Crash in InfoBarManagerImpl::DidFinishNavigation() |
||
Issue descriptionWe've seen this at least once on the bots, crashing in SigninInteractionControllerTestCase.testSignInSwitchManagedAccount with slimnav enabled. https://chromium-swarm.appspot.com/user/task/427a2a5e20635210 Crashed Thread: 0 CrWebMain Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Application Specific Information: CoreSimulator 581.2 - Device: iPhone 6s - Runtime: iOS 11.4 (15F79) - DeviceType: iPhone 6s Thread 0 Crashed:: CrWebMain Dispatch queue: com.apple.main-thread 0 org.chromium.gtest.ios-chrome-ui-egtests 0x0000000105d5b368 (anonymous namespace)::CreateNavigationDetails(web::NavigationItem*, bool) + 24 1 org.chromium.gtest.ios-chrome-ui-egtests 0x0000000105d5b2f2 InfoBarManagerImpl::DidFinishNavigation(web::WebState*, web::NavigationContext*) + 370 2 org.chromium.gtest.ios-chrome-ui-egtests 0x0000000105a34f6f web::WebStateImpl::OnNavigationFinished(web::NavigationContextImpl*) + 319 3 org.chromium.gtest.ios-chrome-ui-egtests 0x000000010597d876 -[CRWWebController webView:didCommitNavigation:] + 5686 4 com.apple.WebKit 0x000000011cc42883 WebKit::NavigationState::NavigationClient::didCommitNavigation(WebKit::WebPageProxy&, API::Navigation*, API::Object*) + 93
,
Today
(11 hours ago)
NavigationContext must never be null and I think that all DidFinishNavigation callbacks assume non-null navigation_context.
,
Today
(11 hours ago)
Then that implies that something is wrong in CreateNavigationDetails():
infobars::InfoBarDelegate::NavigationDetails CreateNavigationDetails(
web::NavigationItem* navigation_item,
bool is_same_document) {
infobars::InfoBarDelegate::NavigationDetails navigation_details;
navigation_details.entry_id = navigation_item->GetUniqueID();
const ui::PageTransition transition = navigation_item->GetTransitionType();
navigation_details.is_navigation_to_different_page =
ui::PageTransitionIsMainFrame(transition) && !is_same_document;
// Default to false, since iOS callbacks do not specify if navigation was a
// repace state navigation .
navigation_details.did_replace_entry = false;
navigation_details.is_reload =
ui::PageTransitionCoreTypeIs(transition, ui::PAGE_TRANSITION_RELOAD);
navigation_details.is_redirect = ui::PageTransitionIsRedirect(transition);
return navigation_details;
}
Probably we have a nullptr |navigation_item|, which means web_state->GetLastCommittedItem() is returning nullptr. How could that happen, if HasCommitted() is returning true?
@eugene in the code snippet from comment #0, should we be using GetLastCommittedItem(), or should we get the unique id and transition type from the NavigationContext instead?
,
Today
(9 hours ago)
I believe that web_state->GetLastCommittedItem() should not return null if HasCommitted() returned true. We can use transition type from the NavigationContext, but we can't use unique id from the NavigationContext without changing the behavior. It seems like we have a bug with slim navigation manager which we need to fix in ios/web |
||
►
Sign in to add a comment |
||
Comment 1 by rohitrao@chromium.org
, Today (12 hours ago)void InfoBarManagerImpl::DidFinishNavigation( web::WebState* web_state, web::NavigationContext* navigation_context) { DCHECK_EQ(web_state_, web_state); if (navigation_context->HasCommitted()) { OnNavigation(CreateNavigationDetails( web_state->GetNavigationManager()->GetLastCommittedItem(), navigation_context->IsSameDocument())); } } 0x0 implies that either web_state, web_state->GetNavigationManager(), or navigation_context is nullptr. Eugene, can DidFinishNavigation ever be called with nullptr arguments?