New issue
Advanced search Search tips

Issue 156878 link

Starred by 5 users

Issue metadata

Status: Verified
Owner:
Closed: Dec 2012
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Chrome: Crash Report - Stack Signature: `anonymous namespace'::SetAsDefaultBrowserH...

Reported by dharani@chromium.org, Oct 19 2012

Issue description

These crashes are all happening on Windows 8. Not sure if this change could have caused it - http://src.chromium.org/viewvc/chrome?view=rev&revision=155048

Product: Chrome
Stack Signature: `anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction(A0x58a46ef1::MakeChromeDe...
New Signature Label: `anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction(A0x58a46ef1::MakeChromeDefaul...
New Signature Hash: fed92e9b_1dad48f3_8ad7c35b_619e02ec_5a11844b

Report link: http://go/crash/reportdetail?reportid=21ccaea0bb84a43f

Meta information:
Product Name: Chrome
Product Version: 24.0.1297.0
Report ID: 21ccaea0bb84a43f
Report Time: 2012/10/19 09:37:05, Fri
Uptime: 148 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.2.9200 
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 42 stepping 7
ptype: browser


0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  
0108f5ac 5331ccee chrome_531f0000!`anonymous namespace'::SetAsDefaultBrowserHandler::ConcludeInteraction+0x19 [c:\b\build\slave\win\build\src\chrome\browser\ui\webui\set_as_default_browser_ui.cc @ 200]
0108f5bc 53220b6d chrome_531f0000!base::internal::Invoker<2,base::internal::BindState<base::internal::RunnableAdapter<void (__thiscall AudioRendererHost::*)(AudioRendererHost::AudioEntry *)>,void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *),void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *)>,void __cdecl(AudioRendererHost *,AudioRendererHost::AudioEntry *)>::Run+0x15 [c:\b\build\slave\win\build\src\base\bind_internal.h @ 1256]
0108f618 532208c1 chrome_531f0000!MessageLoop::RunTask+0x1eb [c:\b\build\slave\win\build\src\base\message_loop.cc @ 472]
0108f768 533e2b7c chrome_531f0000!MessageLoop::DoWork+0x2ec [c:\b\build\slave\win\build\src\base\message_loop.cc @ 662]
0108f798 532204d2 chrome_531f0000!base::MessagePumpForUI::DoRunLoop+0x5b [c:\b\build\slave\win\build\src\base\message_pump_win.cc @ 241]
0108f7b8 5322043d chrome_531f0000!MessageLoop::RunInternal+0x5f [c:\b\build\slave\win\build\src\base\message_loop.cc @ 422]
0108f7cc 536bc64c chrome_531f0000!base::RunLoop::Run+0x59 [c:\b\build\slave\win\build\src\base\run_loop.cc @ 46]
0108f830 536bc585 chrome_531f0000!ChromeBrowserMainParts::MainMessageLoopRun+0xaa [c:\b\build\slave\win\build\src\chrome\browser\chrome_browser_main.cc @ 1505]
0108f844 536bc54f chrome_531f0000!content::BrowserMainLoop::RunMainMessageLoopParts+0x2d [c:\b\build\slave\win\build\src\content\browser\browser_main_loop.cc @ 481]
0108f854 532666a1 chrome_531f0000!`anonymous namespace'::BrowserMainRunnerImpl::Run+0x13 [c:\b\build\slave\win\build\src\content\browser\browser_main_runner.cc @ 123]
0108f868 53208672 chrome_531f0000!BrowserMain+0x3c [c:\b\build\slave\win\build\src\content\browser\browser_main.cc @ 21]
0108f87c 532085f9 chrome_531f0000!content::RunNamedProcessTypeMain+0x58 [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 448]
0108f8e8 531fa621 chrome_531f0000!content::ContentMainRunnerImpl::Run+0x85 [c:\b\build\slave\win\build\src\content\app\content_main_runner.cc @ 741]
0108f8f8 531fa5ad chrome_531f0000!content::ContentMain+0x29 [c:\b\build\slave\win\build\src\content\app\content_main.cc @ 35]
0108f92c 00885228 chrome_531f0000!ChromeMain+0x1e [c:\b\build\slave\win\build\src\chrome\app\chrome_main.cc @ 28]
0108f9a4 00887a9a chrome!MainDllLoader::Launch+0xe9 [c:\b\build\slave\win\build\src\chrome\app\client_util.cc @ 441]
0108f9c8 00887b05 chrome!RunChrome+0x5d [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 77]
0108fa10 008e046d chrome!wWinMain+0x50 [c:\b\build\slave\win\build\src\chrome\app\chrome_exe_main_win.cc @ 92]
0108faa0 751f1866 chrome!__tmainCRTStartup+0x11a [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 275]
WARNING: Stack unwind information not available. Following frames may be wrong.
0108faac 771d68f1 kernel32+0x1866
0108faf0 771d689d ntdll+0x368f1
0108fb00 00000000 ntdll+0x3689d

 

Comment 1 by grt@chromium.org, Oct 22 2012

Cc: grt@chromium.org
Labels: Hotlist-Windows8
Owner: motek@chromium.org
Looks like a use-after-free.  OnDialogClosed may delete the SetAsDefaultBrowserDialogImpl instance before SetAsDefaultBrowserHandler's processing bounces back to the UI thread to call ConcludeInteraction (if, for example, the user closes the dialog via the 'X' in the corner).  One possible fix would be for the dialog to un-register itself as a ResponseDelegate from the SetAsDefaultBrowserHandler it creates when it's closed.

Assigning to motek@ who is the original author.

Comment 2 by motek@chromium.org, Oct 30 2012

Status: Started

Comment 3 by dharani@google.com, Oct 30 2012

Labels: ReleaseBlock-Stable
any updates?

Comment 5 by kareng@google.com, Nov 7 2012

#3 crash in stable. can we get eyes on this ASAP?

Comment 6 by mad@chromium.org, Nov 7 2012

Owner: mad@chromium.org
I'll give it a shot and ask motek/grt to review it...

Comment 7 by motek@chromium.org, Nov 7 2012

If you feel like it.

My excuse: I am away and since Friday without access to my win
workstation or laptop (it broke and is still in repairs). I was
thinking of getting onto this problem once I get the laptop back or
when I am back home at my workstation (Monday), whichever comes first.
Sorry for the delay.
Project Member

Comment 8 by bugdroid1@chromium.org, Nov 12 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=167182

------------------------------------------------------------------------
r167182 | mad@chromium.org | 2012-11-12T16:19:49.320182Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/webui/set_as_default_browser_ui.cc?r1=167182&r2=167181&pathrev=167182

Don't post tasks with unretained this pointer.


BUG= 156878 


Review URL: https://chromiumcodereview.appspot.com/11390004
------------------------------------------------------------------------

Comment 9 by mad@chromium.org, Nov 12 2012

It's in now... Let's see the results on the next canary... Or let me know if you want to merge beforehand...

Comment 10 by grt@chromium.org, Nov 12 2012

We have to wait until it goes out on the dev channel to see how it does (canary can't be set as default browser).

Comment 11 by kareng@google.com, Nov 26 2012

how's this looking? i have a bunch of these on m23. is this fix mergeable?

Comment 12 by grt@chromium.org, Nov 26 2012

The fix is in 1324, which hasn't made it out on dev yet.  We have no data.
Cc: pbomm...@chromium.org

Comment 14 by dharani@google.com, Nov 28 2012

Labels: Merge-Requested
Once the dev channel (1337.0) is verified, we could merge it in M24.
These are the scenarios which I tried on 25.0.1337.0 and didn't saw any crashes.

Scenario 1 : 
---------------------
1. Installed chrome on a machine with screen resolution 1366 X 768
2. From Greg dialog clicked next and then Ignored the system-dialog and immediately close Greg dialog(This will launch chrome in Desktop mode) 

Scenario 2: 
----------------------
1. Installed chrome on a machine with screen resolution 1366 X 768
2. Launched chrome and from Greg dialog make chrome as default(This will launch chrome in Windows 8 mode)

Scenario 3: 
-------------------------
1. Installed chrome on a machine with screen resolution more than 1366 X 768
2. launched Chrome and from Greg dialog make Chrome as default(This will launch chrome in Desktop mode)

Scenario 4:
-----------------
1. Installed chrome on a machine with screen resolution more than 1366 X 768
2. From Greg dialog clicked next and then Ignored the system-dialog and immediately close Greg dialog(This will launch chrome in Desktop mode) 

Note : Even without the Fix tried but couldn't see any crash.


Labels: QA-Verified
Marking as QA Verified as per comment #15

Comment 17 by dharani@google.com, Nov 30 2012

Labels: -Merge-Requested Merge-Approved
Thanks for verifying! mad: I don't see any crashes in latest dev channel. Let's merge it in M24.
Project Member

Comment 18 by bugdroid1@chromium.org, Dec 3 2012

Labels: -Merge-Approved merge-merged-1312
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=170735

------------------------------------------------------------------------
r170735 | mad@chromium.org | 2012-12-03T14:33:09.534893Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1312/src/chrome/browser/ui/webui/set_as_default_browser_ui.cc?r1=170735&r2=170734&pathrev=170735

Merge 167182 - Don't post tasks with unretained this pointer.


BUG= 156878 


Review URL: https://chromiumcodereview.appspot.com/11390004

TBR=mad@chromium.org
Review URL: https://codereview.chromium.org/11412300
------------------------------------------------------------------------

Comment 19 by mad@chromium.org, Dec 3 2012

Status: Fixed
Status: Verified
verified using beta build 24.0.1312.32 on Windows 8 machine.
Project Member

Comment 21 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-24 M-24

Sign in to add a comment