New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 658955 link

Starred by 1 user
Status: Fixed
Owner:
krasin@chromium.org
Last visit > 30 days ago
Closed: Oct 2016
Cc:
kcc@chromium.org
p...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

CFI: invalid cast in ProcessManagerBrowserTest.NestedURLNavigationsToAppBlocked

Project Member Reported by krasin@chromium.org, Oct 25 2016 
Version: tip
OS: Linux x86-64

What steps will reproduce the problem?
(1) Build browser_tests with Control Flow Integrity enabled + diagnostics enabled:
https://www.chromium.org/developers/testing/control-flow-integrity

gn gen out/cfi-diag '--args=is_debug=false is_cfi=true use_cfi_cast=true use_cfi_diag=true' --check
build/download_gold_plugin.py
ninja -C out/cfi-diag browser_tests # Linking will take about an hour; we're working to make it faster

(2) Run it:

../../chrome/browser/extensions/process_manager_browsertest.cc:919:7: runtime error: control flow integrity check for type 'guest_view::TestGuestViewManager' failed during base-to-derived cast (vtable address 0x000008ecc5a0)
0x000008ecc5a0: note: vtable is of type 'guest_view::GuestViewManager'
 00 00 00 00  f0 14 9e 04 00 00 00 00  90 15 9e 04 00 00 00 00  b0 15 9e 04 00 00 00 00  e0 15 9e 04
              ^ 
[17487:17487:1024/173618:ERROR:gles2_cmd_decoder.cc(16763)] [.DisplayCompositor-0x3bfba5d77e00]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[17487:17487:1024/173618:ERROR:gles2_cmd_decoder.cc(9395)] [.DisplayCompositor-0x3bfba5d77e00]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[17487:17487:1024/173618:ERROR:gles2_cmd_decoder.cc(16763)] [.DisplayCompositor-0x3bfba5d77e00]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[17487:17487:1024/173618:ERROR:gles2_cmd_decoder.cc(9395)] [.DisplayCompositor-0x3bfba5d77e00]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[17276:17496:1024/173618:WARNING:embedded_test_server.cc(201)] Request not handled. Returning 404: /favicon.ico

Comment 1 by krasin@chromium.org, Oct 25 2016 

Corresponding code:
https://cs.chromium.org/chromium/src/chrome/browser/extensions/process_manager_browsertest.cc?q=chrome/browser/extensions/process_manager_browsertest.cc:919&sq=package:chromium&l=918

// Wait for the app's guest WebContents to load.
guest_view::TestGuestViewManager* guest_manager =
    static_cast<guest_view::TestGuestViewManager*>(
        guest_view::TestGuestViewManager::FromBrowserContext(
            browser()->profile()));

It seems that GuestViewManager::set_factory_for_testing(&factory_) is missing:
https://cs.chromium.org/search/?q=GuestViewManager::set_factory_for_testing&sq=package:chromium&type=cs

Comment 2 by krasin@chromium.org, Oct 25 2016 

Fix is sent for a review: https://codereview.chromium.org/2446903003/
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/af85e4c4da6412c77645ff539069eb165361b395

commit af85e4c4da6412c77645ff539069eb165361b395
Author: krasin <krasin@chromium.org>
Date: Tue Oct 25 17:54:26 2016

Properly initialize GuestViewManager.factory in ProcessManagerBrowserTest.

BUG= 658955 

Review-Url: https://codereview.chromium.org/2446903003
Cr-Commit-Position: refs/heads/master@{#427406}

[modify] https://crrev.com/af85e4c4da6412c77645ff539069eb165361b395/chrome/browser/extensions/process_manager_browsertest.cc

Comment 4 by krasin@chromium.org, Oct 26 2016

Status: Fixed (was: Untriaged)

Sign in to add a comment