Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 156878 Chrome: Crash Report - Stack Signature: `anonymous namespace'::SetAsDefaultBrowserH...
Starred by 5 users Project Member Reported by dharani@chromium.org, Oct 19 2012 Back to list
Status: Verified
Owner:
Closed: Dec 2012
Cc:
NextAction: ----
OS: Windows
Pri: 1
Type: Bug


Sign in to add a comment
These crashes are all happening on Windows 8. Not sure if this change could have caused it - http://src.chromium.org/viewvc/chrome?view=rev&revision=155048

Product: Chrome
Stack Signature: `anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction(A0x58a46ef1::MakeChromeDe...
New Signature Label: `anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction(A0x58a46ef1::MakeChromeDefaul...
New Signature Hash: fed92e9b_1dad48f3_8ad7c35b_619e02ec_5a11844b

Report link: http://go/crash/reportdetail?reportid=21ccaea0bb84a43f

Meta information:
Product Name: Chrome
Product Version: 24.0.1297.0
Report ID: 21ccaea0bb84a43f
Report Time: 2012/10/19 09:37:05, Fri
Uptime: 148 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.2.9200 
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 42 stepping 7
ptype: browser


0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  
0108f5ac 5331ccee chrome_531f0000!`anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction+0x19 [c:\b\build\slave\win\build\src\chrome\browser\ui\webui\set_as_default_browser_ui.cc @ 200]
0108f5bc 53220b6d chrome_531f0000!base::internal::Invoker<2,base::internal::BindState<base::internal::RunnableAdapter<void (__thiscall AudioRendererHost::*)(AudioRendererHost::AudioEntry *)>,void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *),void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *)>,void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *)>::Run+0x15 [c:\b\build\slave\win\build\src\base\bind_internal.h @ 1256]
0108f618 532208c1 chrome_531f0000!MessageLoop::RunTask+0x1eb [c:\b\build\slave\win\build\src\base\message_loop.cc @ 472]
0108f768 533e2b7c chrome_531f0000!MessageLoop::DoWork+0x2ec [c:\b\build\slave\win\build\src\base\message_loop.cc @ 662]
0108f798 532204d2 chrome_531f0000!base::MessagePumpForUI::DoRunLoop+0x5b [c:\b\build\slave\win\build\src\base\message_pump_win.cc @ 241]
0108f7b8 5322043d chrome_531f0000!MessageLoop::RunInternal+0x5f [c:\b\build\slave\win\build\src\base\message_loop.cc @ 422]
0108f7cc 536bc64c chrome_531f0000!base::RunLoop::Run+0x59 [c:\b\build\slave\win\build\src\base\run_loop.cc @ 46]
0108f830 536bc585 chrome_531f0000!ChromeBrowserMainParts::MainMessageLoopRun+0xaa [c:\b\build\slave\win\build\src\chrome\browser\chrome_browser_main.cc @ 1505]
0108f844 536bc54f chrome_531f0000!content::BrowserMainLoop::RunMainMessageLoopParts+0x2d [c:\b\build\slave\win\build\src\content\browser\browser_main_loop.cc @ 481]
0108f854 532666a1 chrome_531f0000!`anonymous namespace'::BrowserMainRunnerImpl::Run+0x13 [c:\b\build\slave\win\build\src\content\browser\browser_main_runner.cc @ 123]
0108f868 53208672 chrome_531f0000!BrowserMain+0x3c [c:\b\build\slave\win\build\src\content\browser\browser_main.cc @ 21]
0108f87c 532085f9 chrome_531f0000!content::RunNamedProcessTypeMain+0x58 [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 448]
0108f8e8 531fa621 chrome_531f0000!content::ContentMainRunnerImpl::Run+0x85 [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 741]
0108f8f8 531fa5ad chrome_531f0000!content::ContentMain+0x29 [c:\b\build\slave\win\build\src\content\app\content_main.cc @ 35]
0108f92c 00885228 chrome_531f0000!ChromeMain+0x1e [c:\b\build\slave\win\build\src\chrome\app\chrome_main.cc @ 28]
0108f9a4 00887a9a chrome!MainDllLoader::Launch+0xe9 [c:\b\build\slave\win\build\src\chrome\app\client_util.cc @ 441]
0108f9c8 00887b05 chrome!RunChrome+0x5d [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 77]
0108fa10 008e046d chrome!wWinMain+0x50 [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 92]
0108faa0 751f1866 chrome!__tmainCRTStartup+0x11a [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 275]
WARNING: Stack unwind information not available. Following frames may be wrong.
0108faac 771d68f1 kernel32+0x1866
0108faf0 771d689d ntdll+0x368f1
0108fb00 00000000 ntdll+0x3689d

 
Comment 1 by grt@chromium.org, Oct 22 2012
Cc: grt@chromium.org
Labels: Hotlist-Windows8
Owner: motek@chromium.org
Looks like a use-after-free.  OnDialogClosed may delete the SetAsDefaultBrowserDialogImpl instance before SetAsDefaultBrowserHandler's processing bounces back to the UI thread to call ConcludeInteraction (if, for example, the user closes the dialog via the 'X' in the corner).  One possible fix would be for the dialog to un-register itself as a ResponseDelegate from the SetAsDefaultBrowserHandler it creates when it's closed.

Assigning to motek@ who is the original author.
Comment 2 by motek@chromium.org, Oct 30 2012
Status: Started
Comment 3 by dharani@google.com, Oct 30 2012
Labels: ReleaseBlock-Stable
any updates?
Comment 5 by kareng@google.com, Nov 7 2012
#3 crash in stable. can we get eyes on this ASAP?
Comment 6 by mad@chromium.org, Nov 7 2012
Owner: mad@chromium.org
I'll give it a shot and ask motek/grt to review it...
Comment 7 by motek@chromium.org, Nov 7 2012
If you feel like it.

My excuse: I am away and since Friday without access to my win
workstation or laptop (it broke and is still in repairs). I was
thinking of getting onto this problem once I get the laptop back or
when I am back home at my workstation (Monday), whichever comes first.
Sorry for the delay.
Project Member Comment 8 by bugdroid1@chromium.org, Nov 12 2012
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=167182

------------------------------------------------------------------------
r167182 | mad@chromium.org | 2012-11-12T16:19:49.320182Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/webui/set_as_default_browser_ui.cc?r1=167182&r2=167181&pathrev=167182

Don't post tasks with unretained this pointer.


BUG= 156878 


Review URL: https://chromiumcodereview.appspot.com/11390004
------------------------------------------------------------------------
Comment 9 by mad@chromium.org, Nov 12 2012
It's in now... Let's see the results on the next canary... Or let me know if you want to merge beforehand...
Comment 10 by grt@chromium.org, Nov 12 2012
We have to wait until it goes out on the dev channel to see how it does (canary can't be set as default browser).
Comment 11 by kareng@google.com, Nov 26 2012
how's this looking? i have a bunch of these on m23. is this fix mergeable?
Comment 12 by grt@chromium.org, Nov 26 2012
The fix is in 1324, which hasn't made it out on dev yet.  We have no data.
Cc: pbomm...@chromium.org
Comment 14 by dharani@google.com, Nov 28 2012
Labels: Merge-Requested
Once the dev channel (1337.0) is verified, we could merge it in M24.
These are the scenarios which I tried on 25.0.1337.0 and didn't saw any crashes.

Scenario 1 : 
---------------------
1. Installed chrome on a machine with screen resolution 1366 X 768
2. From Greg dialog clicked next and then Ignored the system-dialog and immediately close Greg dialog(This will launch chrome in Desktop mode) 

Scenario 2: 
----------------------
1. Installed chrome on a machine with screen resolution 1366 X 768
2. Launched chrome and from Greg dialog make chrome as default(This will launch chrome in Windows 8 mode)

Scenario 3: 
-------------------------
1. Installed chrome on a machine with screen resolution more than 1366 X 768
2. launched Chrome and from Greg dialog make Chrome as default(This will launch chrome in Desktop mode)

Scenario 4:
-----------------
1. Installed chrome on a machine with screen resolution more than 1366 X 768
2. From Greg dialog clicked next and then Ignored the system-dialog and immediately close Greg dialog(This will launch chrome in Desktop mode) 

Note : Even without the Fix tried but couldn't see any crash.


Labels: QA-Verified
Marking as QA Verified as per comment #15
Comment 17 by dharani@google.com, Nov 30 2012
Labels: -Merge-Requested Merge-Approved
Thanks for verifying! mad: I don't see any crashes in latest dev channel. Let's merge it in M24.
Project Member Comment 18 by bugdroid1@chromium.org, Dec 3 2012
Labels: -Merge-Approved merge-merged-1312
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=170735

------------------------------------------------------------------------
r170735 | mad@chromium.org | 2012-12-03T14:33:09.534893Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1312/src/chrome/browser/ui/webui/set_as_default_browser_ui.cc?r1=170735&r2=170734&pathrev=170735

Merge 167182 - Don't post tasks with unretained this pointer.


BUG= 156878 


Review URL: https://chromiumcodereview.appspot.com/11390004

TBR=mad@chromium.org
Review URL: https://codereview.chromium.org/11412300
------------------------------------------------------------------------
Comment 19 by mad@chromium.org, Dec 3 2012
Status: Fixed
Status: Verified
verified using beta build 24.0.1312.32 on Windows 8 machine.
Project Member Comment 21 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Mstone-24 M-24
Sign in to add a comment