Render process crash when select multi file
Reported by
huangxue...@xiaomi.com,
Aug 7 2017
|
|||||
Issue descriptionSteps to reproduce the problem: In MIUI 8.5 1. Open Chrome and type data:text/html,<input type="file" multiple="multiple"/> in omnibox 2. Click "Choose Files" in web page and click Gallery 3. Select a picture and click OK What is the expected behavior? What went wrong? The web page display: Aw, Snap! Crashed report ID: How much crashed? Just one tab Is it a problem with a plugin? No Did this work before? N/A Chrome version: 62.0.3176.0 Channel: stable OS Version: 6.0 Flash Version:
,
Aug 7 2017
Not able to Chrome canary 62.0.3178.0 on following devices; Nexus 6P/N2G48E Lenovo A6000/LRX22G Samsung Galaxy S5/MMB29M Steps; 1. Entered 'data:text/html,<input type="file" multiple="multiple"/>' in omnibox 2. Select the 'Choose file' button. 3. Selected 5 documents. Says '5 Files' No aw, snap was displayed. Can you specify if this bug is still repro on latest Chrome Canary and what device was tested on? Thanks.
,
Aug 8 2017
Yes the latest Chrome Canary can reproduce this bug in RedMi 4. I try submit a patch to fix this, https://chromium-review.googlesource.com/602098 Could you review it please?
,
Aug 8 2017
Thank you for providing more feedback. Adding requester "ramine@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 8 2017
,
Aug 8 2017
The newest device I could find runs MIUI 8.1.6 (MBFMIDI), doesn't have updates available and doesn't reproduce the problem. It seems to me like this is an issue in MIUI 8.5, so while I'm willing to accept the fix as it's trivial and has a test, please also make sure that we can remove it at some point in the future.
,
Aug 8 2017
Issue 753434 has been merged into this issue.
,
Aug 8 2017
Bug is also repro with older Chrome Stable build '54.0.2840.85' 1. Entered 'data:text/html,<input type="file" multiple="multiple"/>' in omnibox 2. Select the 'Choose file' button. 3. Selected 4 photos from Gallery. 4. Refresh Chrome. Aw, Snap will display.
,
Aug 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8d2062165cfe92c72e2b561dd7ebcb2f52b3bd85 commit 8d2062165cfe92c72e2b561dd7ebcb2f52b3bd85 Author: huangxueqing <huangxueqing@xiaomi.com> Date: Thu Aug 10 14:08:24 2017 Multiple file selector should not pass file scheme uri to render process In child_process_security_policy_impl.cc:HasPermissionsForFile return false when file path was not absolute. Which will file bad message by: RFH_CAN_ACCESS_FILES_OF_PAGE_STATE and Browser will destory render process for security reason. The third party App use clipData pass multiple files in Intent will produce this bug. R=peter@chromium.org Bug: 752834 Change-Id: If8bdda5d6786ba46423831c5df9bfe6c9e1fcf15 Reviewed-on: https://chromium-review.googlesource.com/602098 Reviewed-by: Peter Beverloo <peter@chromium.org> Commit-Queue: Peter Beverloo <peter@chromium.org> Cr-Commit-Position: refs/heads/master@{#493377} [modify] https://crrev.com/8d2062165cfe92c72e2b561dd7ebcb2f52b3bd85/AUTHORS [modify] https://crrev.com/8d2062165cfe92c72e2b561dd7ebcb2f52b3bd85/ui/android/java/src/org/chromium/ui/base/SelectFileDialog.java [modify] https://crrev.com/8d2062165cfe92c72e2b561dd7ebcb2f52b3bd85/ui/android/junit/src/org/chromium/ui/base/SelectFileDialogTest.java
,
Oct 27 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by rsgav...@chromium.org
, Aug 7 2017Labels: triage-te