Issue metadata
Sign in to add a comment
|
Regression : Browser crash is seen after unchecking 'Always show icon' on cast.
Reported by
rp...@etouch.net,
Jul 9
|
||||||||||||||||||||||
Issue descriptionChrome version: 69.0.3486.0 (Official Build)Revision 472d1caeb99d99a8952e7170bbf435bd92902d73-refs/branch-heads/3486@{#1}(32/64-bit) OS: Windows (7,8,8.1,10) What steps will reproduce the problem? 1. Launch chrome,navigate to NTP and right click on page to open context menu and select 'Cast' 2. Now right click on 'cast' icon and select 'Always show icon' and drag cast icon in 'Customize and control google chrome' 3. Now click to open 'Customize and control google chrome' and right click on cast icon in it and select 'Always show icon' to uncheck,observe Actual: Browser crash is seen Expected: Browser should not crash Crash ID : Uploaded Crash Report ID 354d8180a977da1f (Local Crash ID: 7259d58f-5d1f-4406-b011-b4010a2b25eb) This is regression issue, broken in ‘M 69’ and will soon update other info : Good build: 69.0.3483.0 (Revision: 572880). Bad build: 69.0.3484.0 (Revision: 573141).
,
Jul 9
Stack Trace for the crash id: ----------------------------- Thread 0 (id: 0x1020) CRASHED [EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x07fee5e1 ] MAGIC SIGNATURE THREAD Stack Quality64%Show frame trust levels 0x07fee5e1 0x000007fee5d739bd (chrome.dll -menu_runner_impl.cc:182 ) views::internal::MenuRunnerImpl::OnMenuClosed(views::internal::MenuControllerDelegate::NotifyType,views::MenuItemView *,int) 0x000007fee60d9486 (chrome.dll -menu_controller.cc:2738 ) views::MenuController::ExitMenu() 0x000007fee60da838 (chrome.dll -menu_controller.cc:727 ) views::MenuController::OnMouseReleased(views::SubmenuView *,ui::MouseEvent const &) 0x000007fee42928ed (chrome.dll -widget.cc:1225 ) views::Widget::OnMouseEvent(ui::MouseEvent *) 0x000007fee3f238d6 (chrome.dll -event_dispatcher.cc:191 ) ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *) 0x000007fee3f2349c (chrome.dll -event_dispatcher.cc:139 ) ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *) 0x000007fee3f23376 (chrome.dll -event_dispatcher.cc:86 ) ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *) 0x000007fee3f225fd (chrome.dll -event_dispatcher.cc:58 ) ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *) 0x000007fee3f210ce (chrome.dll -event_processor.cc:57 ) ui::EventProcessor::OnEventFromSource(ui::Event *) 0x000007fee3f20dff (chrome.dll -event_source.cc:84 ) ui::EventSource::SendEventToSinkFromRewriter(ui::Event *,ui::EventRewriter const *) 0x000007fee3f20c45 (chrome.dll -event_source.cc:44 ) ui::EventSource::SendEventToSink(ui::Event *) 0x000007fee5531213 (chrome.dll -desktop_window_tree_host_win.cc:880 ) views::DesktopWindowTreeHostWin::HandleGestureEvent(ui::GestureEvent *) 0x000007fee3f1fc87 (chrome.dll -hwnd_message_handler.cc:2821 ) views::HWNDMessageHandler::HandleMouseEventInternal(unsigned int,unsigned __int64,__int64,bool) 0x000007fee3d92276 (chrome.dll -hwnd_message_handler.h:319 ) views::HWNDMessageHandler::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned __int64,__int64,__int64 &,unsigned long) 0x000007fee3d9203b (chrome.dll -hwnd_message_handler.cc:934 ) views::HWNDMessageHandler::OnWndProc(unsigned int,unsigned __int64,__int64) 0x000007fee3b914ee (chrome.dll -wrapped_window_proc.h:76 ) base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned __int64,__int64)>(HWND__ *,unsigned int,unsigned __int64,__int64) 0x77239bd0 (USER32.dll + 0x00019bd0 ) UserCallWinProcCheckWow 0x772398d9 (USER32.dll + 0x000198d9 ) DispatchMessageWorker 0x000007fee3f164fb (chrome.dll -message_pump_win.cc:366 ) base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &) 0x000007fee3c15a46 (chrome.dll -message_pump_win.cc:169 ) base::MessagePumpForUI::DoRunLoop() 0x000007fee3b0d797 (chrome.dll -message_pump_win.cc:56 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x000007fee3b0d4e0 (chrome.dll -run_loop.cc:102 ) base::RunLoop::Run() 0x000007fee3f1364d (chrome.dll -chrome_browser_main.cc:2053 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x000007fee3f13451 (chrome.dll -browser_main_loop.cc:1016 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000007fee3f133fc (chrome.dll -browser_main_runner_impl.cc:169 ) content::BrowserMainRunnerImpl::Run() 0x000007fee3b0e7a4 (chrome.dll -browser_main.cc:51 ) content::BrowserMain(content::MainFunctionParams const &,std::unique_ptr<content::BrowserProcessSubThread,std::default_delete<content::BrowserProcessSubThread> >) 0x000007fee3b0e63a (chrome.dll -content_main_runner_impl.cc:600 ) content::RunBrowserProcessMain(content::MainFunctionParams const &,content::ContentMainDelegate *,std::unique_ptr<content::BrowserProcessSubThread,std::default_delete<content::BrowserProcessSubThread> >) 0x000007fee3b09c7d (chrome.dll -content_main_runner_impl.cc:947 ) content::ContentMainRunnerImpl::Run() 0x000007fee3af5bbf (chrome.dll -main.cc:459 ) service_manager::Main(service_manager::MainParams const &) 0x000007fee3af5647 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x000007fee3af1e59 (chrome.dll -chrome_main.cc:101 ) ChromeMain 0x000000013f46372b (chrome.exe -main_dll_loader_win.cc:201 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x000000013f461698 (chrome.exe -chrome_exe_main_win.cc:230 ) wWinMain 0x000000013f524891 (chrome.exe -exe_common.inl:283 ) __scrt_common_main_seh 0x76e559cc (KERNEL32.dll + 0x000159cc ) BaseThreadInitThunk 0x7734b980 (ntdll.dll + 0x0002b980 ) RtlUserThreadStart Adding release blocker label for this issue.Please reduce priority or remove if not the case. Thank You!
,
Jul 9
,
Jul 13
This shouldn't be RBS as the Harmony Cast UI is only on canary and dev in M69.
,
Jul 16
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/339ab575c8b467d5c34d981891d8e9605c171867 commit 339ab575c8b467d5c34d981891d8e9605c171867 Author: Takumi Fujimoto <takumif@chromium.org> Date: Mon Jul 16 23:30:05 2018 Fix Media Router context menu crashes When the context menu is closed, destroy the menu model asynchronously, so that its command gets executed before the menu model is destroyed. Bug: 861652 , 861655 Change-Id: Id0bf068e600f13ab187c0ad137ca15979363c61f Reviewed-on: https://chromium-review.googlesource.com/1130657 Commit-Queue: Takumi Fujimoto <takumif@chromium.org> Reviewed-by: mark a. foltz <mfoltz@chromium.org> Cr-Commit-Position: refs/heads/master@{#575478} [modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/toolbar/media_router_action.cc [modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/toolbar/media_router_action.h [modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/views/media_router/media_router_ui_browsertest.cc
,
Jul 17
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rp...@etouch.net
, Jul 9Owner: taku...@chromium.org
Status: Assigned (was: Unconfirmed)