Issue 69833 in chromium: crashes upon clicking into a form field

14 views
Skip to first unread message

chro...@googlecode.com

unread,
Jan 16, 2011, 4:00:10 PM1/16/11
to chromi...@chromium.org
Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 Area-Undefined

New issue 69833 by ralf.hil...@gmail.com: crashes upon clicking into a form
field
http://code.google.com/p/chromium/issues/detail?id=69833

Chrome Version : 10.0.641.0 (Developer Build 71564) Ubuntu 11.04
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 5:
Firefox 3.x:
IE 7/8:

What steps will reproduce the problem?
1. Clicking into a form field (e.g. the google search on www.google.com)
makes the browser crash with a segfault

Program received signal SIGSEGV, Segmentation fault.
AutocompleteHistoryManager::OnWebDataServiceRequestDone
(this=0x7ffff878e240, h=<value optimized out>, result=0x0)
at chrome/browser/autocomplete_history_manager.cc:181
181 chrome/browser/autocomplete_history_manager.cc: No such file or
directory.
in chrome/browser/autocomplete_history_manager.cc
(gdb) bt
#0 AutocompleteHistoryManager::OnWebDataServiceRequestDone
(this=0x7ffff878e240, h=<value optimized out>, result=0x0)
at chrome/browser/autocomplete_history_manager.cc:181
#1 0x00007ffff538eef5 in WebDataService::RequestCompleted
(this=0x7ffff8e0de10, h=5)
at chrome/browser/webdata/web_data_service.cc:526
#2 0x00007ffff590422d in MessageLoop::RunTask (this=0x7ffff87d3c40,
task=0x7ffff9b819f0) at base/message_loop.cc:356
#3 0x00007ffff5906510 in MessageLoop::DeferOrRunPendingTask (this=<value
optimized out>,
pending_task=<value optimized out>) at base/message_loop.cc:365
#4 0x00007ffff5906733 in MessageLoop::DoWork (this=0x7ffff87d3c40) at
base/message_loop.cc:558
#5 0x00007ffff592cf09 in base::MessagePumpForUI::HandleDispatch
(this=0x7ffff8848960) at base/message_pump_glib.cc:284
#6 0x00007ffff592cf4d in (anonymous namespace)::WorkSourceDispatch
(source=<value optimized out>,
unused_func=<value optimized out>, unused_data=<value optimized out>)
at base/message_pump_glib.cc:109
#7 0x00007ffff1f70d0d in g_main_context_dispatch () from
/lib/libglib-2.0.so.0
#8 0x00007ffff1f714f8 in ?? () from /lib/libglib-2.0.so.0
#9 0x00007ffff1f71789 in g_main_context_iteration () from
/lib/libglib-2.0.so.0
#10 0x00007ffff592cb6f in base::MessagePumpForUI::RunOnce (this=<value
optimized out>, context=<value optimized out>,
block=<value optimized out>) at base/message_pump_glib.cc:236
#11 0x00007ffff592ca03 in base::MessagePumpForUI::RunWithDispatcher
(this=0x7ffff8848960, delegate=<value optimized out>,
dispatcher=<value optimized out>) at base/message_pump_glib.cc:210
#12 0x00007ffff590463c in RunHandler (this=<value optimized out>,
dispatcher=<value optimized out>)
at base/message_loop.cc:304
#13 MessageLoopForUI::Run (this=<value optimized out>, dispatcher=<value
optimized out>) at base/message_loop.cc:673
#14 0x00007ffff51d21f9 in RunUIMessageLoop (parameters=...) at
chrome/browser/browser_main.cc:534
#15 BrowserMain (parameters=...) at chrome/browser/browser_main.cc:1676
#16 0x00007ffff51cbd72 in RunNamedProcessTypeMain (argc=<value optimized
out>, argv=<value optimized out>)
at chrome/app/chrome_main.cc:593
#17 ChromeMain (argc=<value optimized out>, argv=<value optimized out>) at
chrome/app/chrome_main.cc:919
#18 0x00007ffff51cc821 in main (argc=1, argv=0x7fffffffe128) at
chrome/app/chrome_exe_main_gtk.cc:49
(gdb) quit
A debugging session is active.

Inferior 1 [process 2702] will be killed.

Quit anyway? (y or n) y


chro...@googlecode.com

unread,
Jan 16, 2011, 4:08:19 PM1/16/11
to chromi...@chromium.org

Comment #1 on issue 69833 by ralf.hil...@gmail.com: crashes upon clicking
into a form field
http://code.google.com/p/chromium/issues/detail?id=69833

It turns out that in some cases ENTERING something into a form field (text
area) causes the crash. Backtrace from such a case:

Program received signal SIGSEGV, Segmentation fault.
AutocompleteHistoryManager::OnWebDataServiceRequestDone
(this=0x7ffff878e240, h=<value optimized out>, result=0x0)
at chrome/browser/autocomplete_history_manager.cc:181
181 chrome/browser/autocomplete_history_manager.cc: No such file or
directory.
in chrome/browser/autocomplete_history_manager.cc
(gdb) bt
#0 AutocompleteHistoryManager::OnWebDataServiceRequestDone
(this=0x7ffff878e240, h=<value optimized out>, result=0x0)
at chrome/browser/autocomplete_history_manager.cc:181
#1 0x00007ffff538eef5 in WebDataService::RequestCompleted

(this=0x7ffff8e10ea0, h=5) at chrome/browser/webdata/web_data_service.cc:526


#2 0x00007ffff590422d in MessageLoop::RunTask (this=0x7ffff87d3c40,

task=0x7ffff9eb2b40) at base/message_loop.cc:356


#3 0x00007ffff5906510 in MessageLoop::DeferOrRunPendingTask (this=<value
optimized out>, pending_task=<value optimized out>) at
base/message_loop.cc:365
#4 0x00007ffff5906733 in MessageLoop::DoWork (this=0x7ffff87d3c40) at
base/message_loop.cc:558

#5 0x00007ffff592ca19 in base::MessagePumpForUI::RunWithDispatcher

(this=0x7ffff8848960, delegate=<value optimized out>, dispatcher=<value
optimized out>)

at base/message_pump_glib.cc:214
#6 0x00007ffff590463c in RunHandler (this=<value optimized out>,

dispatcher=<value optimized out>) at base/message_loop.cc:304

#7 MessageLoopForUI::Run (this=<value optimized out>, dispatcher=<value

optimized out>) at base/message_loop.cc:673

#8 0x00007ffff51d21f9 in RunUIMessageLoop (parameters=...) at
chrome/browser/browser_main.cc:534
#9 BrowserMain (parameters=...) at chrome/browser/browser_main.cc:1676
#10 0x00007ffff51cbd72 in RunNamedProcessTypeMain (argc=<value optimized

out>, argv=<value optimized out>) at chrome/app/chrome_main.cc:593

#11 ChromeMain (argc=<value optimized out>, argv=<value optimized out>) at
chrome/app/chrome_main.cc:919
#12 0x00007ffff51cc821 in main (argc=1, argv=0x7fffffffe128) at
chrome/app/chrome_exe_main_gtk.cc:49
(gdb)


chro...@googlecode.com

unread,
Jan 16, 2011, 7:26:09 PM1/16/11
to chromi...@chromium.org
Updates:
Labels: -Area-Undefined Area-UI OS-Linux Crash Feature-Autofill

Comment #2 on issue 69833 by rsle...@chromium.org: crashes upon clicking

into a form field
http://code.google.com/p/chromium/issues/detail?id=69833

(No comment was entered for this change.)

chro...@googlecode.com

unread,
Jan 16, 2011, 7:30:10 PM1/16/11
to chromi...@chromium.org
Updates:
Cc: j...@chromium.org

Comment #3 on issue 69833 by rsle...@chromium.org: crashes upon clicking

into a form field
http://code.google.com/p/chromium/issues/detail?id=69833

+cc jam, as this was recently touched at http://crrev.com/70914 and |
result| (which is NULL in this crash) is actively accessed to convert to a
std::vector<string16>, as opposed to previously, where it was passed to
SendSuggestions() unmolested, which handles NULL fine.

chro...@googlecode.com

unread,
Jan 16, 2011, 10:05:18 PM1/16/11
to chromi...@chromium.org

Comment #4 on issue 69833 by ishe...@chromium.org: crashes upon clicking
into a form field
http://code.google.com/p/chromium/issues/detail?id=69833

See also issue 68783.

chro...@googlecode.com

unread,
Mar 12, 2011, 6:02:16 AM3/12/11
to chromi...@chromium.org
Updates:
Status: Fixed

Comment #8 on issue 69833 by ishe...@chromium.org: crashes upon clicking

into a form field
http://code.google.com/p/chromium/issues/detail?id=69833

(No comment was entered for this change.)

Reply all
Reply to author
Forward
0 new messages