New issue
Advanced search Search tips

Issue 721788 link

Starred by 2 users
Status: Duplicate
Merged: issue 704900
Owner:
thestig@chromium.org
Closed: May 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Browser crash is seen on clicking "Print using system dialog....(Ctrl+Shift+P)"

Reported by chromium...@gmail.com, May 12 2017 
VERSION
Chrome Version: chrome dev 60.0.3095.5
Operating System: ubuntu-16.04.2

REPRODUCTION CASE
1. Lunch the test case
2. Try to click on "Print using system dialog....(Ctrl+Shift+P)" as much as possible before goes away.
3. Crash!

Crash/78e37282a8000000

Can someone please provide crash traces of this issue via the crash ID?
Recording #15.mp4
484 KB View Download
testcase.html
262 bytes View Download

Comment 1 by chromium...@gmail.com, May 12 2017 

GDB output:

(gdb) i r
rax            0x3f11d8525220	69345876267552
rbx            0x3f11d8525180	69345876267392
rcx            0x555556188430	93825005028400
rdx            0x555556188400	93825005028352
rsi            0x0	0
rdi            0x0	0
rbp            0x7fffffffccf8	0x7fffffffccf8
rsp            0x7fffffffcba8	0x7fffffffcba8
r8             0x0	0
r9             0x65f30	417584
r10            0x0	0
r11            0x65ed0	417488
r12            0x3f11d8525180	69345876267392
r13            0x7fffffffcbe8	140737488341992
r14            0x3f11d6b3f410	69345849111568
r15            0x7fffffffcbf0	140737488342000
rip            0x55555662a730	0x55555662a730
eflags         0x10246	[ PF ZF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb) x/1i $rip
=> 0x55555662a730:	mov    0x268(%rdi),%eax

Comment 2 by elawrence@chromium.org, May 12 2017 

(render_frame_host_impl.cc:537 )	content::RenderFrameHostImpl::GetRoutingID()
(print_view_manager.cc:81 )	printing::PrintViewManager::PrintForSystemDialogNow(base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&)
(print_preview_handler.cc:1150 )	PrintPreviewHandler::HandleShowSystemDialog(base::ListValue const*)
(callback.h:80 )	content::WebUIImpl::ProcessWebUIMessage(GURL const&, std::string const&, base::ListValue const&)
(tuple.h:77 )	bool IPC::MessageT<ViewHostMsg_WebUISend_Meta, std::tuple<GURL, std::string, base::ListValue>, void>::Dispatch<content::WebUIImpl, content::WebUIImpl, void, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&)>(IPC::Message const*, content::WebUIImpl*, content::WebUIImpl*, void*, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&))
(web_ui_impl.cc:98 )	content::WebUIImpl::OnMessageReceived(IPC::Message const&)
(web_contents_impl.cc:744 )	content::WebContentsImpl::OnMessageReceived(content::RenderViewHostImpl*, IPC::Message const&)
(render_view_host_impl.cc:732 )	content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&)
(render_widget_host_impl.cc:549 )	content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&)
(ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
(callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)

Comment 3 Deleted

Project Member

Comment 4 by sheriffbot@chromium.org, May 14 2017

Labels: Fracas FoundIn-M-60 OS-Linux
Users experienced this crash on the following builds:

Linux Dev 60.0.3095.5 -  2.00 CPM, 2 reports, 1 clients (signature content::RenderFrameHostImpl::GetRoutingID)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 5 by chromium...@gmail.com, May 14 2017 

I can repro this crash easy with the following the steps:

1. lunch testcase.html
2. Click on "Print using system dialog....(Ctrl+Shift+P)" >> Crash.
testcase.html
210 bytes View Download

Comment 6 by infe...@chromium.org, May 15 2017

Components: Internals>Printing
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Not a security vulnerability, a null browser crash using unusual user interaction.

Thread 0 CRASHED [SIGSEGV @ 0x00000268 ] MAGIC SIGNATURE THREAD
Stack Quality75%Show frame trust levels
0x00005583a7a71730	(chrome -render_frame_host_impl.cc:537 )	content::RenderFrameHostImpl::GetRoutingID()
0x00005583a8c047a0	(chrome -print_view_manager.cc:81 )	printing::PrintViewManager::PrintForSystemDialogNow(base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&)
0x00005583aa99ac84	(chrome -print_preview_handler.cc:1150 )	PrintPreviewHandler::HandleShowSystemDialog(base::ListValue const*)
0x00005583a7cc2cb2	(chrome -callback.h:80 )	content::WebUIImpl::ProcessWebUIMessage(GURL const&, std::string const&, base::ListValue const&)
0x00005583a7cc3756	(chrome -tuple.h:77 )	bool IPC::MessageT<ViewHostMsg_WebUISend_Meta, std::tuple<GURL, std::string, base::ListValue>, void>::Dispatch<content::WebUIImpl, content::WebUIImpl, void, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&)>(IPC::Message const*, content::WebUIImpl*, content::WebUIImpl*, void*, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&))
0x00005583a7cc356a	(chrome -web_ui_impl.cc:98 )	content::WebUIImpl::OnMessageReceived(IPC::Message const&)
0x00005583a7ca08fa	(chrome -web_contents_impl.cc:744 )	content::WebContentsImpl::OnMessageReceived(content::RenderViewHostImpl*, IPC::Message const&)
0x00005583a7beb4af	(chrome -render_view_host_impl.cc:732 )	content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&)
0x00005583a7bd61cc	(chrome -render_widget_host_impl.cc:549 )	content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&)
0x00005583a9171e39	(chrome -ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
0x00005583a8cec92f	(chrome -callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)

Comment 7 by ranjitkan@chromium.org, May 15 2017

Labels: Needs-Triage-M60

Comment 8 by frayz...@gmail.com, May 16 2017 

Noticed this problem on the following UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Comment 9 by sureshkumari@chromium.org, May 17 2017

Labels: M-60 Pri-2
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on Linux Ubuntu-14.04 using chrome stable version 58.0.3029.110 and reported version 60.0.3095.5 with the steps mentioned in comment#0.
This is Non-regression issue, observed from older versions of chrome M48 #48.0.2540.0 and marking this as Untriaged to get more inputs from dev team.

Note:Issue is specific to Linux.
Thanks.

Comment 10 by thestig@chromium.org, May 23 2017

Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Summary: Browser crash is seen on clicking "Print using system dialog....(Ctrl+Shift+P)" (was: Security: Browser crash is seen on clicking "Print using system dialog....(Ctrl+Shift+P)")
Will take a look. Thanks for the report, as always.

Comment 11 by thestig@chromium.org, May 26 2017

Mergedinto: 704900
Status: Duplicate (was: Assigned)
Looks like this is what happens when we block through the DCHECK in a release build.

Sign in to add a comment