New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 863570 link

Starred by 3 users
Status: Fixed
Owner:
beccahughes@chromium.org
Closed: Jul 16
Cc:
apaci...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

[PiP] PiPing multiple times causes browser crash

Project Member Reported by apaci...@chromium.org, Jul 13 
ChromeOS
Chrome Version: 69.0.3491.0

http://w3schools.com/html/html5_video.asp

What steps will reproduce the problem?
(1) Enter Picture-in-Picture from a video.
(2) Exit Picture-in-Picture mode.
(3) Try to enter Picture-in-Picture again.

What is the expected result?
re-enter Picture-in-Picture

What happens instead?
crash:

Received signal 11 SEGV_MAPERR ffffcbd8edf64f0a
#0 0x7ffa5fbdf6cc base::debug::StackTrace::StackTrace()
#1 0x7ffa5fbdf231 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7ffa54a7d0c0 <unknown>
#3 0x7ffa5bc90a7b ui::LayerAnimator::SetDelegate()
#4 0x7ffa5bc86395 ui::Layer::SetAnimator()
#5 0x7ffa5bc87329 ui::Layer::SetBounds()
#6 0x7ffa5dd35d4d content::OverlaySurfaceEmbedder::UpdateLayerBounds()
#7 0x7ffa5dd36371 content::PictureInPictureWindowControllerImpl::UpdateLayerBounds()
#8 0x55cb0484dfaa OverlayWindowViews::UpdateVideoLayerSizeWithAspectRatio()
#9 0x55cb0484d809 OverlayWindowViews::CalculateAndUpdateWindowBounds()
#10 0x55cb0484e4aa OverlayWindowViews::UpdateVideoSize()
#11 0x7ffa5dd362c3 content::PictureInPictureWindowControllerImpl::EmbedSurface()
#12 0x55cb04ed1ae5 PictureInPictureWindowManager::EnterPictureInPicture()
#13 0x7ffa5deae0e6 content::WebContentsImpl::EnterPictureInPicture()
#14 0x7ffa5dd096e6 content::MediaWebContentsObserver::OnPictureInPictureModeStarted()
#15 0x7ffa5dd09585 _ZN3IPC8MessageTI61MediaPlayerDelegateHostMsg_OnPictureInPictureModeStarted_MetaNSt3__15tupleIJiN3viz9SurfaceIdEN3gfx4SizeEiEEEvE8DispatchIN7content24MediaWebContentsObserverESC_NSB_15RenderFrameHostEMSC_FvPSD_iRKS5_RKS7_iEEEbPKNS_7MessageEPT_PT0_PT1_T2_
#16 0x7ffa5dd0885b content::MediaWebContentsObserver::OnMessageReceived()
#17 0x7ffa5de96d0d content::WebContentsImpl::OnMessageReceived()
#18 0x7ffa5dc298fd content::RenderFrameHostImpl::OnMessageReceived()
#19 0x7ffa5fcde08b IPC::ChannelProxy::Context::OnDispatchMessage()
#20 0x7ffa5fb29509 base::debug::TaskAnnotator::RunTask()
#21 0x7ffa5fb4aae2 base::MessageLoop::RunTask()
#22 0x7ffa5fb4b068 base::MessageLoop::DoWork()
#23 0x7ffa5fbf1b49 base::MessagePumpLibevent::Run()
#24 0x7ffa5fb71ab5 base::RunLoop::Run()
#25 0x55cb0377881b ChromeBrowserMainParts::MainMessageLoopRun()
#26 0x7ffa5daf9567 content::BrowserMainLoop::RunMainMessageLoopParts()
#27 0x7ffa5dafbbb2 content::BrowserMainRunnerImpl::Run()
#28 0x7ffa5daf5e5b content::BrowserMain()
#29 0x7ffa5e33d02c content::ContentMainRunnerImpl::Run()
#30 0x7ffa5fe7b780 service_manager::Main()
#31 0x7ffa5e33b2f4 content::ContentMain()
#32 0x55cb02e385a3 ChromeMain
#33 0x7ffa533b82b1 __libc_start_main
#34 0x55cb02e3841a _start
  r8: 00003424ea26d708  r9: 00003424ea26d708 r10: 0000000000000000 r11: 00007ffa534f4e01
 r12: 0000000000000556 r13: 0000000000000000 r14: 00003424ed360280 r15: 00003424edf758f0
  di: 00003424ed360280  si: 00003424ed360280  bp: 00007ffc7bab2be0  bx: 00003424ed360280
  dx: 00003424ed360280  ax: ffffcbd8edf64e82  cx: 0000000000000000  sp: 00007ffc7bab2bb0
  ip: 00007ffa5bc90a7b efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000005
 trp: 000000000000000e msk: 0000000000000000 cr2: ffffcbd8edf64f0a
[end of stack trace]

Comment 1 by beccahughes@chromium.org, Jul 13

Cc: apaci...@chromium.org
Owner: beccahughes@chromium.org
Status: Started (was: Untriaged)
I think I know what is causing this
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6408835b7764533e98c52d55ed87add65b33073a

commit 6408835b7764533e98c52d55ed87add65b33073a
Author: Becca Hughes <beccahughes@chromium.org>
Date: Mon Jul 16 17:31:49 2018

[Picture in Picture] Fix ChromeOS crash

When we call UpdateLayerBounds in OverlaySurfaceEmbedder we should
also update the pointer to |window_background_layer_| (like we do
for |video_layer_|).

BUG= 863570 

Change-Id: Id5b29db2c060705ce0df0cf44cd09fa43da9902f
Reviewed-on: https://chromium-review.googlesource.com/1137062
Reviewed-by: apacible <apacible@chromium.org>
Commit-Queue: Becca Hughes <beccahughes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575328}
[modify] https://crrev.com/6408835b7764533e98c52d55ed87add65b33073a/content/browser/picture_in_picture/overlay_surface_embedder.cc

Comment 3 by beccahughes@chromium.org, Jul 16

Status: Fixed (was: Started)

Sign in to add a comment