Chrome crash on save password popup when utf8 char used
Reported by
chri...@sandn.net,
Jul 1 2016
|
|||
Issue description
Chrome Version : 51.0.2704.106 m
Other browsers tested:
Firefox: PASS
What steps will reproduce the problem?
(1) Signup/change password on any website to the password 12????345a (I replicated this with a github account login)
I think the important part is to have a 4 byte UTF-8 character within the middle of the password
(2) Signin to any page which will popup the "Do you want Google Chrome to save your password for this site?"
(So this must be on a site where Chrome doesn't already have saved credentials)
(3) Chrome crashes
What is the expected result?
Chrome should not crash
What happens instead?
Chrome immediately crashes and closes
Please provide any additional information below. Attach a screenshot if
possible.
Crash ID 65c312fc00000000 (964fe769-d209-4380-9155-898f1ebb1a4d)
,
Jul 1 2016
Thread 0 CRASHED [EXCEPTION_BREAKPOINT @ 0x69e4a519 ] MAGIC SIGNATURE THREAD 0x69e4a519 (chrome.dll -debugger_win.cc:21 ) base::debug::BreakDebugger() 0x6aa0b342 (chrome.dll -render_text_harfbuzz.cc:1287 ) gfx::RenderTextHarfBuzz::ItemizeTextToRuns(std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > const &,gfx::internal::TextRunList *) 0x6aa0a0b5 (chrome.dll -render_text_harfbuzz.cc:1532 ) gfx::RenderTextHarfBuzz::EnsureLayoutRunList() 0x6aa09d93 (chrome.dll -render_text_harfbuzz.cc:1065 ) gfx::RenderTextHarfBuzz::EnsureLayout() 0x6aa0ace3 (chrome.dll -render_text_harfbuzz.cc:796 ) gfx::RenderTextHarfBuzz::GetStringSizeF() 0x6aa0ac8a (chrome.dll -render_text_harfbuzz.cc:791 ) gfx::RenderTextHarfBuzz::GetStringSize() 0x6a773411 (chrome.dll -label.cc:534 ) views::Label::GetTextSize() 0x6a77327b (chrome.dll -label.cc:239 ) views::Label::GetPreferredSize() 0x6a7771e0 (chrome.dll -grid_layout.cc:604 ) views::ColumnSet::CalculateSize() 0x6a7777dc (chrome.dll -grid_layout.cc:860 ) views::GridLayout::SizeRowsAndColumns(bool,int,int,gfx::Size *) 0x6a7775be (chrome.dll -grid_layout.cc:803 ) views::GridLayout::Layout(views::View *) 0x6b98c478 (chrome.dll -manage_password_items_view.cc:288 ) ManagePasswordItemsView::AddRows() 0x6b98c217 (chrome.dll -manage_password_items_view.cc:275 ) ManagePasswordItemsView::ManagePasswordItemsView(ManagePasswordsBubbleModel *,std::vector<autofill::PasswordForm const *,std::allocator<autofill::PasswordForm const *> > const &) 0x6b96f384 (chrome.dll -manage_passwords_bubble_view.cc:314 ) ManagePasswordsBubbleView::PendingView::PendingView(ManagePasswordsBubbleView *) 0x6b9701a9 (chrome.dll -manage_passwords_bubble_view.cc:826 ) ManagePasswordsBubbleView::Refresh() 0x6b441f38 (chrome.dll -bubble_dialog_delegate.cc:65 ) views::BubbleDialogDelegateView::CreateBubble(views::BubbleDialogDelegateView *) 0x6b970309 (chrome.dll -manage_passwords_bubble_view.cc:744 ) ManagePasswordsBubbleView::ShowBubble(content::WebContents *,LocationBarBubbleDelegateView::DisplayReason) 0x6b797743 (chrome.dll -tab_dialogs_views.cc:63 ) TabDialogsViews::ShowManagePasswordsBubble(bool) 0x6ac127ed (chrome.dll -browser_commands.cc:832 ) chrome::ManagePasswordsForPage(Browser *) 0x6abb7eac (chrome.dll -browser_command_controller.cc:468 ) chrome::BrowserCommandController::ExecuteCommandWithDisposition(int,WindowOpenDisposition) 0x6b3ff140 (chrome.dll -command_updater.cc:50 ) CommandUpdater::ExecuteCommandWithDisposition(int,WindowOpenDisposition) 0x6b3ff110 (chrome.dll -command_updater.cc:43 ) CommandUpdater::ExecuteCommand(int) 0x6abe273e (chrome.dll -manage_passwords_ui_controller.cc:420 ) ManagePasswordsUIController::ShowBubbleWithoutUserInteraction() 0x6abe2801 (chrome.dll -manage_passwords_ui_controller.cc:180 ) ManagePasswordsUIController::UpdateIconAndBubbleState(ManagePasswordsIconView *) 0x6b77f4a8 (chrome.dll -location_bar_view.cc:1027 ) LocationBarView::RefreshManagePasswordsIconView() 0x6b77fc27 (chrome.dll -location_bar_view.cc:1103 ) LocationBarView::UpdateManagePasswordsIconAndBubble() 0x6abe27c4 (chrome.dll -manage_passwords_ui_controller.cc:378 ) ManagePasswordsUIController::UpdateBubbleAndIconVisibility() 0x6abe259c (chrome.dll -manage_passwords_ui_controller.cc:87 ) ManagePasswordsUIController::OnPasswordSubmitted(std::unique_ptr<password_manager::PasswordFormManager,std::default_delete<password_manager::PasswordFormManager> >) 0x6b400444 (chrome.dll -chrome_password_manager_client.cc:234 ) ChromePasswordManagerClient::PromptUserToSaveOrUpdatePassword(std::unique_ptr<password_manager::PasswordFormManager,std::default_delete<password_manager::PasswordFormManager> >,password_manager::CredentialSourceType,bool) 0x6afc0e21 (chrome.dll -password_manager.cc:693 ) password_manager::PasswordManager::OnLoginSuccessful() 0x6afc110c (chrome.dll -password_manager.cc:635 ) password_manager::PasswordManager::OnPasswordFormsRendered(password_manager::PasswordManagerDriver *,std::vector<autofill::PasswordForm,std::allocator<autofill::PasswordForm> > const &,bool) 0x6b8d7dac (chrome.dll -content_password_manager_driver.cc:193 ) password_manager::ContentPasswordManagerDriver::OnPasswordFormsRendered(std::vector<autofill::PasswordForm,std::allocator<autofill::PasswordForm> > const &,bool) 0x6b8d7433 (chrome.dll -ipc_message_templates.h:121 ) IPC::MessageT<AutofillHostMsg_PasswordFormsRendered_Meta,std::tuple<std::vector<autofill::PasswordForm,std::allocator<autofill::PasswordForm> >,bool>,void>::Dispatch<password_manager::ContentPasswordManagerDriver,password_manager::ContentPasswordManagerDriver,void,void ( password_manager::ContentPasswordManagerDriver::*)(std::vector<autofill::PasswordForm,std::allocator<autofill::PasswordForm> > const &,bool)>(IPC::Message const *,password_manager::ContentPasswordManagerDriver *,password_manager::ContentPasswordManagerDriver *,void *,void ( password_manager::ContentPasswordManagerDriver::*)(std::vector<autofill::PasswordForm,std::allocator<autofill::PasswordForm> > const &,bool)) 0x6b8d7ad3 (chrome.dll -content_password_manager_driver.cc:149 ) password_manager::ContentPasswordManagerDriver::HandleMessage(IPC::Message const &) 0x6b8d5c21 (chrome.dll -content_password_manager_driver_factory.cc:104 ) password_manager::ContentPasswordManagerDriverFactory::OnMessageReceived(IPC::Message const &,content::RenderFrameHost *) 0x6ac3487e (chrome.dll -web_contents_impl.cc:614 ) content::WebContentsImpl::OnMessageReceived(content::RenderViewHost *,content::RenderFrameHost *,IPC::Message const &) 0x6ac35209 (chrome.dll -web_contents_impl.cc:3869 ) content::WebContentsImpl::OnMessageReceived(content::RenderFrameHost *,IPC::Message const &) 0x6ac3f0b6 (chrome.dll -render_frame_host_impl.cc:480 ) content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const &) 0x6ac45e4d (chrome.dll -render_process_host_impl.cc:1776 ) content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &) 0x6a8047f7 (chrome.dll -ipc_channel_proxy.cc:282 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x6ac4900a (chrome.dll -bind_internal.h:362 ) base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<bool ( content::BrowserMessageFilter::Internal::*)(IPC::Message const &)>,void ,content::BrowserMessageFilter::Internal * const,IPC::Message const &>,base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<bool ( content::BrowserMessageFilter::Internal::*)(IPC::Message const &)> >,void >::Run(base::internal::BindStateBase *) 0x69eaa06a (chrome.dll -task_annotator.cc:51 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &) 0x69e563ee (chrome.dll -message_loop.cc:479 ) base::MessageLoop::RunTask(base::PendingTask const &) 0x69e56d71 (chrome.dll -message_loop.cc:600 ) base::MessageLoop::DoWork() 0x69eaa51e (chrome.dll -message_pump_win.cc:167 ) base::MessagePumpForUI::DoRunLoop() 0x69eaa1a5 (chrome.dll -message_pump_win.cc:50 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x69e90a33 (chrome.dll -run_loop.cc:35 ) base::RunLoop::Run() 0x6a67b175 (chrome.dll -chrome_browser_main.cc:1856 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x6acb4256 (chrome.dll -browser_main_loop.cc:945 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x6acb15ae (chrome.dll -browser_main_runner.cc:154 ) content::BrowserMainRunnerImpl::Run() 0x6ac75a10 (chrome.dll -browser_main.cc:45 ) content::BrowserMain(content::MainFunctionParams const &) 0x6a769f74 (chrome.dll -content_main_runner.cc:422 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x6a769ee2 (chrome.dll -content_main_runner.cc:789 ) content::ContentMainRunnerImpl::Run() 0x6a767957 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x6a637fac (chrome.dll -chrome_main.cc:84 ) ChromeMain 0x0138fcd6 (chrome.exe -main_dll_loader_win.cc:183 ) MainDllLoader::Launch(HINSTANCE__ *) 0x0138f3b6 (chrome.exe -chrome_exe_main_win.cc:268 ) wWinMain 0x013ba423 (chrome.exe -exe_common.inl:255 ) __scrt_common_main_seh 0x77413389 (kernel32.dll + 0x00013389 ) BaseThreadInitThunk 0x77c79901 (ntdll.dll + 0x00039901 ) __RtlUserThreadStart 0x77c798d4 (ntdll.dll + 0x000398d4 ) _RtlUserThreadStart
,
Jul 5 2016
I can confirm this bug in current stable and beta, but it appears fixed in dev (53.0.2783.2). Moreover, the fix seems to be https://codereview.chromium.org/2081273002, so duping against bug 606009 tracking that. |
|||
►
Sign in to add a comment |
|||
Comment 1 by chri...@sandn.net
, Jul 1 2016