Chrome OS crashes when user disconnects It2Me host |
||||||
Issue descriptionChrome OS crashes when user disconnects It2Me host 1. Connect to It2Me host on ChromeOS 2. Click disconnect on the host side. Crash ID: crash/85cc9337c0000000 SIGSEGV 0x000061c21f82d3b1 (chrome -single_thread_task_runner.h:29 ) remoting::DelegatingSignalStrategy::OnIncomingMessage(std::string const&) 0x000061c21d87a807 (chrome -it2me_native_messaging_host.cc:361 ) remoting::It2MeNativeMessagingHost::ProcessIncomingIq(std::unique_ptr<base::DictionaryValue, std::default_delete<base::DictionaryValue> >, std::unique_ptr<base::DictionaryValue, std::default_delete<base::DictionaryValue> >) 0x000061c21d87bee4 (chrome -it2me_native_messaging_host.cc:152 ) remoting::It2MeNativeMessagingHost::OnMessage(std::string const&) 0x000061c21c6615d8 (chrome -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000061c21c645335 (chrome -message_loop.cc:423 ) base::MessageLoop::DoWork() 0x000061c21c645a52 (chrome -message_pump_libevent.cc:219 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x000061c21e05e387 (chrome -run_loop.cc:37 ) base::RunLoop::Run() 0x000061c21dd3b535 (chrome -chrome_browser_main.cc:2002 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000061c21cd87bfa (chrome -browser_main_loop.cc:1181 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000061c21cd8b144 (chrome -browser_main_runner.cc:140 ) content::BrowserMainRunnerImpl::Run() I reproduced this on ChromeOS, but looking at the call stack it doesn't seem to be ChromeOS-specific.
,
Mar 9 2017
,
Mar 14 2017
,
Mar 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4429e92d02a964039db7ef88c6676cb8ce20fc56 commit 4429e92d02a964039db7ef88c6676cb8ce20fc56 Author: kelvinp <kelvinp@chromium.org> Date: Thu Mar 16 00:43:15 2017 Fix crash when user disconnects It2Me host Cause: The delegating_signal_strategy_ pointer is destroyed on the network thread while It2meNativeMessagingHost keeps a raw pointer to it. Fix: DelegatingSignalStrategy will expose a callback that internally binds weak pointer. This will allow the callback to be invoked safely from any thread even after the instance is destroyed. BUG= 700152 Review-Url: https://codereview.chromium.org/2747743004 Cr-Commit-Position: refs/heads/master@{#457288} [modify] https://crrev.com/4429e92d02a964039db7ef88c6676cb8ce20fc56/remoting/client/plugin/chromoting_instance.cc [modify] https://crrev.com/4429e92d02a964039db7ef88c6676cb8ce20fc56/remoting/host/it2me/it2me_native_messaging_host.cc [modify] https://crrev.com/4429e92d02a964039db7ef88c6676cb8ce20fc56/remoting/host/it2me/it2me_native_messaging_host.h [modify] https://crrev.com/4429e92d02a964039db7ef88c6676cb8ce20fc56/remoting/signaling/delegating_signal_strategy.cc [modify] https://crrev.com/4429e92d02a964039db7ef88c6676cb8ce20fc56/remoting/signaling/delegating_signal_strategy.h
,
Apr 3 2017
,
Apr 5 2017
,
Apr 5 2017
Sharing, then disconnecting works correctly with no crash. Verified fixed with CRD 59.0.3062.0, CrOS 59.0.3054.0. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by sergeyu@chromium.org
, Mar 9 2017