[sensor]Crash occurs when revoke Generic Sensor permission
Reported by
canx....@intel.com,
Aug 28 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3192.0 Safari/537.36 Steps to reproduce the problem: 1. Enable sensor flag. Chrome://flags---> find "Generic Sensor" and "Experimental Web Platform features" ---> enable them and relaunch browser. 2. Make sure keep the access page is "https://****", for example(https://www.google.com/) 3. Open the dev tool, console in dev tools as below: (1) navigator.permissions.revoke({ name: "ambient-light-sensor" }).then(({ state }) => {console.log(state)}); (2) navigator.permissions.revoke({ name: "accelerometer" }).then(({ state }) => {console.log(state)}); (3) navigator.permissions.revoke({ name: "magnetometer" }).then(({ state }) => {console.log(state)}); (4) navigator.permissions.revoke({ name: "gyroscope" }).then(({ state }) => {console.log(state)}); What is the expected behavior? No crashes. What went wrong? crash occurs Did this work before? N/A Does this work in other browsers? N/A Chrome version: 62.0.3197.0 Channel: canary OS Version: 10.0 Flash Version: This issue also exist on Mac, Android, Linux and Chrome OS.
,
Aug 29 2017
Able to reproduce the issue on the latest canary(62.0.3198.0) and the latest Dev(62.0.3192.0) on Windows-10. Regressed in M-62. Last good build: 62.0.3174.0(Uncaught (in promise) TypeError: Failed to read the 'revoke' property from 'Permissions': The provided value 'ambient-light-sensor' is not a valid enum value of type PermissionName.at <anonymous>:1:23) First bad build: 62.0.3175.2(chrome crashes) Stack trace of crash id 918847e67eee6899: ========================================= Thread 0 (id: 2482) CRASHED [SIGSEGV @ 0x00000060 ] MAGIC SIGNATURE THREAD Stack Quality80%Show frame trust levels 0x00005560b5a13bec (chrome -website_settings_info.h:75 ) (anonymous namespace)::GetPatternsForContentSettingsType(GURL const&, GURL const&, ContentSettingsType) 0x00005560b5a146dc (chrome -host_content_settings_map.cc:505 ) HostContentSettingsMap::SetContentSettingDefaultScope(GURL const&, GURL const&, ContentSettingsType, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, ContentSetting) 0x00005560b430fb7d (chrome -permission_context_base.cc:283 ) PermissionContextBase::ResetPermission(GURL const&, GURL const&) 0x00005560b431446e (chrome -permission_manager.cc:474 ) PermissionManager::ResetPermission(content::PermissionType, GURL const&, GURL const&) 0x00005560b3580e77 (chrome -permission_service_impl.cc:359 ) content::PermissionServiceImpl::ResetPermissionStatus(content::PermissionType, url::Origin const&) 0x00005560b3580ad0 (chrome -permission_service_impl.cc:304 ) content::PermissionServiceImpl::RevokePermission(mojo::StructPtr<blink::mojom::PermissionDescriptor>, url::Origin const&, base::Callback<void (blink::mojom::PermissionStatus), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>) 0x00005560b31614f5 (chrome -permission.mojom.cc:1157 ) blink::mojom::PermissionServiceStubDispatch::AcceptWithResponder(blink::mojom::PermissionService*, mojo::Message*, std::__1::unique_ptr<mojo::MessageReceiverWithStatus, std::__1::default_delete<mojo::MessageReceiverWithStatus> >) 0x00005560b357ecc6 (chrome -permission.mojom.h:263 ) blink::mojom::PermissionServiceStub<mojo::UniquePtrImplRefTraits<blink::mojom::PermissionService> >::AcceptWithResponder(mojo::Message*, std::__1::unique_ptr<mojo::MessageReceiverWithStatus, std::__1::default_delete<mojo::MessageReceiverWithStatus> >) 0x00005560b460498c (chrome -interface_endpoint_client.cc:388 ) mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) 0x00005560b460bdbc (chrome -multiplex_router.cc:872 ) mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0x00005560b460b6de (chrome -multiplex_router.cc:599 ) mojo::internal::MultiplexRouter::Accept(mojo::Message*) 0x00005560b4603e88 (chrome -connector.cc:440 ) mojo::Connector::ReadSingleMessage(unsigned int*) 0x00005560b4604511 (chrome -connector.cc:469 ) mojo::Connector::ReadAllAvailableMessages() 0x00005560b3181bcf (chrome -callback.h:80 ) base::MemoryPressureListener::Notify(base::MemoryPressureListener::MemoryPressureLevel) 0x00005560b461262b (chrome -callback.h:80 ) mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) 0x00005560b4560f3a (chrome -callback.h:91 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00005560b45796ff (chrome -message_loop.cc:406 ) base::MessageLoop::RunTask(base::PendingTask*) 0x00005560b4579dfb (chrome -message_loop.cc:417 ) base::MessageLoop::DoWork() 0x00005560b457b72c (chrome -message_pump_glib.cc:313 ) base::MessagePumpGlib::Run(base::MessagePump::Delegate*) 0x00005560b459a74f (chrome -run_loop.cc:123 ) base::RunLoop::Run() 0x00005560b426e14f (chrome -chrome_browser_main.cc:1916 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x00005560b338293c (chrome -browser_main_loop.cc:1173 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00005560b338543c (chrome -browser_main_runner.cc:152 ) content::BrowserMainRunnerImpl::Run() 0x00005560b337dee5 (chrome -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x00005560b4250d8c (chrome -content_main_runner.cc:693 ) content::ContentMainRunnerImpl::Run() 0x00005560b42595ca (chrome -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x00005560b424f821 (chrome -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x00005560b2dee7a4 (chrome -chrome_main.cc:122 ) ChromeMain 0x00007fbff29ee82f (libc-2.23.so + 0x0002082f ) 0x00005560b2dee6ef (chrome + 0x017a96ef ) 0x00005560b2ce5fff (chrome + 0x016a0fff ) 0x00007fbff8f997ca (ld-2.23.so + 0x000107ca ) 0x00005560b2ce5fff (chrome + 0x016a0fff ) 0x00005560b2ce6028 (chrome + 0x016a1028 ) _start 0x00007ffd0424db97 Changelog: ========== https://chromium.googlesource.com/chromium/src/+log/62.0.3174.0..62.0.3175.0?pretty=fuller&n=10000 Suspecting: https://codereview.chromium.org/2791623004 from the above regression range. rijubrata.bhaumik@: Could you please take a look at this. Thank you!
,
Aug 29 2017
,
Aug 29 2017
,
Aug 29 2017
thanks Mikhail for the fix. https://chromium-review.googlesource.com/c/chromium/src/+/640931
,
Aug 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5f5c4b3e8a4e43f5ae8a114493084df4514b2939 commit 5f5c4b3e8a4e43f5ae8a114493084df4514b2939 Author: Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com> Date: Thu Aug 31 05:14:58 2017 Register CONTENT_SETTINGS_TYPE_SENSORS in ContentSettingsRegistry Otherwise `navigator.permissions.revoke({ name: "accelerometer" })` is causing crash. Bug: 759426 Change-Id: I6c465caf717e13d0330527cdd702b979f7294a79 Reviewed-on: https://chromium-review.googlesource.com/640931 Reviewed-by: Raymes Khoury <raymes@chromium.org> Commit-Queue: Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com> Cr-Commit-Position: refs/heads/master@{#498759} [modify] https://crrev.com/5f5c4b3e8a4e43f5ae8a114493084df4514b2939/components/content_settings/core/browser/content_settings_registry.cc
,
Aug 31 2017
,
Aug 31 2017
I will verify them once the CL(https://chromium-review.googlesource.com/640931)landed in Chrome canary build. Thanks.
,
Sep 1 2017
Verified the fix on the latest Windows-10, Mac OS 10.12.6 and Linux Ubuntu 14.04 on chrome version: 62.0.3202.0. Observed no crash as such following the test steps mentioned in C#1. Hence adding the verified label. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by canx....@intel.com
, Aug 28 2017