New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 728480 link

Starred by 1 user
Status: Archived
Owner:
yoshiki@chromium.org
Last visit > 30 days ago
Closed: Jun 2017
Cc:
edcourtney@chromium.org
peter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Crash on opening the message center during fuzz

Project Member Reported by yoshiki@chromium.org, Jun 1 2017 
Repro step
- Do notification fuzz (step: 1000, keys: 60)
- During the fuzz, opens the message center

I confirmed that the cause is calling ArcNotificationContentView::CreateCloseButton() with control_buttons_view_ == null.


Received signal 6
#0 0x5833ff5d10dc base::debug::StackTrace::StackTrace()
#1 0x5833ff5d0c41 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7cdb79527580 <unknown>
#3 0x7cdb7818feb2 gsignal
#4 0x7cdb78191cd6 abort
#5 0x5833ff5cf8b5 base::debug::BreakDebugger()
#6 0x5833ff5eca7b logging::LogMessage::~LogMessage()
#7 0x583401fadd22 arc::ArcNotificationContentView::CreateCloseButton()
#8 0x583401fae340 arc::ArcNotificationContentView::UpdatePinnedState()
#9 0x583401faefa6 arc::ArcNotificationContentView::OnItemUpdated()
#10 0x583401fab641 arc::ArcNotificationItemImpl::OnUpdatedFromAndroid()
#11 0x583401fa840c arc::ArcNotificationManager::OnNotificationPosted()
#12 0x5833fe42bab3 arc::mojom::NotificationsHostStubDispatch::Accept()
#13 0x5833ff5b24f4 mojo::InterfaceEndpointClient::HandleValidatedMessage()
#14 0x5833ff5c7196 mojo::FilterChain::Accept()
#15 0x5833ff5b37b2 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#16 0x5833ff5bac9e mojo::internal::MultiplexRouter::ProcessIncomingMessage()

Comment 1 by yoshiki@chromium.org, Jun 1 2017 

I found this crash happens when the notification is updated before the surface is attached.

I created the fix: https://codereview.chromium.org/2918763002
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a23721b5ffdf529bc575ee5b278534a54b06c582

commit a23721b5ffdf529bc575ee5b278534a54b06c582
Author: yoshiki <yoshiki@chromium.org>
Date: Wed Jun 07 09:03:26 2017

Fix crash on updating notification before attaching

- Do not update the pinned states when control_buttons_view_ is null
- Do not update the visibility of buttons when floating_control_buttons_widget_ is null
- Create the floating buttons widget just after attaching

BUG= 728480 
TEST=open message center during fuzz (step:10000 and key:60) without crash

Review-Url: https://codereview.chromium.org/2918763002
Cr-Commit-Position: refs/heads/master@{#477587}

[modify] https://crrev.com/a23721b5ffdf529bc575ee5b278534a54b06c582/ui/arc/notification/arc_notification_content_view.cc

Comment 3 by yoshiki@chromium.org, Jun 27 2017

Status: Fixed (was: Started)

Comment 4 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment