Oxide

Middle click to paste text from clipboard into form crashes the renderer

Bug #1300694 reported by Olivier Tilloy on 2014-04-01

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Oxide	Fix Released	High	Unassigned	Oxide branch-1.2
1.0	Fix Released	High	Unassigned
1.1	Fix Released	High	Unassigned

Bug Description

On desktop, instantiate a WebView and point it to e.g. http://google.com, select some text in another application, then middle-click in the search box in the webview to paste the selected text. This crashes the renderer process with the following stack trace:

[0401/120700:FATAL:webclipboard_impl.cc(217)] Check failed: false.
#0 0x7f1b9a1d2803 base::debug::StackTrace::StackTrace()
#1 0x7f1b9a24a011 logging::LogMessage::~LogMessage()
#2 0x7f1b9f4d0340 content::WebClipboardImpl::ConvertBufferType()
#3 0x7f1b9f4cf72e content::WebClipboardImpl::sequenceNumber()
#4 0x7f1b9d1e8125 WebCore::DataObject::createFromPasteboard()
#5 0x7f1b9d397ea1 WebCore::Editor::dispatchCPPEvent()
#6 0x7f1b9d39760a WebCore::Editor::tryDHTMLPaste()
#7 0x7f1b9d39a26e WebCore::Editor::paste()
#8 0x7f1b9d3a1216 WebCore::executePasteGlobalSelection()
#9 0x7f1b9d3a2f62 WebCore::Editor::Command::execute()
#10 0x7f1b9d5d929a WebCore::EventHandler::handlePasteGlobalSelection()
#11 0x7f1b9d5d58d3 WebCore::EventHandler::handleMouseReleaseEvent()
#12 0x7f1b9d5d90f4 WebCore::EventHandler::handleMouseReleaseEvent()
#13 0x7f1b9cb4f7df blink::PageWidgetEventHandler::handleMouseUp()
#14 0x7f1b9cbe70b1 blink::WebViewImpl::handleMouseUp()
#15 0x7f1b9cb4f54d blink::PageWidgetDelegate::handleInputEvent()
#16 0x7f1b9cbecd9a blink::WebViewImpl::handleInputEvent()
#17 0x7f1b9f487469 content::RenderWidget::OnHandleInputEvent()
#18 0x7f1b9f492b1a DispatchToMethod<>()
#19 0x7f1b9f490755 InputMsg_HandleInputEvent::Dispatch<>()
#20 0x7f1b9f483411 content::RenderWidget::OnMessageReceived()
#21 0x7f1b9f454fbe content::RenderViewImpl::OnMessageReceived()
#22 0x7f1b9a5c1a54 content::MessageRouter::RouteMessage()
#23 0x7f1b9a5c19f8 content::MessageRouter::OnMessageReceived()
#24 0x7f1b9f121a3f content::ChildThread::OnMessageReceived()
#25 0x7f1b9f2c0a52 content::InputEventFilter::ForwardToMainListener()
#26 0x7f1b9f2c1c13 base::internal::RunnableAdapter<>::Run()
#27 0x7f1b9f2c1b84 base::internal::InvokeHelper<>::MakeItSo()
#28 0x7f1b9f2c1b17 base::internal::Invoker<>::Run()
#29 0x7f1b9a1c0ba8 base::Callback<>::Run()
#30 0x7f1b9a26a95c base::MessageLoop::RunTask()
#31 0x7f1b9a26aa8a base::MessageLoop::DeferOrRunPendingTask()
#32 0x7f1b9a26afda base::MessageLoop::DoWork()
#33 0x7f1b9a2798f1 base::MessagePumpDefault::Run()
#34 0x7f1b9a26a450 base::MessageLoop::RunHandler()
#35 0x7f1b9a2ce212 base::RunLoop::Run()
#36 0x7f1b9a269a86 base::MessageLoop::Run()
#37 0x7f1b9f4a0a24 content::RendererMain()
#38 0x7f1b9a374655 content::RunZygote()
#39 0x7f1b9a3748c9 content::RunNamedProcessTypeMain()
#40 0x7f1b9a375765 content::ContentMainRunnerImpl::Run()
#41 0x7f1b9a373db7 content::ContentMain()
#42 0x7f1b9a117513 oxide::OxideMain()
#43 0x0000004006dd main
#44 0x7f1b992e8ec5 __libc_start_main
#45 0x0000004005f9 <unknown>

Received signal 6
#0 0x7f1b9a1d2803 base::debug::StackTrace::StackTrace()
#1 0x7f1b9a1d20c2 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f1b992fdff0 <unknown>
#3 0x7f1b992fdf79 gsignal
#4 0x7f1b99301388 abort
#5 0x7f1b9a1cf3c8 base::debug::(anonymous namespace)::DebugBreak()
#6 0x7f1b9a1cf3d4 base::debug::BreakDebugger()
#7 0x7f1b9a24a361 logging::LogMessage::~LogMessage()
#8 0x7f1b9f4d0340 content::WebClipboardImpl::ConvertBufferType()
#9 0x7f1b9f4cf72e content::WebClipboardImpl::sequenceNumber()
#10 0x7f1b9d1e8125 WebCore::DataObject::createFromPasteboard()
#11 0x7f1b9d397ea1 WebCore::Editor::dispatchCPPEvent()
#12 0x7f1b9d39760a WebCore::Editor::tryDHTMLPaste()
#13 0x7f1b9d39a26e WebCore::Editor::paste()
#14 0x7f1b9d3a1216 WebCore::executePasteGlobalSelection()
#15 0x7f1b9d3a2f62 WebCore::Editor::Command::execute()
#16 0x7f1b9d5d929a WebCore::EventHandler::handlePasteGlobalSelection()
#17 0x7f1b9d5d58d3 WebCore::EventHandler::handleMouseReleaseEvent()
#18 0x7f1b9d5d90f4 WebCore::EventHandler::handleMouseReleaseEvent()
#19 0x7f1b9cb4f7df blink::PageWidgetEventHandler::handleMouseUp()
#20 0x7f1b9cbe70b1 blink::WebViewImpl::handleMouseUp()
#21 0x7f1b9cb4f54d blink::PageWidgetDelegate::handleInputEvent()
#22 0x7f1b9cbecd9a blink::WebViewImpl::handleInputEvent()
#23 0x7f1b9f487469 content::RenderWidget::OnHandleInputEvent()
#24 0x7f1b9f492b1a DispatchToMethod<>()
#25 0x7f1b9f490755 InputMsg_HandleInputEvent::Dispatch<>()
#26 0x7f1b9f483411 content::RenderWidget::OnMessageReceived()
#27 0x7f1b9f454fbe content::RenderViewImpl::OnMessageReceived()
#28 0x7f1b9a5c1a54 content::MessageRouter::RouteMessage()
#29 0x7f1b9a5c19f8 content::MessageRouter::OnMessageReceived()
#30 0x7f1b9f121a3f content::ChildThread::OnMessageReceived()
#31 0x7f1b9f2c0a52 content::InputEventFilter::ForwardToMainListener()
#32 0x7f1b9f2c1c13 base::internal::RunnableAdapter<>::Run()
#33 0x7f1b9f2c1b84 base::internal::InvokeHelper<>::MakeItSo()
#34 0x7f1b9f2c1b17 base::internal::Invoker<>::Run()
#35 0x7f1b9a1c0ba8 base::Callback<>::Run()
#36 0x7f1b9a26a95c base::MessageLoop::RunTask()
#37 0x7f1b9a26aa8a base::MessageLoop::DeferOrRunPendingTask()
#38 0x7f1b9a26afda base::MessageLoop::DoWork()
#39 0x7f1b9a2798f1 base::MessagePumpDefault::Run()
#40 0x7f1b9a26a450 base::MessageLoop::RunHandler()
#41 0x7f1b9a2ce212 base::RunLoop::Run()
#42 0x7f1b9a269a86 base::MessageLoop::Run()
#43 0x7f1b9f4a0a24 content::RendererMain()
#44 0x7f1b9a374655 content::RunZygote()
#45 0x7f1b9a3748c9 content::RunNamedProcessTypeMain()
#46 0x7f1b9a375765 content::ContentMainRunnerImpl::Run()
#47 0x7f1b9a373db7 content::ContentMain()
#48 0x7f1b9a117513 oxide::OxideMain()
#49 0x0000004006dd main
#50 0x7f1b992e8ec5 __libc_start_main
#51 0x0000004005f9 <unknown>
  r8: ffffffffffcf7e40 r9: ffffffffffcf7e30 r10: 0000000000000008 r11: 0000000000000206
r12: 00007f1b996871c0 r13: 0000000000000000 r14: 0000000000000000 r15: 0000000000000000
  di: 0000000000004db2 si: 0000000000004db2 bp: 00007fff98029aa0 bx: 00000000000009ed
  dx: 0000000000000006 ax: 0000000000000000 cx: ffffffffffffffff sp: 00007fff98029968
  ip: 00007f1b992fdf79 efl: 0000000000000206 cgf: 0000000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2014-06-03:

Would be nice to see if we could come up with something low risk for the first proper release as well, even if it doesn't have clipboard support

Changed in oxide:
importance:	Undecided → High
status:	New → Triaged

Chris Coulson (chrisccoulson) on 2014-06-03

Changed in oxide:
milestone:	none → 1.1

Chris Coulson (chrisccoulson) on 2014-07-03

Changed in oxide:
milestone:	branch-1.1 → branch-1.2

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2014-07-30:

I believe this crash was actually fixed by http://src.chromium.org/viewvc/chrome?view=revision&revision=263420

Changed in oxide:
status:	Triaged → Incomplete
status:	Incomplete → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.