Yuanjun Zhu (Gerrit)

unread,

Jun 24, 2026, 4:14:41 AM (3 days ago) Jun 24

to Keren Zhu, Avi Drissman, chromium...@chromium.org, mac-r...@chromium.org, roblia...@chromium.org, sky+...@chromium.org

Attention needed from Avi Drissman and Keren Zhu

Yuanjun Zhu added 1 comment

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Yuanjun Zhu . resolved

Hi @a...@chromium.org, @kere...@chromium.org,

Could you please help review this change? I'm investigating an Edge Mac browser-process crash in NativeWidgetMac::OnWindowKeyStatusChanged and it traces to ui/views/widget/native_widget_mac.mm.

The focus-restore behavior is correct — but removing the if (!is_content_first_responder) { return; } early-return exposed a latent null-deref a layer down, and I'd love your eyes on the fix.

A synchronous re-entrant key-window notification (child widget reparented + shown in one turn → makeKeyAndOrderFront: → key-status re-entry) hits exactly that window, and the unguarded deref crashes.

I don't have manual repro steps — it's a low-rate timing race surfaced from Edge 149 (Stable) crash telemetry. But I added a deterministic views_unittests case (NativeWidgetMacTest.KeyStatusChangeWithNoTopLevelDoesNotCrash) that reproduces it: it builds a child widget, detaches its host parent so GetFocusManager() returns null, then drives OnWindowKeyStatusChanged(). It crashes (SIGSEGV) on both branches without the fix and passes with it.

Thanks in advance.

Open in Gerrit

Related details

Attention is currently required from:

Avi Drissman
Keren Zhu

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Avi Drissman (Gerrit)

unread,

Jun 24, 2026, 3:07:13 PM (3 days ago) Jun 24

to Yuanjun Zhu, Avi Drissman, Chromium LUCI CQ, Keren Zhu, chromium...@chromium.org, mac-r...@chromium.org, roblia...@chromium.org, sky+...@chromium.org

Attention needed from Keren Zhu and Yuanjun Zhu

Avi Drissman voted and added 1 comment

Votes added by Avi Drissman

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Avi Drissman . resolved

Seems reasonable; approving for when Keren also approves

Open in Gerrit

Related details

Attention is currently required from:

Keren Zhu
Yuanjun Zhu

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Keren Zhu (Gerrit)

unread,

Jun 24, 2026, 4:18:22 PM (3 days ago) Jun 24

to Yuanjun Zhu, Avi Drissman, Chromium LUCI CQ, chromium...@chromium.org, mac-r...@chromium.org, roblia...@chromium.org, sky+...@chromium.org

Attention needed from Yuanjun Zhu

Keren Zhu voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Yuanjun Zhu

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Yuanjun Zhu (Gerrit)

unread,

Jun 24, 2026, 9:19:04 PM (3 days ago) Jun 24

to Keren Zhu, Avi Drissman, Chromium LUCI CQ, chromium...@chromium.org, mac-r...@chromium.org, roblia...@chromium.org, sky+...@chromium.org

Yuanjun Zhu voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Jun 24, 2026, 9:27:21 PM (3 days ago) Jun 24

to Yuanjun Zhu, Keren Zhu, Avi Drissman, chromium...@chromium.org, mac-r...@chromium.org, roblia...@chromium.org, sky+...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

[Mac] Guard null FocusManager deref in OnWindowKeyStatusChanged

A re-entrant key-status notification can reach a child widget whose
top-level linkage is transiently broken during reparent+show (e.g. a
tab-modal dialog on tab activation). Widget::GetFocusManager() then
returns null and the unguarded deref crashes. Guard both the restore
(is_key) and store (else) branches; OnNativeFocus()/OnNativeBlur() side
effects are preserved.

Adds NativeWidgetMacTest.KeyStatusChangeWithNoTopLevelDoesNotCrash,
which crashes on either branch without the fix and passes with it.

Bug: 527243510

Change-Id: I0a53adbad3c68b1b5e725edca9a85751af22c967

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7986991

Reviewed-by: Avi Drissman <a...@chromium.org>

Reviewed-by: Keren Zhu <kere...@chromium.org>

Commit-Queue: Yuanjun Zhu <yuanj...@microsoft.com>

Cr-Commit-Position: refs/heads/main@{#1652114}

Files:

M ui/views/widget/native_widget_mac.mm
M ui/views/widget/native_widget_mac_unittest.mm

Change size: M

Delta: 2 files changed, 50 insertions(+), 2 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Avi Drissman, +1 by Keren Zhu

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[Mac] Guard null FocusManager deref in OnWindowKeyStatusChanged [chromium/src : main]

Yuanjun Zhu (Gerrit)

Yuanjun Zhu added 1 comment

Related details

Avi Drissman (Gerrit)

Avi Drissman voted and added 1 comment

Votes added by Avi Drissman

1 comment

Related details

Keren Zhu (Gerrit)

Keren Zhu voted Code-Review+1

Related details

Yuanjun Zhu (Gerrit)

Yuanjun Zhu voted Commit-Queue+2

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information