New issue
Advanced search Search tips

Issue 804196 link

Starred by 1 user
Status: Assigned
Owner:
rouslan@chromium.org
Cc:
gogerald@chromium.org
tmartino@chromium.org
anthonyvd@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Chrome_Mac: Crash Report - payments::PaymentRequestRowView::SetIsHighlighted

Project Member Reported by cr...@system.gserviceaccount.com, Jan 22 2018 
reporter:tapted@google.com

Magic Signature: payments::PaymentRequestRowView::SetIsHighlighted

Crash link: https://crash.corp.google.com//browse?q=product.name%3D'Chrome_Mac'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.file_path%20LIKE%20'%25%2Fui%2Fviews%25'%20AND%20product.Version%20LIKE%20'65.0.%25'%20AND%20product.Version%20LIKE%20'65.0.33%25'%20AND%20product.Version%3D'65.0.3318.0'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'payments%3A%3APaymentRequestRowView%3A%3ASetIsHighlighted'%20AND%20ReportID%3D'484d8af0182ca225'&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3

-------------------------------------------------------------------------------
Sample Report
-------------------------------------------------------------------------------
Product name: Chrome_Mac
Magic Signature : payments::PaymentRequestRowView::SetIsHighlighted
Product Version: 65.0.3318.0
Process type: 
Report ID: 484d8af0182ca225
Report Url: https://crash.corp.google.com/484d8af0182ca225
Report Time: 2018-01-11T15:10:22-08:00
Upload Time: 2018-01-11T15:10:28.139-08:00
Uptime: 3610000 ms
CumulativeProductUptime: 0 ms
OS Name: Mac OS X
OS Version: 10.12.6 16G1114
CPU Architecture: amd64
CPU Info: family 6 model 58 stepping 9

-------------------------------------------------------------------------------
Crashing thread: Thread index: 0. Stack Quality: 79%. Thread id: 3645.
-------------------------------------------------------------------------------
0x000000010c725049 (Google Chrome Framework - payment_request_row_view.cc: 37)	payments::PaymentRequestRowView::SetIsHighlighted(bool)
0x000000010b747c41 (Google Chrome Framework - button.cc: 128)	views::Button::ViewHierarchyChanged(views::View::ViewHierarchyChangedDetails const&)
0x000000010b799690 (Google Chrome Framework - view.cc: 2196)	views::View::ViewHierarchyChangedImpl(bool, views::View::ViewHierarchyChangedDetails const&)
0x000000010b7a153f (Google Chrome Framework - view.cc: 2154)	views::View::PropagateRemoveNotifications(views::View*, views::View*, bool)
0x000000010b798dfe (Google Chrome Framework - view.cc: 2120)	views::View::DoRemoveChildView(views::View*, bool, bool, bool, views::View*)
0x000000010b799914 (Google Chrome Framework - view.cc: 300)	views::View::RemoveAllChildViews(bool)
0x000000010c725bc6 (Google Chrome Framework - payment_request_sheet_controller.cc: 273)	payments::PaymentRequestSheetController::UpdateContentView()
0x000000010c7d275d (Google Chrome Framework - payment_request_state.cc: 462)	payments::PaymentRequestState::NotifyOnSelectedInformationChanged()
0x000000010c7cf01d (Google Chrome Framework - payment_request_spec.cc: 304)	payments::PaymentRequestSpec::NotifyOnSpecUpdated()
0x000000010c7cef27 (Google Chrome Framework - payment_request_spec.cc: 109)	payments::PaymentRequestSpec::UpdateWith(mojo::StructPtr<payments::mojom::PaymentDetails>)
0x000000010c7cbf77 (Google Chrome Framework - payment_request.cc: 217)	payments::PaymentRequest::UpdateWith(mojo::StructPtr<payments::mojom::PaymentDetails>)
0x00000001084e5e12 (Google Chrome Framework - payment_request.mojom.cc: 1413)	payments::mojom::PaymentRequestStubDispatch::Accept(payments::mojom::PaymentRequest*, mojo::Message*)
0x0000000109f09661 (Google Chrome Framework - multiplex_router.cc: 880)	mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*)
0x0000000109f08ea6 (Google Chrome Framework - multiplex_router.cc: 604)	mojo::internal::MultiplexRouter::Accept(mojo::Message*)
0x0000000109f00fdc (Google Chrome Framework - connector.cc: 445)	mojo::Connector::ReadSingleMessage(unsigned int*)
0x0000000109f01620 (Google Chrome Framework - connector.cc: 474)	mojo::Connector::ReadAllAvailableMessages()
0x0000000109f13457 (Google Chrome Framework - callback.h: 94)	mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&)
0x0000000109e128fb (Google Chrome Framework - callback.h: 65)	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000000109e37513 (Google Chrome Framework - message_loop.cc: 399)	base::MessageLoop::RunTask(base::PendingTask*)
0x0000000109e37a18 (Google Chrome Framework - message_loop.cc: 411)	base::MessageLoop::DoWork()
0x0000000109e39839 (Google Chrome Framework - message_pump_mac.mm: 453)	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000109e2b2c9 (Google Chrome Framework + 0x01e832c9)	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109e3915e (Google Chrome Framework - message_pump_mac.mm: 429)	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8ab743e0 (CoreFoundation + 0x000a43e0)	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff8ab5565b (CoreFoundation + 0x0008565b)	__CFRunLoopDoSources0
0x00007fff8ab54b45 (CoreFoundation + 0x00084b45)	__CFRunLoopRun
0x00007fff8ab54543 (CoreFoundation + 0x00084543)	CFRunLoopRunSpecific
0x00007fff8a0b3ebb (HIToolbox + 0x00030ebb)	RunCurrentEventLoopInMode
0x00007fff8a0b3cf0 (HIToolbox + 0x00030cf0)	ReceiveNextEventCommon
0x00007fff8a0b3b25 (HIToolbox + 0x00030b25)	_BlockUntilNextEventMatchingListInModeWithFilter
0x00007fff8864aa53 (AppKit + 0x00046a53)	_DPSNextEvent
0x00007fff88dc67ed (AppKit + 0x007c27ed)	-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x0000000109a7060f (Google Chrome Framework - chrome_browser_application_mac.mm: 174)	__71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke
0x0000000109e2b2c9 (Google Chrome Framework + 0x01e832c9)	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109a70553 (Google Chrome Framework - chrome_browser_application_mac.mm: 173)	-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x00007fff8863f3da (AppKit + 0x0003b3da)	-[NSApplication run]
0x0000000109e3a0fb (Google Chrome Framework - message_pump_mac.mm: 806)	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000109e38c7d (Google Chrome Framework - message_pump_mac.mm: 180)	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000109e5cdb4 (Google Chrome Framework - run_loop.cc: 130)	<name omitted>
0x0000000109a762d7 (Google Chrome Framework - chrome_browser_main.cc: 1955)	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x0000000108798ec3 (Google Chrome Framework - browser_main_loop.cc: 1199)	content::BrowserMainLoop::RunMainMessageLoopParts()
0x000000010879b851 (Google Chrome Framework - browser_main_runner.cc: 138)	content::BrowserMainRunnerImpl::Run()
0x000000010879555b (Google Chrome Framework - browser_main.cc: 46)	content::BrowserMain(content::MainFunctionParams const&)
0x0000000109a2921e (Google Chrome Framework - content_main_runner.cc: 720)	content::ContentMainRunnerImpl::Run()
0x000000010b3994ea (Google Chrome Framework - main.cc: 456)	service_manager::Main(service_manager::MainParams const&)
0x0000000109a28783 (Google Chrome Framework - content_main.cc: 19)	content::ContentMain(content::ContentMainParams const&)
0x0000000107fac35e (Google Chrome Framework - chrome_main.cc: 128)	ChromeMain
0x0000000106d4bdd3 (Google Chrome Canary + 0x00000dd3)	
0x00007fffa071d234 (libdyld.dylib + 0x00005234)	start

Comment 1 by tapted@chromium.org, Jan 22 2018

Cc: anthonyvd@chromium.org
Labels: OS-Chrome
Crash reporter was bucketing this into  Issue 788514 , which has a fix (r520951), which first appeared in 65.0.3283.0. But this is in a recent, Canary 65.0.3318.0.

The SetIsHighlighted() bucket is: https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27payments%3A%3APaymentRequestRowView%3A%3ASetIsHighlighted%27&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#-property-selector,+osversion

There's a crash on ChromeOS: http://go/crash/dc4868607d027bd8 and 13 on mac.

(note it seems UAFs on Mac are more likely to trigger crashes compared to other platforms)

Comment 2 by erikc...@chromium.org, Jan 30 2018

Cc: rouslan@chromium.org
Owner: rouslan@chromium.org
Status: Assigned (was: Untriaged)
Over to owners of components/payments/OWNERS

Comment 3 by rouslan@chromium.org, Jan 30 2018

Cc: -anthonyvd@chromium.org tmartino@chromium.org
Owner: anthonyvd@chromium.org

Comment 4 by anthonyvd@chromium.org, Nov 6

Owner: rouslan@chromium.org
Status: Untriaged (was: Assigned)
Bulk assigning to Rouslan the lingering Payment Request bugs that were assigned to me for triage.

Comment 5 by ellyjo...@chromium.org, Nov 12

Cc: -rouslan@chromium.org gogerald@chromium.org anthonyvd@chromium.org
Labels: -Restrict-View-EditIssue
Status: Assigned (was: Untriaged)
Mac triage: this bug still looks live from crash/ - can someone from Payments please take a look? +cc other payments owners and marking assigned to rouslan@.

Also, stripping R-V-EI - this is not a security bug.

Comment 6 by rouslan@google.com, Nov 12 

Thank you for the reminder. I'm looking into the top payments crashers according to the weekly crash numbers and this is in my queue of things to fix.

Sign in to add a comment