Issue metadata
Sign in to add a comment
|
Rgression: Browser crash is seen in chrome://print page on continuously clicking on Reload Icon
Reported by
chromium...@gmail.com,
Jul 25 2017
|
||||||||||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3165.0 Safari/537.36
Steps to reproduce the problem:
1.Launch chrome -> Go to chrome://print page
2. Now click on Reload button continuously for 5-6 times and observe
What is the expected behavior?
Browser crash should not be seen in chrome ://print page on continuously clicking on Reload Icon
What went wrong?
Instead crash is seen
Crashed report ID:
How much crashed? Whole browser
Is it a problem with a plugin? N/A
Did this work before? N/A
Chrome version: 62.0.3165.0 Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:
Backtrace:
base::debug::StackTrace::StackTrace [0x671A2FB1+33] (C:\b\c\b\win_asan_r
elease\src\base\debug\stack_trace_win.cc:217)
base::debug::StackTrace::StackTrace [0x6710E6AD+13] (C:\b\c\b\win_asan_r
elease\src\base\debug\stack_trace.cc:199)
logging::LogMessage::~LogMessage [0x66F92373+579] (C:\b\c\b\win_asan_rel
ease\src\base\logging.cc:553)
content::WebUIMessageHandler::CallJavascriptFunction<base::Value,base::V
alue,base::Value> [0x65F1AFBC+366] (C:\b\c\b\win_asan_release\src\content\public
\browser\web_ui_message_handler.h:113)
content::WebUIMessageHandler::ResolveJavascriptCallback [0x65F1AD52+306]
(C:\b\c\b\win_asan_release\src\content\browser\webui\web_ui_message_handler.cc:
80)
PrintPreviewHandler::SendPrinterCapabilities [0x6BD53DA2+542] (C:\b\c\b\
win_asan_release\src\chrome\browser\ui\webui\print_preview\print_preview_handler
.cc:1360)
base::internal::FunctorTraits<void (PrintPreviewHandler::*)(const std::b
asic_string<char,std::char_traits<char>,std::allocator<char> > &, const std::bas
ic_string<char,std::char_traits<char>,std::allocator<char> > &, std::unique_ptr<
base::DictionaryValue,s [0x6BD62583+405] (C:\b\c\b\win_asan_release\src\base\bin
d_internal.h:196)
base::internal::Invoker<base::internal::BindState<void (PrintPreviewHand
ler::*)(const std::basic_string<char,std::char_traits<char>,std::allocator<char>
> &, const std::basic_string<char,std::char_traits<char>,std::allocator<char> >
&, std::unique_ptr<bas [0x6BD622E8+368] (C:\b\c\b\win_asan_release\src\base\bin
d_internal.h:309)
base::Callback<void (std::unique_ptr<base::DictionaryValue,std::default_
delete<base::DictionaryValue> >),base::internal::CopyMode::MoveOnly,base::intern
al::RepeatMode::Once>::Run [0x6B6B552A+170] (C:\b\c\b\win_asan_release\src\base\
callback.h:91)
base::internal::ReplyAdapter<std::unique_ptr<base::DictionaryValue,std::
default_delete<base::DictionaryValue> >,std::unique_ptr<base::DictionaryValue,st
d::default_delete<base::DictionaryValue> > > [0x6B6B504D+88] (C:\b\c\b\win_asan_
release\src\base\post_task_and_reply_with_result_internal.h:27)
base::internal::FunctorTraits<void (*)(base::Callback<std::unique_ptr<st
d::vector<scoped_refptr<extensions::Action>,std::allocator<scoped_refptr<extensi
ons::Action> > >,std::default_delete<std::vector<scoped_refptr<extensions::Actio
n>,std::allocator<scope [0x6AFBE97D+77] (C:\b\c\b\Win_ASan_Release\src\base\bind
_internal.h:151)
base::internal::Invoker<base::internal::BindState<void (*)(base::Callbac
k<void (std::unique_ptr<base::DictionaryValue,std::default_delete<base::Dictiona
ryValue> >),base::internal::CopyMode::MoveOnly,base::internal::RepeatMode::Once>
, std::unique_ptr<base: [0x6B6B53E1+213] (C:\b\c\b\win_asan_release\src\base\bin
d_internal.h:304)
base::`anonymous namespace'::PostTaskAndReplyRelay::RunReplyAndSelfDestr
uct [0x671DA136+182] (C:\b\c\b\win_asan_release\src\base\threading\post_task_and
_reply_impl.cc:52)
base::debug::TaskAnnotator::RunTask [0x672241CB+1259] (C:\b\c\b\win_asan
_release\src\base\debug\task_annotator.cc:57)
base::MessageLoop::RunTask [0x6706DE2A+3402] (C:\b\c\b\win_asan_release\
src\base\message_loop\message_loop.cc:423)
base::MessageLoop::DeferOrRunPendingTask [0x6706F20C+428] (C:\b\c\b\win_
asan_release\src\base\message_loop\message_loop.cc:433)
base::MessageLoop::DoWork [0x6706FEC4+1460] (C:\b\c\b\win_asan_release\s
rc\base\message_loop\message_loop.cc:540)
base::MessagePumpForUI::DoRunLoop [0x67229407+407] (C:\b\c\b\win_asan_re
lease\src\base\message_loop\message_pump_win.cc:174)
base::MessagePumpWin::Run [0x67228306+486] (C:\b\c\b\win_asan_release\sr
c\base\message_loop\message_pump_win.cc:58)
base::MessageLoop::Run [0x6706CA95+69] (C:\b\c\b\win_asan_release\src\ba
se\message_loop\message_loop.cc:370)
base::RunLoop::Run [0x671461CE+254] (C:\b\c\b\win_asan_release\src\base\
run_loop.cc:112)
ChromeBrowserMainParts::MainMessageLoopRun [0x66CF56D6+588] (C:\b\c\b\wi
n_asan_release\src\chrome\browser\chrome_browser_main.cc:1971)
content::BrowserMainLoop::RunMainMessageLoopParts [0x6502E679+403] (C:\b
\c\b\win_asan_release\src\content\browser\browser_main_loop.cc:1171)
content::BrowserMainRunnerImpl::Run [0x65037ECE+32] (C:\b\c\b\win_asan_r
elease\src\content\browser\browser_main_runner.cc:142)
content::BrowserMain [0x6502144E+490] (C:\b\c\b\win_asan_release\src\con
tent\browser\browser_main.cc:46)
content::RunNamedProcessTypeMain [0x66A25387+647] (C:\b\c\b\win_asan_rel
ease\src\content\app\content_main_runner.cc:407)
content::ContentMainRunnerImpl::Run [0x66A2670E+646] (C:\b\c\b\win_asan_
release\src\content\app\content_main_runner.cc:686)
service_manager::Main [0x66A91C06+1834] (C:\b\c\b\win_asan_release\src\s
ervices\service_manager\embedder\main.cc:469)
content::ContentMain [0x66A2507D+177] (C:\b\c\b\win_asan_release\src\con
tent\app\content_main.cc:19)
ChromeMain [0x64271321+613] (C:\b\c\b\win_asan_release\src\chrome\app\ch
rome_main.cc:142)
MainDllLoader::Launch [0x00A69F85+741] (C:\b\c\b\win_asan_release\src\ch
rome\app\main_dll_loader_win.cc:199)
main [0x00A61C54+3156] (C:\b\c\b\win_asan_release\src\chrome\app\chrome_
exe_main_win.cc:269)
__scrt_common_main_seh [0x00DCF76B+249] (f:\dd\vctools\crt\vcstartup\src
\startup\exe_common.inl:253)
BaseThreadInitThunk [0x76663677+18]
RtlInitializeExceptionChain [0x77579D72+99]
RtlInitializeExceptionChain [0x77579D45+54]
,
Jul 25 2017
Adding label 'ReleaseBlock-Stable' as it seems to be a recent regression.
,
Jul 25 2017
chrome://print is an odd case for the preview dialog since unlike on other pages it is possible to "navigate" the preview. This results in a call to DisallowJavascript(), but doesn't destroy the handler, which means that the handler is still around when the capabilities are returned by the printing backend but the print preview dialog hasn't been (re-) initialized yet. Before the CL we just tried to call javascript functions on the uninitialized dialog in this case, which is unsafe behavior but wasn't detectable due to the use of CallJavascriptFunctionUnsafe. This isn't an issue for normal print preview of webpages since for a normal print preview dialog, any time the preview goes away the handler is destroyed. Have a fix for this, but not sure if it is worth blocking the Stable release and merging to M61 for something that requires an odd interaction and only impacts a chrome:// page that is not likely to be visited by users. cc thestig@ for input.
,
Jul 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1371b22ab44781ef5274ece3e05e68061c1a22c5 commit 1371b22ab44781ef5274ece3e05e68061c1a22c5 Author: rbpotter <rbpotter@chromium.org> Date: Tue Jul 25 23:55:14 2017 Fix chrome://print crash Unlike normal print preview dialogs, chrome://print can be reloaded, which results in a call to DisallowJavascript() and reloading of the print preview web contents without destroying the PrintPreviewHandler. This means capabilities fetch may return after the print preview has beent torn down but before it has been re-initialized, and the handler will incorrectly try to resolve a javascript promise. Bug: 748356 Change-Id: I857fbcd8ce5bb69b88383d961b680c1dd7c41275 Reviewed-on: https://chromium-review.googlesource.com/585548 Commit-Queue: Rebekah Potter <rbpotter@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Cr-Commit-Position: refs/heads/master@{#489486} [modify] https://crrev.com/1371b22ab44781ef5274ece3e05e68061c1a22c5/chrome/browser/ui/webui/print_preview/print_preview_handler.cc [modify] https://crrev.com/1371b22ab44781ef5274ece3e05e68061c1a22c5/chrome/browser/ui/webui/print_preview/print_preview_handler.h
,
Jul 26 2017
Rechecked this issue on chrome version 62.0.3167.0 on Ubuntu 14.04 and Windows 10 machine, fix is working as intended. Navigated to chrome://print page and continuously clicked on refresh button. No browser crash was observed. Request a merge to M61 as issue is tagged with a stable blocker and tagged with M61 which is set to be pushed to Beta soon. Adding TE-verified labels for M62. Thanks.!
,
Jul 26 2017
URGENT - PTAL. Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the M61 branch #3163 ASAP to have enough baking time in Beta before Stable promotion. Thank you! Know that this issue shouldn't block the release? Remove the ReleaseBlock-Stable label.
,
Jul 27 2017
Removing ReleaseBlock-Stable. This is a very specific edge case that is unlikely users will run into. Not worth merging.
,
Jul 27 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by pnangunoori@chromium.org
, Jul 25 2017Components: UI>Browser>PrintPreview
Labels: -Type-Bug -Pri-2 hasbisect-per-revision M-61 OS-Linux Pri-1 Type-Bug-Regression
Owner: rbpotter@chromium.org
Status: Assigned (was: Unconfirmed)