Issue 664526 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Nov 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: UNKNOWN in skia::GetMetaData

Reported by chromium...@gmail.com, Nov 11 2016

Issue description

VERSION
Chrome Version: 56.0.2915.0
Operating System: Windows 7

REPRODUCTION CASE
1. Lunch chrome
2. Open testcase.pdf

0:000> .ecxr
rax=00000000f0e0d0c0 rbx=0000000000000000 rcx=000000000526d6a0
rdx=000000000020cd08 rsi=000000000526d6a0 rdi=000000000526d6a0
rip=000007fed666cb55 rsp=000000000020cc98 rbp=000000000020cf40
 r8=000000000020cbb8  r9=0000000000000000 r10=0000000000000000
r11=000000000020cc60 r12=0000000000000001 r13=00000000040aea20
r14=000001907c0e0000 r15=0000000002f20980
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=0000  ds=0000  es=0000  fs=0053  gs=002b             efl=00010246
*** WARNING: Unable to verify checksum for chrome_child.dll
chrome_child!skia::GetMetaData+0x9:
000007fe`d666cb55 488b4808        mov     rcx,qword ptr [rax+8] ds:00000000`f0e0d0c8=????????????????
0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
00000000`0020cc98 000007fe`d7644b71 chrome_child!skia::GetMetaData+0x9 [c:\b\build\slave\win64-pgo\build\src\skia\ext\platform_canvas.cc @ 79]
00000000`0020cca0 000007fe`d70d88c9 chrome_child!printing::MetafileSkiaWrapper::GetMetafileFromCanvas+0x9 [c:\b\build\slave\win64-pgo\build\src\printing\metafile_skia_wrapper.cc @ 35]
00000000`0020ccd0 000007fe`d70d8967 chrome_child!content::PepperPluginInstanceImpl::PrintPDFOutput+0x4d [c:\b\build\slave\win64-pgo\build\src\content\renderer\pepper\pepper_plugin_instance_impl.cc @ 2034]
00000000`0020cd50 000007fe`d70d8821 chrome_child!content::PepperPluginInstanceImpl::PrintPageHelper+0x53 [c:\b\build\slave\win64-pgo\build\src\content\renderer\pepper\pepper_plugin_instance_impl.cc @ 1845]
00000000`0020cd80 000007fe`d7110a56 chrome_child!content::PepperPluginInstanceImpl::PrintEnd+0x4d [c:\b\build\slave\win64-pgo\build\src\content\renderer\pepper\pepper_plugin_instance_impl.cc @ 1853]
00000000`0020cdb0 000007fe`d6afb45f chrome_child!content::PepperWebPluginImpl::printEnd+0x12 [c:\b\build\slave\win64-pgo\build\src\content\renderer\pepper\pepper_webplugin_impl.cc @ 289]
00000000`0020cde0 000007fe`d71e1282 chrome_child!blink::WebLocalFrameImpl::printEnd+0x1b [c:\b\build\slave\win64-pgo\build\src\third_party\webkit\source\web\weblocalframeimpl.cpp @ 1408]
00000000`0020ce10 000007fe`d71e0a6e chrome_child!printing::PrepareFrameAndViewForPrint::FinishPrinting+0x82 [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 868]
00000000`0020ce40 000007fe`d71e203a chrome_child!printing::PrintWebViewHelper::CreatePreviewDocument+0x3ae [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 1310]
00000000`0020d380 000007fe`d71e0482 chrome_child!printing::PrintWebViewHelper::OnFramePreparedForPreviewDocument+0x1e [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 1217]
00000000`0020d3b0 000007fe`d71e298d chrome_child!printing::PrepareFrameAndViewForPrint::CopySelectionIfNeeded+0x3e [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 785]
00000000`0020d3e0 000007fe`d71e2673 chrome_child!printing::PrintWebViewHelper::PrepareFrameForPreviewDocument+0x14d [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 1206]
00000000`0020d430 000007fe`d71decf1 chrome_child!printing::PrintWebViewHelper::OnPrintPreview+0x1fb [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 1185]
00000000`0020d4d0 000007fe`d5e463a4 chrome_child!IPC::MessageT<PrintMsg_PrintPreview_Meta,std::tuple<base::DictionaryValue>,void>::Dispatch<printing::PrintWebViewHelper,printing::PrintWebViewHelper,void,void (__cdecl printing::PrintWebViewHelper::*)(base::DictionaryValue const & __ptr64) __ptr64>+0xbd [c:\b\build\slave\win64-pgo\build\src\ipc\ipc_message_templates.h @ 121]
00000000`0020d5a0 000007fe`d54cc2c3 chrome_child!printing::PrintWebViewHelper::OnMessageReceived+0x93b7e0 [c:\b\build\slave\win64-pgo\build\src\components\printing\renderer\print_web_view_helper.cc @ 989]
00000000`0020d630 000007fe`d5695ee9 chrome_child!content::RenderViewImpl::OnMessageReceived+0x123 [c:\b\build\slave\win64-pgo\build\src\content\renderer\render_view_impl.cc @ 1307]
00000000`0020e580 000007fe`d54ce79a chrome_child!IPC::MessageRouter::RouteMessage+0x29 [c:\b\build\slave\win64-pgo\build\src\ipc\message_router.cc @ 57]
00000000`0020e5b0 000007fe`d54cec20 chrome_child!content::ChildThreadImpl::OnMessageReceived+0xaa [c:\b\build\slave\win64-pgo\build\src\content\child\child_thread_impl.cc @ 795]
00000000`0020e640 000007fe`d527540a chrome_child!IPC::ChannelProxy::Context::OnDispatchMessage+0x28 [c:\b\build\slave\win64-pgo\build\src\ipc\ipc_channel_proxy.cc @ 344]
00000000`0020e670 000007fe`d5275366 chrome_child!base::internal::RunMixin<base::Callback<void __cdecl(void),0,0> >::Run+0x46 [c:\b\build\slave\win64-pgo\build\src\base\callback.h @ 47]

testcase.pdf
1.9 KB Download

Comment 1 by chromium...@gmail.com, Nov 11 2016

This looks like fixed in 56.0.2916.0 (Canary).

Comment 2 by rickyz@chromium.org, Nov 11 2016

Mergedinto: 664036
Status: Duplicate (was: Unconfirmed)

Project Member

Comment 3 by sheriffbot@chromium.org, Feb 18 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 664526 link

Issue metadata

Security: UNKNOWN in skia::GetMetaData

Issue description

Comment 1 by chromium...@gmail.com, Nov 11 2016

Comment 1 Deleted

Comment 2 by rickyz@chromium.org, Nov 11 2016

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Feb 18 2017

Comment 3 Deleted

Sign in to add a comment