New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 178487 link

Starred by 3 users

Issue metadata

Status: Verified
Owner:
Email to this user bounced
Closed: Mar 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

[Windows 7,XP] Chrome crashes when installing the app launcher (and the first packaged app)

Reported by athigle@chromium.org, Feb 26 2013

Issue description

Chrome Version       : 26.0.1410.12 dev
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 5:
Firefox 4.x:
IE 7/8/9:

What steps will reproduce the problem?
1. Install Chrome dev.
2. Install CIRC app (http://blog.chromium.org/2013/02/chrome-app-launcher-developer-preview.html)


What is the expected result?
App Launcher is installed and CIRC app is added to it

What happens instead?
App Launcher is installed but Chrome crashes

Please provide any additional information below. Attach a screenshot if
possible.



 
This is not reproducible on Windows 8

Crash ID bace2a0de89ef1a5
Cc: benwells@chromium.org
cc-ing Ben to take a look.
Cc: security@chromium.org
Labels: Restrict-View-SecurityTeam
cc-ing security since a crash is a potential security bug.

Comment 4 by palmer@google.com, Feb 27 2013

Labels: -Restrict-View-SecurityTeam Feature-Apps
Looks like a NULL pointer deref, which is only a security issue in userland in extremely strange/rare cases (NULL + unbounded user-controllable offset). This doesn't seem to be that.

Apps crew, a regular stability issue?
Summary: [Windows 7,XP] Chrome crashes when installing the app launcher (and the first packaged app) (was: [Windows 7] Chrome crashes when installing the app launcher (and the first packaged app))
This is also reproducible on Windows XP
Cc: -security@chromium.org
-security@
Cc: security-bug-mail@chromium.org
Adding correct security team mail alias, so that every member of chrome-security does not individually receive mail.
Cc: -security-bug-mail@chromium.org erikwright@chromium.org saroop@chromium.org tapted@chromium.org hua...@chromium.org koz@chromium.org
Owner: benwells@chromium.org
Status: Assigned
Looking.
Owner: erikwright@chromium.org
From the stack dump this is happening in app_host_installer_win.cc. Seems to be a problem with callback_.Reset().

I've never seen this crash.

Erik or Sam: please take a look.
Labels: Mstone-26 ReleaseBlock-Stable

Comment 11 Deleted

CL up for review: https://codereview.chromium.org/12378018
Project Member

Comment 13 by bugdroid1@chromium.org, Mar 1 2013

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=185412

------------------------------------------------------------------------
r185412 | erikwright@chromium.org | 2013-03-01T02:21:17.945490Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/app_host_installer_win.cc?r1=185412&r2=185411&pathrev=185412

Don't access members after invoking callback.


R=benwells@chromium.org
BUG= 178487 


Review URL: https://chromiumcodereview.appspot.com/12378018
------------------------------------------------------------------------
Status: Fixed
athigle: Could you please verify on 27.0.1426.0? If it passes I'll request merge to M26 branch.
Project Member

Comment 15 by bugdroid1@chromium.org, Mar 1 2013

Labels: Merge-TBD
Is there a merge required here?
Status: Verified
Verified fixed in 27.0.1426.0 on Windows 7. Chrome does not crash when installing the app launcher (and first packaged app)
Labels: -Merge-TBD Merge-Requested
Labels: -Merge-Requested Merge-Approved
Project Member

Comment 19 by bugdroid1@chromium.org, Mar 1 2013

Labels: -Merge-Approved merge-merged-1410
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=185571

------------------------------------------------------------------------
r185571 | erikwright@chromium.org | 2013-03-01T19:35:50.366043Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1410/src/chrome/browser/extensions/app_host_installer_win.cc?r1=185571&r2=185570&pathrev=185571

Merge 185412
> Don't access members after invoking callback.
> 
> 
> R=benwells@chromium.org
> BUG= 178487 
> 
> 
> Review URL: https://chromiumcodereview.appspot.com/12378018

TBR=erikwright@chromium.org
Review URL: https://codereview.chromium.org/12383057
------------------------------------------------------------------------
Project Member

Comment 20 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Area-Internals -Feature-Apps-AppLauncher -Feature-Apps -Mstone-26 Cr-Platform-Apps-AppLauncher Cr-Platform-Apps Cr-Internals M-26

Sign in to add a comment