Regression : Chrome crashes after performing right click action on any link in 'Cast' overlay.
Reported by
avsha...@etouch.net,
Jul 31
|
||||||||
Issue descriptionChrome Version : 70.0.3508.0 (Official Build) 9271ffcc91216f5c818f30b577c846306a469ad9-refs/branch-heads/3508@{#1} 64 bit OS : Windows (7, 8, 8.1, 10) What steps will reproduce the problem? 1. Launch chrome, open NTP and open cast overlay. 2. Right click on 'LEARN MORE' link in cast overlay. 3. Observe. Actual Result : Chrome crashes after performing right click action in 'Cast' overlay. Expected Result : Chrome should not crash on performing right click action. -- Crash ID: ID e9321a216e6ce44e (Local Crash ID: 4123cbe5-910a-405a-94f6-4a9b0fb83ade) This is a regression issue broken in ‘M-70’ and will soon update remaining info.
,
Jul 31
Stack trace for the crash id: ---------------------------- Thread 0 (id: 0x16d8) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000110 ] MAGIC SIGNATURE THREAD Stack Quality84%Show frame trust levels 0x000007fed3392e5e (chrome.dll + 0x00272e5e ) Browser::is_app() 0x000007fed509f177 (chrome.dll -render_view_context_menu.cc:1034 ) RenderViewContextMenu::AppendLinkItems() 0x000007fed509ebe8 (chrome.dll -render_view_context_menu.cc:756 ) RenderViewContextMenu::InitMenu() 0x000007fed4c07a61 (chrome.dll -render_view_context_menu_base.cc:179 ) RenderViewContextMenuBase::Init() 0x000007fed4793704 (chrome.dll -chrome_web_contents_view_delegate_views.cc:84 ) ChromeWebContentsViewDelegateViews::BuildMenu(content::WebContents *,content::ContextMenuParams const &) 0x000007fed47937bf (chrome.dll -chrome_web_contents_view_delegate_views.cc:101 ) ChromeWebContentsViewDelegateViews::ShowContextMenu(content::RenderFrameHost *,content::ContextMenuParams const &) 0x000007fed404703f (chrome.dll -web_contents_impl.cc:5030 ) content::WebContentsImpl::ShowContextMenu(content::RenderFrameHost *,content::ContextMenuParams const &) 0x000007fed3e84e49 (chrome.dll -render_frame_host_impl.cc:2227 ) content::RenderFrameHostImpl::OnContextMenu(content::ContextMenuParams const &) 0x000007fed3e84c1c (chrome.dll -ipc_message_templates.h:146 ) IPC::MessageT<FrameHostMsg_ContextMenu_Meta,std::tuple<content::ContextMenuParams>,void>::Dispatch<content::RenderFrameHostImpl,content::RenderFrameHostImpl,void,void (content::RenderFrameHostImpl::*)(const content::ContextMenuParams &)> 0x000007fed37556c5 (chrome.dll -render_frame_host_impl.cc:1069 ) content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const &) 0x000007fed3754db8 (chrome.dll -render_process_host_impl.cc:3114 ) content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &) 0x000007fed3754c9d (chrome.dll -ipc_channel_proxy.cc:320 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x000007fed314420b (chrome.dll -task_annotator.cc:101 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fed3143c06 (chrome.dll -message_loop.cc:432 ) base::MessageLoop::RunTask(base::PendingTask *) 0x000007fed313d0f4 (chrome.dll -message_loop.cc:515 ) base::MessageLoop::DoWork() 0x000007fed323a458 (chrome.dll -message_pump_win.cc:171 ) base::MessagePumpForUI::DoRunLoop() 0x000007fed313cded (chrome.dll -message_pump_win.cc:52 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x000007fed313cb50 (chrome.dll -run_loop.cc:102 ) base::RunLoop::Run() 0x000007fed350173f (chrome.dll -chrome_browser_main.cc:2092 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x000007fed3501543 (chrome.dll -browser_main_loop.cc:1034 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000007fed35014ee (chrome.dll -browser_main_runner_impl.cc:162 ) content::BrowserMainRunnerImpl::Run() 0x000007fed3da7515 (chrome.dll -browser_main.cc:47 ) content::BrowserMain(content::MainFunctionParams const &) 0x000007fed42e3c4e (chrome.dll -content_main_runner_impl.cc:596 ) content::RunBrowserProcessMain(content::MainFunctionParams const &,content::ContentMainDelegate *) 0x000007fed42e4000 (chrome.dll -content_main_runner_impl.cc:947 ) content::ContentMainRunnerImpl::Run(bool) 0x000007fed3125977 (chrome.dll -main.cc:472 ) service_manager::Main(service_manager::MainParams const &) 0x000007fed3125577 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x000007fed3121d69 (chrome.dll -chrome_main.cc:101 ) ChromeMain 0x000000013f95372b (chrome.exe -main_dll_loader_win.cc:201 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x000000013f951698 (chrome.exe -chrome_exe_main_win.cc:230 ) wWinMain 0x000000013fa14c91 (chrome.exe -exe_common.inl:283 ) __scrt_common_main_seh 0x770259cc (KERNEL32.dll + 0x000159cc ) BaseThreadInitThunk 0x7728383c (ntdll.dll + 0x0005383c ) RtlUserThreadStart 1)This crash is first started on latest canary 64.0.3282.186 and seeing 1 from 1 different clients. 2)This crash seen on Windows>Browser and it is in 16th rank position. 3)This crash not seen on latest Dev build. 70.0.3508.0 4.31% 5 - Canary 68.0.3440.75 3.45% 4 - Beta & Stable Link to the list of builds: --------------------------- https://crash.corp.google.com/browse?q=product_name%3D%27Chrome%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27RenderViewContextMenu%3A%3AAppendLinkItems%27#-productname:1000,productversion:110,-magicsignature:50,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50 Thank You!
,
Jul 31
Adding release blocker label for this issue.Please reduce priority or remove if not the case. Thank You!
,
Aug 1
Looks like a missing null check, fix incoming. This probably affects ChromeOS as well.
,
Aug 1
,
Aug 1
Confirmed this affects ChromeOS which enabled DesktopPWAWindowing in M67. The crash server shows no ChromeOS instances of this crash so we can probably skip merging the fix.
,
Aug 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7 commit 0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7 Author: Alan Cutter <alancutter@chromium.org> Date: Thu Aug 02 01:57:37 2018 Fix crash when right clicking link in CastUI This CL adds a null check to RenderViewContextMenu::AppendLinkItems() ensuring we have an associated Browser before attempting to use it. Bug: 869280 Change-Id: Ib1ffecd9dfbe27fb4fc6f6c77762c6337c36d4d4 Reviewed-on: https://chromium-review.googlesource.com/1158110 Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Giovanni Ortuño Urquidi <ortuno@chromium.org> Commit-Queue: Alan Cutter <alancutter@chromium.org> Cr-Commit-Position: refs/heads/master@{#580029} [modify] https://crrev.com/0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7/chrome/browser/DEPS [modify] https://crrev.com/0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7/chrome/browser/renderer_context_menu/render_view_context_menu.cc [modify] https://crrev.com/0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7/chrome/browser/renderer_context_menu/render_view_context_menu.h [modify] https://crrev.com/0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7/chrome/browser/renderer_context_menu/render_view_context_menu_browsertest.cc
,
Aug 2
,
Aug 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0a26ad31ea97b1f1e9354502fc172c08310931a4 commit 0a26ad31ea97b1f1e9354502fc172c08310931a4 Author: Findit <findit-for-me@appspot.gserviceaccount.com> Date: Thu Aug 02 06:50:00 2018 Revert "Fix crash when right clicking link in CastUI" This reverts commit 0ea2267a7cefa49ffd3f3080dcea241d9bbcdfd7. Reason for revert: Findit (https://goo.gl/kROfz5) identified CL at revision 580029 as the culprit for failures in the build cycles as shown on: https://findit-for-me.appspot.com/waterfall/culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyRAsSDVdmU3VzcGVjdGVkQ0wiMWNocm9taXVtLzBlYTIyNjdhN2NlZmE0OWZmZDNmMzA4MGRjZWEyNDFkOWJiY2RmZDcM Sample Failed Build: https://ci.chromium.org/buildbot/chromium.memory/Linux%20CFI/9359 Sample Failed Step: not_site_per_process_browser_tests Original change's description: > Fix crash when right clicking link in CastUI > > This CL adds a null check to RenderViewContextMenu::AppendLinkItems() > ensuring we have an associated Browser before attempting to use it. > > Bug: 869280 > Change-Id: Ib1ffecd9dfbe27fb4fc6f6c77762c6337c36d4d4 > Reviewed-on: https://chromium-review.googlesource.com/1158110 > Reviewed-by: Avi Drissman <avi@chromium.org> > Reviewed-by: Giovanni Ortuño Urquidi <ortuno@chromium.org> > Commit-Queue: Alan Cutter <alancutter@chromium.org> > Cr-Commit-Position: refs/heads/master@{#580029} Change-Id: Ie3a0067047c42fc8682ca8663eede8f1195afaed No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 869280 Reviewed-on: https://chromium-review.googlesource.com/1159804 Cr-Commit-Position: refs/heads/master@{#580095} [modify] https://crrev.com/0a26ad31ea97b1f1e9354502fc172c08310931a4/chrome/browser/DEPS [modify] https://crrev.com/0a26ad31ea97b1f1e9354502fc172c08310931a4/chrome/browser/renderer_context_menu/render_view_context_menu.cc [modify] https://crrev.com/0a26ad31ea97b1f1e9354502fc172c08310931a4/chrome/browser/renderer_context_menu/render_view_context_menu.h [modify] https://crrev.com/0a26ad31ea97b1f1e9354502fc172c08310931a4/chrome/browser/renderer_context_menu/render_view_context_menu_browsertest.cc
,
Aug 2
,
Aug 3
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/692e32e418d6e11d99d4eab76f575a8bc13935ce commit 692e32e418d6e11d99d4eab76f575a8bc13935ce Author: Alan Cutter <alancutter@chromium.org> Date: Fri Aug 03 01:32:14 2018 Reland: Fix crash when right clicking link in CastUI This CL adds a null check to RenderViewContextMenu::AppendLinkItems() ensuring we have an associated Browser before attempting to use it. This is a reland of https://chromium-review.googlesource.com/c/chromium/src/+/1158110 without using TestWebContents (which results in a bad downcast). Bug: 869280 Change-Id: I6799f0c746c0cdca941e1235ac476f4e1d8a1f0e Reviewed-on: https://chromium-review.googlesource.com/1160121 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Alan Cutter <alancutter@chromium.org> Cr-Commit-Position: refs/heads/master@{#580405} [modify] https://crrev.com/692e32e418d6e11d99d4eab76f575a8bc13935ce/chrome/browser/renderer_context_menu/render_view_context_menu.cc [modify] https://crrev.com/692e32e418d6e11d99d4eab76f575a8bc13935ce/chrome/browser/renderer_context_menu/render_view_context_menu.h [modify] https://crrev.com/692e32e418d6e11d99d4eab76f575a8bc13935ce/chrome/browser/renderer_context_menu/render_view_context_menu_browsertest.cc
,
Aug 3
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by avsha...@etouch.net
, Jul 31Owner: alancutter@chromium.org
Status: Assigned (was: Unconfirmed)