Regression: crash with proxy authentication null pointer
Reported by
dan.mel...@apps.pusd.org,
Aug 1 2016
|
|||||||||||||
Issue description
Chrome Version : 52.0.2743.82 m
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari: OK (all)
Firefox: OK (all)
IE: OK (all)
Chrome: OK (51.0.2407.103 m or earlier)
What steps will reproduce the problem?
(1) Go to a web page through the proxy server that requires authentication
What is the expected result?
Load page
What happens instead?
Crash
Please provide any additional information below. Attach a screenshot if
possible.
Starting to see this on several machines after updating from 51.0.2407.103 m to 52.0.2743.82 m
Stack in WinDBG shows:
LoginDialogCallback
ShowLoginPrompt
BuildViewWithoutPasswordManager
BuildViewImpl
ShowWebModalDialogViews
CreateWebModalDialogViews
Analyze -v says the problem was "NULL_CLASS_PTR_READ" in CreateWebModalDialogViews of chrome.exe in chrome.dll.
Bugcheck: NULL_CLASS_PTR_READ_INVALID_POINTER_READ
From WinDBG, if it's helpful:
GetUrlPageData2 (WinHttp) failed: 12029.
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=00000000 ebx=001ff388 ecx=0a743a58 edx=6af35e74 esi=0a743a58 edi=0a477e40
eip=6a0575fb esp=001fef80 ebp=001fef80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
chrome_68cf0000!web_modal::WebContentsModalDialogManager::delegate [inlined in chrome_68cf0000!constrained_window::CreateWebModalDialogViews+0xc]:
6a0575fb 8b4814 mov ecx,dword ptr [eax+14h] ds:002b:00000014=????????
Resetting default scope
FAULTING_IP:
chrome_68cf0000!constrained_window::CreateWebModalDialogViews+c [c:\b\build\slave\win\build\src\components\constrained_window\constrained_window_views.cc @ 152]
6a0575fb 8b4814 mov ecx,dword ptr [eax+14h]
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 6a0575fb (chrome_68cf0000!web_modal::WebContentsModalDialogManager::delegate)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000014
Attempt to read from address 00000014
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ
PROCESS_NAME: chrome.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000014
READ_ADDRESS: 00000014
,
Aug 1 2016
Could you please try logging from incognito window? Also share the crash id from chrome://crashes for further investigation.
,
Aug 2 2016
Thanks for the report. Request you to please provide us with sample website link, with which will help us triage the issue further. Thank you!
,
Aug 2 2016
Looks like WebContentsModalDialogManager::FromWebContents is returning NULL. Presumably either the WebContents has been destroyed, or just doesn't have a WebContentsModalDialogManager for some reason. CCing owners of components/web_modal/ and chrome/browser/ui/login.
,
Aug 2 2016
It's likely whatever WebContents is generating the dialog does not have a WebContentsModalDialogManager created for it via web_modal::WebContentsModalDialogManager::CreateForWebContents(). The manager is necessary to show web modal dialogs generated by the WebContents. +hcarmona, who looked into similar issues with other dialogs.
,
Aug 2 2016
Sounds pretty similar to bug 543453, possibly a dupe. Unfortunately we weren't able to repro there.
,
Aug 2 2016
Just a minor update that Bryan is testing it with incognito and gathering some crash ids.
,
Aug 4 2016
The "What steps will reproduce the problem?" section needs a little more detail... If someone can edit the "steps to reproduce" section of this issue report with the following, it'll go a long way towards helping everyone understand what we're running into: --- [1] Launch Chrome in normal mode [2] Activate the avatar menu by clicking on the little silhouette [3] Click on the "Sign in to Chrome" button At this point, the LoginPrompt window is drawn, then the Chrome window immediately closes. There is no "aw snap" message from Chrome, nor is there any dialog raised by the OS about an application unexpectedly quitting. It's important to note that our LAN is behind an authenticating web proxy. When I use these same computers to access the LoginPrompt while connected to a network with no authenticating proxy, or when using Fiddler to automatically include proxy credentials in the http/https headers, the LoginPrompt works fine - no crash. A quick packet capture seems to show that the crash occurs shortly after an https connection attempt to ssl.gstatic.com. Our proxy responds with the typical http 407 error (proxy authentication required), to which the client responds with a series of RST, ACK packets as the application crashes. --- Testing this in incognito mode doesn't apply, since incognito mode lacks the avatar menu and the crash only occurs when clicking on the "Sign in to Chrome" button. The chrome://crashes shows "You have no recently reported crashes..." even after enabling the "Automatically send usage statistics and crash reports to Google". Dump files are being created in the "...\User Data\Crashpad\reports" folder, but nothing in chrome://crashes. If there's something else that I need to do to enable crash reporting, please let me know.
,
Aug 5 2016
Adding sign-in-related components, because the reproduction is relevant to that.
,
Aug 5 2016
Request MTV team to look into the issue.
,
Aug 5 2016
There's some confusion here because the LoginPrompt you're seeing in the stack is the proxy authentication prompt, not the sign in to Chrome prompt (as referred to in #1). The crash seems to happen when Chrome tries to show a modal dialog (the proxy auth prompt) on top of the tab-modal Sign In Flow. As a modal dialog itself, the sign in flow's WebContents doesn't have a WebContentsModalDialogManager because we don't show dialogs on top of dialogs. In any case, this is the same bug as Issue 633287 so I'll merge it in that one. You should be able to work around it by disabling chrome://flags/#enable-password-separated-signin-flow in the meantime.
,
Aug 5 2016
Oops, meant "this is the same bug as Issue 629529" in the previous comment.
,
Aug 9 2016
From Bryan's testing: "FYI, disabling the flag that they recommend (Enable new gaia password-separated sign in flow) does prevent the crash from occurring. Unfortunately, it also prevents the sign-in from working at all. The sign-in window allows the user to enter a username and password, but displays an “uh-oh!” message and squawks that something went wrong." We have a partial workaround by having the user log into the proxy before logging into the browser, but that has also been inconsistent.
,
Nov 29
|
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by bryan.wo...@apps.pusd.org
, Aug 1 2016