From fdc6a3b10873d5bd99787434a9cecbc8a8c74b8c Mon Sep 17 00:00:00 2001 From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com> Date: Mon, 21 Apr 2025 10:28:20 -0400 Subject: [PATCH] fix: crash on reconversion with google IME and editcontext on macOS (#46699) Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: deepak1556 --- patches/chromium/.patches | 1 + ...ion_due_to_invalid_replacement_range.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch diff --git a/patches/chromium/.patches b/patches/chromium/.patches index db2f7faefb4b..970ba996347a 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -145,3 +145,4 @@ fix_win32_synchronous_spellcheck.patch chore_remove_conflicting_allow_unsafe_libc_calls.patch fix_linter_error.patch revert_enable_crel_for_arm32_targets.patch +mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch diff --git a/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch b/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch new file mode 100644 index 000000000000..3298782f91e5 --- /dev/null +++ b/patches/chromium/mac_fix_check_on_ime_reconversion_due_to_invalid_replacement_range.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Keren Zhu +Date: Fri, 18 Apr 2025 11:02:46 -0700 +Subject: mac: fix CHECK on IME reconversion due to invalid replacement range +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It appears that Google Japanese IME can call -setMarkedText: with an +invalid replacement range when doing text reconversion (変換, i.e., +conversion between different text with same pronunciation). This range +is a NSRange and NSRange.location is supposed to be NSNotFound (2^31-1) +for invalid range, but the IME can pass in 2^32. Subsequently causing +CHECK error. + +This CL fixes the issue by converting such invalid NSRange to +gfx::InvalidRange using FromPossiblyInvalidNSRange(range). + +Fixed: 409864204 +Change-Id: I08ff426a933ef76aa81e33af59aa32e2ac0b674d +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6470915 +Commit-Queue: Keren Zhu +Reviewed-by: Marijn Kruisselbrink +Cr-Commit-Position: refs/heads/main@{#1448935} + +diff --git a/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm b/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm +index f2499bc084312a09b2324567d270fc1b899e7617..12ee7e75e437426f28002c7c9f4d5f5b5016ec53 100644 +--- a/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm ++++ b/content/app_shim_remote_cocoa/render_widget_host_view_cocoa.mm +@@ -2415,9 +2415,10 @@ - (void)setMarkedText:(id)string + if ([self isHandlingKeyDown] && !_isReconversionTriggered) { + _setMarkedTextReplacementRange = gfx::Range(replacementRange); + } else { +- _host->ImeSetComposition(_markedText, _imeTextSpans, +- gfx::Range(replacementRange), newSelRange.location, +- NSMaxRange(newSelRange)); ++ _host->ImeSetComposition( ++ _markedText, _imeTextSpans, ++ gfx::Range::FromPossiblyInvalidNSRange(replacementRange), ++ newSelRange.location, NSMaxRange(newSelRange)); + } + + [[self inputContext] invalidateCharacterCoordinates];