template_url.cc(1243)] Check failed: url.is_valid() |
||||
Issue description
Chrome Version: (copy from chrome://version)
Chromium 57.0.2973.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux
What steps will reproduce the problem?
(1) not sure..
(2)
(3)
What is the expected result?
What happens instead?
browser crashed with check failure
[34163:34163:0105/144940.911260:FATAL:template_url.cc(1243)] Check failed: url.is_valid().
Program received signal SIGABRT, Aborted.
0x00007fffee0acc37 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
(gdb) bt
#0 0x00007fffee0acc37 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007fffee0b0028 in __GI_abort () at abort.c:89
#2 0x00007ffff7a4bfd2 in base::debug::BreakDebugger() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#3 0x00007ffff7a72a62 in logging::LogMessage::~LogMessage() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#4 0x0000555556596153 in TemplateURL::GenerateFaviconURL(GURL const&) ()
#5 0x0000555556d242f9 in SearchEngineTabHelper::GenerateKeywordIfNecessary(content::NavigationHandle*) ()
#6 0x00007ffff5658d67 in content::WebContentsImpl::DidFinishNavigation(content::NavigationHandle*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#7 0x00007ffff5332b13 in content::NavigationHandleImpl::~NavigationHandleImpl() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#8 0x00007ffff5333169 in content::NavigationHandleImpl::~NavigationHandleImpl() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#9 0x00007ffff533a899 in content::NavigatorImpl::DidNavigate(content::RenderFrameHostImpl*, FrameHostMsg_DidCommitProvisionalLoad_Params const&, std::unique_ptr<content::NavigationHandleImpl, std::default_delete<content::NavigationHandleImpl> >) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#10 0x00007ffff5341ef3 in content::RenderFrameHostImpl::OnDidCommitProvisionalLoad(IPC::Message const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#11 0x00007ffff53400df in content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#12 0x00007ffff552b87e in content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#13 0x00007ffff64b5155 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libipc.so
#14 0x00007ffff64b85fa in base::internal::Invoker<base::internal::BindState<void (IPC::ChannelProxy::Context::*)(IPC::Message const&), scoped_refptr<IPC::ChannelProxy::Context>, IPC::Message>, void ()>::Run(base::internal::BindStateBase*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libipc.so
#15 0x00007ffff7a4edae in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#16 0x00007ffff7a7febd in base::MessageLoop::RunTask(base::PendingTask*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#17 0x00007ffff7a80856 in base::MessageLoop::DoWork() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#18 0x00007ffff7a82809 in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#19 0x00007ffff7a7fc15 in base::MessageLoop::RunHandler() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#20 0x00007ffff7ab3d2c in base::RunLoop::Run() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#21 0x000055555617822a in ChromeBrowserMainParts::MainMessageLoopRun(int*) ()
#22 0x00007ffff5220659 in content::BrowserMainLoop::RunMainMessageLoopParts() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#23 0x00007ffff5223e57 in content::BrowserMainRunnerImpl::Run() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#24 0x00007ffff521b79e in content::BrowserMain(content::MainFunctionParams const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#25 0x00007ffff5a05dc7 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#26 0x00007ffff5a06816 in content::ContentMainRunnerImpl::Run() ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#27 0x00007ffff5a05260 in content::ContentMain(content::ContentMainParams const&) ()
from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#28 0x0000555555abce11 in ChromeMain ()
#29 0x00007fffee097f45 in __libc_start_main (main=0x555555abcd80 <main>,
argc=2, argv=0x7fffffffdb38, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffdb28) at libc-start.c:287
#30 0x0000555555abcca9 in _start ()
Please use labels and text to provide additional information.
For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.
,
Jan 5 2017
Looks like this is failing in TemplateURL::GenerateFaviconURL in a call from SearchEngineTabHelper::GenerateKeywordIfNecessary, if the referrer URL isn't valid. yzshen@, you changed that recently in https://codereview.chromium.org/2485783002. Can you take a look?
,
Jan 5 2017
Thanks for letting me know. Will look into it shortly.
,
Jan 10 2017
Just repo-ed the issue, looking...
,
Jan 11 2017
I have figured out the issue: Repro steps: - run debug chrome on linux, making sure to use a new --user-data-dir - open crbug.com - in the search box of the page, input anything and click "search" - the browser hits the DCHECK described above. The reason: The form submit results in a navigation with a valid "searchable form URL" and an empty "referrer". When SearchEngineTabHelper::GenerateKeywordIfNecessary() tries to create a TemplateURLData entry using the searchable form url, it ends up using the referrer URL to call TemplateURL::GenerateFaviconURL and results in the DCHECK. Actually this was not caused by my CL 2485783002. Instead, it was caused by https://codereview.chromium.org/2505933005, which removed the restriction that, under certain conditions, we required the protocol of an auto-created custom search engine be HTTP. Before that CL, the "searchable form URL" was empty for the crbug.com scenario. I think the fix is simply avoid calling TemplateURL::GenerateFaviconURL with an empty URL.
,
Jan 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/61ea83dfd086b18d20e746d7f61bd05b7a933aa2 commit 61ea83dfd086b18d20e746d7f61bd05b7a933aa2 Author: yzshen <yzshen@chromium.org> Date: Wed Jan 11 22:25:37 2017 SearchEngineTabHelper: avoid calling TemplateURL::GenerateFaviconURL with empty URL. In some cases, it tried to generate favicon URL using the referrer URL of a navigation, but referrer URL could be empty which triggered a DCHECK in TemplateURL::GenerateFaviconURL. BUG= 678502 Review-Url: https://codereview.chromium.org/2624263002 Cr-Commit-Position: refs/heads/master@{#443017} [modify] https://crrev.com/61ea83dfd086b18d20e746d7f61bd05b7a933aa2/chrome/browser/ui/search_engines/search_engine_tab_helper.cc
,
Jan 11 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by ukai@chromium.org
, Jan 5 2017