From 0f73bba452f4590cb4c4eccea77cf81870ad5294 Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 11:00:49 +0200 Subject: [PATCH] fix: crash on reconversion with google IME and editcontext on macOS (#46700) * fix: crash on reconversion with google IME and editcontext on macOS Co-authored-by: deepak1556 * chore: update .patches * Trigger CI * chore: fix patch indices --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: deepak1556 Co-authored-by: John Kleinschmidt Co-authored-by: Shelley Vohr --- patches/chromium/.patches | 1 + ...ion_due_to_invalid_replacement_range.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 7e801c05a49d..b9c114414d85 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -146,3 +146,4 @@ fix_drag_and_drop_icons_on_windows.patch chore_remove_conflicting_allow_unsafe_libc_calls.patch fix_take_snapped_status_into_account_when_showing_a_window.patch chore_modify_chromium_handling_of_mouse_events.patch +mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch diff --git a/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch b/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch new file mode 100644 index 000000000000..9dcc7614a03c --- /dev/null +++ b/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Keren Zhu +Date: Fri, 18 Apr 2025 11:02:46 -0700 +Subject: mac: fix CHECK on IME reconversion due to invalid replacement range +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It appears that Google Japanese IME can call -setMarkedText: with an +invalid replacement range when doing text reconversion (変換, i.e., +conversion between different text with same pronunciation). This range +is a NSRange and NSRange.location is supposed to be NSNotFound (2^31-1) +for invalid range, but the IME can pass in 2^32. Subsequently causing +CHECK error. + +This CL fixes the issue by converting such invalid NSRange to +gfx::InvalidRange using FromPossiblyInvalidNSRange(range). + +Fixed: 409864204 +Change-Id: I08ff426a933ef76aa81e33af59aa32e2ac0b674d +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6470915 +Commit-Queue: Keren Zhu +Reviewed-by: Marijn Kruisselbrink +Cr-Commit-Position: refs/heads/main@{#1448935} + +diff --git a/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm b/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm +index cb65efb56849d57e2e656f90d5b1d737ba2d952d..baad4cf7479646a25967892ef267bcea90c01ad0 100644 +--- a/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm ++++ b/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm +@@ -2430,9 +2430,10 @@ - (void)setMarkedText:(id)string + if ([self isHandlingKeyDown] && !_isReconversionTriggered) { + _setMarkedTextReplacementRange = gfx::Range(replacementRange); + } else { +- _host->ImeSetComposition(_markedText, _imeTextSpans, +- gfx::Range(replacementRange), newSelRange.location, +- NSMaxRange(newSelRange)); ++ _host->ImeSetComposition( ++ _markedText, _imeTextSpans, ++ gfx::Range::FromPossiblyInvalidNSRange(replacementRange), ++ newSelRange.location, NSMaxRange(newSelRange)); + } + + [[self inputContext] invalidateCharacterCoordinates];