Issue 665269 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Nov 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Crash in BrowserList::NotifyBrowserNoLongerActive

Reported by chromium...@gmail.com, Nov 15 2016

Issue description

VERSION
Chrome Version: 56.0.2919.0 canary (64-bit)
Operating System: Windows 7

REPRODUCTION CASE
This crash happened when I was viewing a picture on my account of Facebook.

>> Crash ID 03e2cf0d-ee2e-46b3-9e7c-14600df8311c

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION

rax=000000003bc81840 rbx=00000000082cc0d0 rcx=000000003bc81840
rdx=00000000082cc0d0 rsi=0000000000020300 rdi=000000000ae1bd00
rip=000007fed362f7ff rsp=000000000022e970 rbp=000000000022e9d0
 r8=41c0000041800000  r9=0000000012c68590 r10=000000000022e9b0
r11=000000000000000b r12=000000000ae1bd70 r13=0000000000140492
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=0000  ds=0000  es=0000  fs=0053  gs=002b             efl=00010202
*** WARNING: Unable to verify checksum for chrome.dll
chrome_7fed1540000!BrowserList::NotifyBrowserNoLongerActive+0x97:
000007fe`d362f7ff 41ff5018        call    qword ptr [r8+18h] ds:41c00000`41800018=????????????????
0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
00000000`0022e970 000007fe`d36f114a chrome_7fed1540000!BrowserList::NotifyBrowserNoLongerActive+0x97 [c:\b\build\slave\win64-pgo\build\src\chrome\browser\ui\browser_list.cc @ 238]
00000000`0022e9e0 000007fe`d3a92c03 chrome_7fed1540000!BrowserFrame::OnNativeWidgetActivationChanged+0x2e [c:\b\build\slave\win64-pgo\build\src\chrome\browser\ui\views\frame\browser_frame.cc @ 219]
00000000`0022ea10 000007fe`d3acb01f chrome_7fed1540000!views::DesktopNativeWidgetAura::HandleActivationChanged+0x27 [c:\b\build\slave\win64-pgo\build\src\ui\views\widget\desktop_aura\desktop_native_widget_aura.cc @ 351]
00000000`0022ea40 000007fe`d3adf6a5 chrome_7fed1540000!views::DesktopWindowTreeHostWin::HandleActivationChanged+0x33 [c:\b\build\slave\win64-pgo\build\src\ui\views\widget\desktop_aura\desktop_window_tree_host_win.cc @ 727]
00000000`0022ea70 000007fe`d3adf041 chrome_7fed1540000!views::HWNDMessageHandler::PostProcessActivateMessage+0x5d [c:\b\build\slave\win64-pgo\build\src\ui\views\win\hwnd_message_handler.cc @ 1027]
00000000`0022eb00 000007fe`d2a107ca chrome_7fed1540000!views::HWNDMessageHandler::OnWndProc+0x199 [c:\b\build\slave\win64-pgo\build\src\ui\views\win\hwnd_message_handler.cc @ 921]
00000000`0022eba0 000007fe`d2a107f3 chrome_7fed1540000!gfx::WindowImpl::WndProc+0x96 [c:\b\build\slave\win64-pgo\build\src\ui\gfx\win\window_impl.cc @ 302]
*** WARNING: Unable to verify checksum for USER32.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for USER32.dll - 
00000000`0022ebd0 00000000`778ec3c1 chrome_7fed1540000!base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc>+0xf [c:\b\build\slave\win64-pgo\build\src\base\win\wrapped_window_proc.h @ 76]
00000000`0022ec20 00000000`778ea01b USER32!GetSystemMetrics+0x2b1
00000000`0022ece0 00000000`778ea061 USER32!IsDialogMessageW+0x19b
00000000`0022ed40 00000000`77b3fdf5 USER32!IsDialogMessageW+0x1e1
00000000`0022eda0 00000000`778ebb2a ntdll!KiUserCallbackDispatcher+0x1f
00000000`0022ee28 00000000`778ebaf9 USER32!PeekMessageW+0xba
00000000`0022ee30 000007fe`d26666ed USER32!PeekMessageW+0x89
00000000`0022ee80 000007fe`d26662f2 chrome_7fed1540000!base::MessagePumpForUI::ProcessMessageHelper+0x13d [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_win.cc @ 360]
00000000`0022ef40 000007fe`d2665f24 chrome_7fed1540000!base::MessagePumpForUI::DoRunLoop+0x52 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_win.cc @ 169]
00000000`0022efb0 000007fe`d263d3a3 chrome_7fed1540000!base::MessagePumpWin::Run+0x54 [c:\b\build\slave\win64-pgo\build\src\base\message_loop\message_pump_win.cc @ 58]
00000000`0022f000 000007fe`d2549d5b chrome_7fed1540000!base::RunLoop::Run+0x103 [c:\b\build\slave\win64-pgo\build\src\base\run_loop.cc @ 36]
00000000`0022f050 000007fe`d200906d chrome_7fed1540000!ChromeBrowserMainParts::MainMessageLoopRun+0xef [c:\b\build\slave\win64-pgo\build\src\chrome\browser\chrome_browser_main.cc @ 2012]
00000000`0022f0d0 000007fe`d2001c53 chrome_7fed1540000!content::BrowserMainRunnerImpl::Run+0x71 [c:\b\build\slave\win64-pgo\build\src\content\browser\browser_main_runner.cc @ 141]

03e2cf0d-ee2e-46b3-9e7c-14600df8311c.dmp
6.0 MB Download

Comment 1 by rickyz@chromium.org, Nov 15 2016

Mergedinto: 665239
Status: Duplicate (was: Unconfirmed)

Duping into issue 665239, since that has an owner.

Project Member

Comment 2 by sheriffbot@chromium.org, Feb 21 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 665269 link

Issue metadata

Security: Crash in BrowserList::NotifyBrowserNoLongerActive

Issue description

Comment 1 by rickyz@chromium.org, Nov 15 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Feb 21 2017

Comment 2 Deleted

Sign in to add a comment