If an OOPIF dies during touchscreen gesture, the page becomes unresponsive to touch |
||
Issue descriptionChrome Version: 73.0.3631.0 What steps will reproduce the problem? (1) Visit http://csreis.github.io/tests/cross-site-iframe-simple.html (2) Open chrome's task manager to get the PID for the child frame (3) In a terminal, run sleep 5 && kill [child pid] (4) Touchscreen scroll in the child and have the kill happen during the gesture (5) Attempt to interact with the page with the touchscreen What is the expected result? Touch continues to work What happens instead? Page is unresponsive to touch This doesn't repro consistently for me, but when it happens, it looks like we still send and ack the touch events, but they don't produce gestures.
,
Dec 8
Having a slow touch handler in the child seems to make reproducing this easier.
document.body.addEventListener('touchmove', (e) => {
var end = performance.now() + 1000;
while (performance.now() < end) {}
}, {passive: false});
,
Dec 8
Thanks mcnee@ ... I suspect you're right.
,
Dec 13
Now that https://chromium-review.googlesource.com/c/chromium/src/+/1355243 has landed ( Issue 848050 ), I tested on ToT with the instructions in Comment #0, and it seems to be fixed. mcnee@, would you like to independently verify before we close this out?
,
Dec 14
I can still reproduce this.
,
Dec 14
Hmm, interesting. I tried using your repro instructions above, and was unable to reproduce. Is there anything different you can think of in the repro steps?
,
Dec 14
Did you include the slow touch handler in c#2?
,
Dec 14
Hmm, no, maybe not. Ok, I'll re-test with this next week.
,
Dec 14
I think I found the issue. This has no effect, since we're modifying a copy: https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_input_event_router.cc?rcl=bdfa3bb74e76d0da628f876469af1d94bd5bad83&l=233
,
Dec 14
Good catch, thanks! I'll put up a CL for that.
,
Dec 19
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ff4881e52e17c2530b155b955dfa833e794ec3ad commit ff4881e52e17c2530b155b955dfa833e794ec3ad Author: W. James MacLean <wjmaclean@chromium.org> Date: Wed Dec 19 13:40:52 2018 Fix TouchEventAckQueue to really mark events as acked if renderer dies. This CL fixes an error in the TouchEventAckQueue where a lambda that was meant to mark events from a dead renderer as acked failed because it was operating on a copied parameter, as opposed to a reference parameter. Bug: 913143 Change-Id: Ib7641db6874e30cad24f20a17294f70423df5f54 Reviewed-on: https://chromium-review.googlesource.com/c/1383111 Commit-Queue: James MacLean <wjmaclean@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Cr-Commit-Position: refs/heads/master@{#617817} [modify] https://crrev.com/ff4881e52e17c2530b155b955dfa833e794ec3ad/content/browser/renderer_host/render_widget_host_impl.h [modify] https://crrev.com/ff4881e52e17c2530b155b955dfa833e794ec3ad/content/browser/renderer_host/render_widget_host_input_event_router.cc [modify] https://crrev.com/ff4881e52e17c2530b155b955dfa833e794ec3ad/content/browser/renderer_host/render_widget_host_input_event_router.h [modify] https://crrev.com/ff4881e52e17c2530b155b955dfa833e794ec3ad/content/browser/renderer_host/render_widget_host_input_event_router_unittest.cc
,
Dec 20
With the CL listed in C#11, this issue should be resolved, but please re-open if needed. |
||
►
Sign in to add a comment |
||
Comment 1 by mcnee@chromium.org
, Dec 7