New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 740099 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Aug 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

DCHECK when using getUserMedia() with enable_webrtc=false

Reported by juri.val...@gmail.com, Jul 7 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Steps to reproduce the problem:
1. Compile Chromium with WebRTC disabled 
2. Open the attached file
3. Click the button

What is the expected behavior?
Promise returned by navigator.mediaDevices.getUserMedia is rejected with some error message.

What went wrong?
Promise is never resolved and a DCHECK in ~ScriptPromiseResolver is triggered during GC.

Crashed report ID: 

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? No 

Chrome version: 61.0.3151.0  Channel: n/a
OS Version: Arch Linux
Flash Version: 

Git commit tested: ecd6201eef445e450f2c32aec9841c37e8f3afbd

With webrtc disabled no content::UserMediaClientImpl is created, however blink::MediaDevices::getUserMedia does not seem to be aware of this and still creates a promise.
 
ABrokenPromise.html
378 bytes View Download

Comment 1 by b...@chromium.org, Jul 9 2017

Cc: sigbjo...@opera.com
Components: Blink>WebRTC
cc-ing author of https://codereview.chromium.org/1148383012/diff/20001/Source/bindings/core/v8/ScriptPromiseResolver.h
Labels: Needs-Triage-M61
Cc: haraken@chromium.org

Comment 4 by guidou@chromium.org, Jul 31 2017

Components: -Blink>WebRTC Blink>GetUserMedia
Owner: guidou@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 5 by guidou@chromium.org, Jul 31 2017

https://chromium-review.googlesource.com/c/593658/ avoids the crash by rejecting the promise. 

I don't know why the original crashes, though.


Comment 6 by guidou@chromium.org, Jul 31 2017

This is a stack trace of the crash:

[1:1:0731/143626.486379:FATAL:ScriptPromiseResolver.h(57)] Check failed: state_ == kDetached || !is_promise_called_ || !GetScriptState()->ContextIsValid() || !GetExecutionContext() || GetExecutionContext()->IsContextDestroyed(). 
#0 0x7fbcc738eed7 base::debug::StackTrace::StackTrace()
#1 0x7fbcc73b5ef1 logging::LogMessage::~LogMessage()
#2 0x7fbcc02004da blink::ScriptPromiseResolver::~ScriptPromiseResolver()
#3 0x7fbcbf72326b blink::NormalPage::Sweep()
#4 0x7fbcbf71f213 blink::BaseArena::SweepUnsweptPage()
#5 0x7fbcbf71f5c8 blink::BaseArena::CompleteSweep()
#6 0x7fbcbf72efb7 blink::ThreadState::EagerSweep()
#7 0x7fbcbf72e6a1 blink::ThreadState::PreSweep()
#8 0x7fbcbf7289e4 blink::ThreadState::CollectGarbage()
#9 0x7fbcc0213133 blink::V8GCController::GcEpilogue()
#10 0x7fbcc1dcaf57 v8::internal::Heap::CallGCEpilogueCallbacks()
#11 0x7fbcc1dccccc v8::internal::Heap::PerformGarbageCollection()
#12 0x7fbcc1dcb4b5 v8::internal::Heap::CollectGarbage()
#13 0x7fbcc1dca2df v8::internal::Heap::CollectAllGarbage()
#14 0x7fbcc1994dad v8::internal::FunctionCallbackArguments::Call()
#15 0x7fbcc1a6f075 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#16 0x7fbcc1a6da83 v8::internal::Builtin_Impl_HandleApiCall()
#17 0x2ee8394044c4 <unknown>

Received signal 6
#0 0x7fbcc738eed7 base::debug::StackTrace::StackTrace()
#1 0x7fbcc738e9af base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fbcc7513330 <unknown>
#3 0x7fbcbdf49c37 gsignal
#4 0x7fbcbdf4d028 abort
#5 0x7fbcc738cae2 base::debug::BreakDebugger()
#6 0x7fbcc73b63c2 logging::LogMessage::~LogMessage()
#7 0x7fbcc02004da blink::ScriptPromiseResolver::~ScriptPromiseResolver()
#8 0x7fbcbf72326b blink::NormalPage::Sweep()
#9 0x7fbcbf71f213 blink::BaseArena::SweepUnsweptPage()
#10 0x7fbcbf71f5c8 blink::BaseArena::CompleteSweep()
#11 0x7fbcbf72efb7 blink::ThreadState::EagerSweep()
#12 0x7fbcbf72e6a1 blink::ThreadState::PreSweep()
#13 0x7fbcbf7289e4 blink::ThreadState::CollectGarbage()
#14 0x7fbcc0213133 blink::V8GCController::GcEpilogue()
#15 0x7fbcc1dcaf57 v8::internal::Heap::CallGCEpilogueCallbacks()
#16 0x7fbcc1dccccc v8::internal::Heap::PerformGarbageCollection()
#17 0x7fbcc1dcb4b5 v8::internal::Heap::CollectGarbage()
#18 0x7fbcc1dca2df v8::internal::Heap::CollectAllGarbage()
#19 0x7fbcc1994dad v8::internal::FunctionCallbackArguments::Call()
#20 0x7fbcc1a6f075 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#21 0x7fbcc1a6da83 v8::internal::Builtin_Impl_HandleApiCall()
#22 0x2ee8394044c4 <unknown>
  r8: ffffa5d6d115aca0  r9: ffffa5d6d115ac90 r10: 0000000000000008 r11: 0000000000000202
 r12: 00007fff2655bbd0 r13: 00000000000000e5 r14: 00007fff2655bbc8 r15: 00007fff2655bbc0
  di: 0000000000000001  si: 0000000000000001  bp: 00007fff2655b780  bx: 00007fff2655b780
  dx: 0000000000000006  ax: 0000000000000000  cx: 00007fbcbdf49c37  sp: 00007fff2655b5d8
  ip: 00007fbcbdf49c37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

Project Member

Comment 7 by bugdroid1@chromium.org, Aug 3 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/69d36111b9879bd1de6b379ac6d9560af4321fe5

commit 69d36111b9879bd1de6b379ac6d9560af4321fe5
Author: Guido Urdaneta <guidou@chromium.org>
Date: Thu Aug 03 12:12:28 2017

Reject getUserMedia calls in builds with WebRTC disabled.

BUG= 740099 

Change-Id: I14bd58d22bc5cfbadd0428836bc2a01dd45e121a
Reviewed-on: https://chromium-review.googlesource.com/593658
Reviewed-by: Philip Jägenstedt <foolip@chromium.org>
Commit-Queue: Guido Urdaneta <guidou@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491706}
[modify] https://crrev.com/69d36111b9879bd1de6b379ac6d9560af4321fe5/third_party/WebKit/Source/modules/mediastream/UserMediaClientImpl.cpp

Status: Fixed (was: Assigned)
Closing the bug as the landed patch prevents the crash.
sigbjornf@/haraken@: feel free to reopen if you which to look into the root cause of the crash.

Sign in to add a comment