manager::Main() #51 0x7f3037671185 content::ContentMain() #52 0x559face5d246 ChromeMain #53 0x559face5d152 main #54 0x7f3018b6e2b1 __libc_start_main #55 0x559face5d02a _start r8: 00000000000000ff r9: 00007ffed0469600 r10: 00000000000000ff r11: 00007f3018cb7e00 r12: 0000559face5d000 r13: 00007ffed046d9b0 r14: 0000000000000000 r15: 0000000000000000 di: 00007ffed0468e70 si: 0000000000000000 bp: 00007ffed0468de0 bx: 0000000000000000 dx: 0000000000000000 ax: 0000000000000000 cx: 0000000000000000 sp: 00007ffed0468de0 ip: 0000559fad36ddb6 efl: 0000000000010246 cgf: 002b000000000033 erf: 0000000000000000 trp: 0000000000000006 msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Calling _exit(1). Core file will not be generated.
,
Jul 16
,
Jul 16
,
Jul 16
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/31781107f6bda92e732fed805f62e8512bc78149 commit 31781107f6bda92e732fed805f62e8512bc78149 Author: Henrique Nakashima <hnakashima@chromium.org> Date: Mon Jul 16 21:17:46 2018 Fix crash when typing letters into an XFA datetime field. The root of the issue is that CXFA_FFDateTimeEdit inherits from CXFA_FFTextEdit and methods in the former treat its widget as a CFWL_Edit, while it can be a CFWL_DateTimePicker. Bug: chromium:857521 Change-Id: I764b6c03095b16f6a9cf72ff36768ca4c57c4070 Reviewed-on: https://pdfium-review.googlesource.com/37910 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> [modify] https://crrev.com/31781107f6bda92e732fed805f62e8512bc78149/xfa/fxfa/cxfa_ffdatetimeedit.h [modify] https://crrev.com/31781107f6bda92e732fed805f62e8512bc78149/xfa/fwl/cfwl_datetimepicker.cpp [modify] https://crrev.com/31781107f6bda92e732fed805f62e8512bc78149/xfa/fwl/cfwl_datetimepicker.h [modify] https://crrev.com/31781107f6bda92e732fed805f62e8512bc78149/xfa/fxfa/cxfa_ffdatetimeedit.cpp
,
Jul 17
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2a02c684f8fa69e776995b77e183ce6a597fa6e3 commit 2a02c684f8fa69e776995b77e183ce6a597fa6e3 Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue Jul 17 02:37:59 2018 Roll src/third_party/pdfium 481749905d44..ff402c2c4ce8 (11 commits) https://pdfium.googlesource.com/pdfium.git/+log/481749905d44..ff402c2c4ce8 git log 481749905d44..ff402c2c4ce8 --date=short --no-merges --format='%ad %ae %s' 2018-07-17 tsepez@chromium.org Check for global flag on global proxy objects. 2018-07-16 tsepez@chromium.org Make JSGetObject<C>() return UnownedPtr<C>. 2018-07-16 tsepez@chromium.org Use UnownedPtr/Optional in cfxa_layoutcontext.cpp 2018-07-16 tsepez@chromium.org Use UnownedPtr<> to v8::Isolates. 2018-07-16 hnakashima@chromium.org Fix crash when typing letters into an XFA datetime field. 2018-07-16 rharrison@chromium.org Alert embedder when attempting to save XFA form 2018-07-16 thestig@chromium.org Fix some nits in CPDF_Document. 2018-07-16 vmiklos@collabora.co.uk Add FPDFFormObj_GetObject() API 2018-07-16 rharrison@chromium.org Process data changes regardless if they can be formatted 2018-07-16 tsepez@chromium.org Use UnownedPtr in CXFA_LocaleMgr 2018-07-16 tsepez@chromium.org Remove unused member from CPDF_DataAvail. Created with: gclient setdep -r src/third_party/pdfium@ff402c2c4ce8 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. BUG= chromium:862059 , chromium:857521 TBR=dsinclair@chromium.org Change-Id: I34c5767262f39734719d87120febf1c2c8193a9a Reviewed-on: https://chromium-review.googlesource.com/1139006 Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#575525} [modify] https://crrev.com/2a02c684f8fa69e776995b77e183ce6a597fa6e3/DEPS |
|||
►
Sign in to add a comment |
|||
Comment 1 by hnakashima@chromium.org
, Jun 28 2018