New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 834055 link

Starred by 1 user
Status: Fixed
Owner:
rob@robwu.nl
Closed: Apr 2018
Cc:
sindhu.chelamcherla@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Call from extension background to chrome.tabs.connect crashes context

Reported by drol...@yahoo.com, Apr 17 2018 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Steps to reproduce the problem:
From the background context of an extension, call chrome.tabs.connect(2,{name:"test",frameId: null});

What is the expected behavior?
Call returns a port or set runtime.lastError to something like "don't pass null as frameId value".

What went wrong?
The extension context crashes.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 65.0.3325.181  Channel: stable
OS Version: ubuntu 16.04
Flash Version: 

May be related to another issue that I submitted:

https://bugs.chromium.org/p/chromium/issues/detail?id=832756#c5

Comment 1 by vamshi.kommuri@chromium.org, Apr 18 2018

Components: Platform>Extensions
Labels: Needs-Triage-M65

Comment 2 by woxxom@gmail.com, Apr 18 2018 

Bisected to 4ae97b7b61308ab58413c135b4ed70955b698335 = https://crrev.com/758443002 by rob@robwu.nl
"Add frameId option to chrome.tabs.connect and chrome.tabs.sendMessage."
Landed in 41.0.2245.0

Repro: install the attached extension
Expected: "GOOD" is displayed
Observed: the extension crashes
test-crash-ext.zip
594 bytes Download

Comment 3 Deleted

Comment 4 by sindhu.chelamcherla@chromium.org, Apr 18 2018

Cc: sindhu.chelamcherla@chromium.org
Labels: Triaged-ET M-68 FoundIn-68 Target-68 OS-Mac OS-Windows
Owner: rob@robwu.nl
Status: Assigned (was: Unconfirmed)
Able to reproduce this issue on reported version 65.0.3325.181 , on latest stable 66.0.3359.117 and latest canary 68.0.3398.0 using Windows 10, Ubuntu 14.04 and Mac 10.13.3.

This issue is seen from M-60. As per comment#2 assigning to rob@robwu.nl@. Please feel free to re-assign if this is not your change.

Thanks!

Comment 5 by rob@robwu.nl, Apr 19 2018

Labels: OS-Chrome
Status: Started (was: Assigned)
The crash is:

[38:38:0419/224435.492639:FATAL:messaging_bindings.cc(253)] Check failed: args[1]->IsInt32(). 
#0 0x55b246cb5f4c base::debug::StackTrace::StackTrace()
#1 0x55b246ccdc5c logging::LogMessage::~LogMessage()
#2 0x55b2469939dc extensions::MessagingBindings::OpenChannelToTab()
#3 0x55b24699b7de extensions::ObjectBackedNativeHandler::Router()
#4 0x55b24614f609 v8::internal::FunctionCallbackArguments::Call()
#5 0x55b2461cde7c v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#6 0x55b2461cd4c7 v8::internal::Builtin_Impl_HandleApiCall()
#7 0x10ed79d8431d <unknown>

I should add a null check and default to -1.
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 20 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/35b5a75bf1276ea448944fa1295828207d95b2bb

commit 35b5a75bf1276ea448944fa1295828207d95b2bb
Author: Rob Wu <rob@robwu.nl>
Date: Fri Apr 20 00:04:37 2018

Treat frameId:null in chrome.tabs.connect as -1

BUG= 834055 

Change-Id: I060d4e879f42416916bac8f2a5b5b3f487c0df1b
Reviewed-on: https://chromium-review.googlesource.com/1019447
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Rob Wu <rob@robwu.nl>
Cr-Commit-Position: refs/heads/master@{#552208}
[modify] https://crrev.com/35b5a75bf1276ea448944fa1295828207d95b2bb/chrome/renderer/resources/extensions/tabs_custom_bindings.js
[modify] https://crrev.com/35b5a75bf1276ea448944fa1295828207d95b2bb/chrome/test/data/extensions/api_test/messaging/connect/test.js

Comment 7 by rob@robwu.nl, Apr 20 2018

Status: Fixed (was: Started)
Project Member

Comment 8 by bugdroid1@chromium.org, Apr 21 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f054d0e42c4d2aff375f0c865204a18981b7f163

commit f054d0e42c4d2aff375f0c865204a18981b7f163
Author: Devlin Cronin <rdevlin.cronin@chromium.org>
Date: Sat Apr 21 00:25:33 2018

[Extensions Bindings] Add unittest for frameId:null in chrome.tabs.connect

We treat null and undefined frame IDs as -1. Add a test for native
extension bindings.

Follows Rob Wu's CL from revision
https://crrev.com/35b5a75bf1276ea448944fa1295828207d95b2bb.

BUG= 834055 

Change-Id: I100c2fc90c920f0af0cff69aa387de66c7e790bd
Reviewed-on: https://chromium-review.googlesource.com/1020368
Reviewed-by: Rob Wu <rob@robwu.nl>
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552528}
[modify] https://crrev.com/f054d0e42c4d2aff375f0c865204a18981b7f163/chrome/renderer/extensions/tabs_hooks_delegate_unittest.cc
[modify] https://crrev.com/f054d0e42c4d2aff375f0c865204a18981b7f163/extensions/renderer/messaging_util.cc
[modify] https://crrev.com/f054d0e42c4d2aff375f0c865204a18981b7f163/extensions/renderer/messaging_util_unittest.cc

Sign in to add a comment