Issue metadata
Sign in to add a comment
|
Chrome crash when trying to save entry in web extension local storage
Reported by
cpextens...@gmail.com,
Aug 9
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 Steps to reproduce the problem: 1.Use Windows 10 machine with chrome version 68, install the Check Point Agent for browsers extension from the bellow link: https://chrome.google.com/webstore/detail/check-point-sandblast-age/bnbpncoilnpdbcbfcegbjocobjppndlh?authuser=1 2. close all chrome process 3. go to the local settings of the extension under %LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\bnbpncoilnpdbcbfcegbjocobjppndlh and delete all the files 4. download the zip fie from the following link https://www.dropbox.com/s/zpxnq8wz7c8kjvi/bnbpncoilnpdbcbfcegbjocobjppndlh.zip?dl=0 4. extract the the downloaded zip "local settings.zip" to the folder %LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\bnbpncoilnpdbcbfcegbjocobjppndlh 5. Launch Chrome and navigate to some web site which requires login (don't try google.com domain, try yahoo or any other site) note: the extension will scan each site only once 4. click on the user name\password field, and see that the extension is scanning the page 5. once the scan will finish the chrome will crash What is the expected behavior? after the extension finish scanning the field, the web page should continue as normal, and chrome shouldn't crash What went wrong? after the extension finish scanning the field, chrome crashed. (not just specific tab, all the processes were crashed) we believe that when chrome was upgraded from version 67 to 68, it corrupted something in the local storage, and when the extension try to use chrome api to write to the local storage the chrome crashes. Did this work before? Yes Does this work in other browsers? Yes Chrome version: 67.0.3396.99 Channel: n/a OS Version: 10.0 Flash Version: unfortunately i couldn't upload the chrome crash report so i can't supply you with a chrome crash id. this issue effect about 200,000 chrome users which use the Check Point chrome extension. we will appreciate your urgent assistance.
,
Aug 9
,
Aug 10
Tested this issue on reported chrome version 67.0.3396.99 and latest chrome stable 68.0.3440.106 using Windows 10. Steps: --------- 1. Launched reported chrome 2. Followed the the steps in original comment #0 As we are Observed that extension finish scanning and web page continue as normal, as per screen-cast @Reporter: Can you verify this issue with fresh profile that is not having any extensions and apps or reset all the flags. Let us know whether issue still persists. Could you please upgrade to latest chrome stable 68.0.3440.106, you can download latest chrome builds here:" https://www.chromium.org/getting-involved/dev-channel ". If possible provide chrome://crashes , that will help us for better investigating on it. Thanks..!
,
Aug 10
Hi, the issue reproduce also on latest Chrome version 68.0.3440.106. If i will delete the extension storage folder the issue will not happen, but we cant just delete the storage to all of our users. Chrome is failing to upload the crash automatically so i cant share it. What input can i give you to debug the problem? Can i do a remote session with you to help you reproduce the problem on your machine? It is easy to reproduce and happen to thousands of our users. Check Point is one of the largest software security provider amd this crash effects tens of thousands users which use our extension. I would highly appreciate if i can show the issue to you and to progress towards resolution.
,
Aug 10
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 13
I was able to repro this crash on the latest stable 68.0.3440.106 on Windows 10. Crash id: 83ce8d8c660f3e34 Stack trace : Thread 0 (id: 0x271c) CRASHED [EXCEPTION_BREAKPOINT @ 0x00007ff9bb75f88d ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x00007ff9bb75f88d (chrome.dll -ipc_channel_proxy.cc:517 ) IPC::ChannelProxy::Send(IPC::Message *) 0x00007ff9bb75f772 (chrome.dll -render_process_host_impl.cc:3016 ) content::RenderProcessHostImpl::Send(IPC::Message *) 0x00007ff9bc39bbe5 (chrome.dll -event_router.cc:99 ) extensions::EventRouter::DispatchExtensionMessage(IPC::Sender *,int,void *,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,int,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue *,extensions::EventRouter::UserGestureState,extensions::EventFilteringInfo const &) 0x00007ff9bc39d3fe (chrome.dll -event_router.cc:634 ) extensions::EventRouter::DispatchEventToProcess(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,GURL const &,content::RenderProcessHost *,int,linked_ptr<extensions::Event> const &,base::DictionaryValue const *,bool) 0x00007ff9bb6788d1 (chrome.dll -event_router.cc:555 ) extensions::EventRouter::DispatchEventImpl(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,linked_ptr<extensions::Event> const &) 0x00007ff9bb6786a0 (chrome.dll -event_router.cc:492 ) extensions::EventRouter::DispatchEventToExtension(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,std::unique_ptr<extensions::Event,std::default_delete<extensions::Event> >) 0x00007ff9bc495243 (chrome.dll -storage_frontend.cc:64 ) extensions::`anonymous namespace'::DefaultObserver::OnSettingsChanged 0x00007ff9bc494b6b (chrome.dll -bind_internal.h:603 ) base::internal::Invoker<base::internal::BindState<void (*)(void (extensions::SettingsObserver::*)(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, extensions::settings_namespace::Namespace, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &), const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, extensions::settings_namespace::Namespace, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, extensions::SettingsObserver *),void (extensions::SettingsObserver::*)(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &, extensions::settings_namespace::Namespace, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > &),std::basic_string<char,std::char_traits<char>,std::allocator<char> >,extensions::settings_namespace::Namespace,std::basic_string<char,std::char_traits<char>,std::allocator<char> > >,void (extensions::SettingsObserver *)>::Run 0x00007ff9bbb4a88f (chrome.dll -observer_list_threadsafe.h:215 ) base::ObserverListThreadSafe<content::GpuDataManagerObserver>::NotifyWrapper(content::GpuDataManagerObserver *,base::ObserverListThreadSafe<content::GpuDataManagerObserver>::NotificationData const &) 0x00007ff9bb470094 (chrome.dll -task_annotator.cc:101 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ff9bb46fb6b (chrome.dll -message_loop.cc:319 ) base::MessageLoop::RunTask(base::PendingTask *) 0x00007ff9bb46f5b7 (chrome.dll -message_loop.cc:373 ) base::MessageLoop::DoWork() 0x00007ff9bb563a68 (chrome.dll -message_pump_win.cc:177 ) base::MessagePumpForUI::DoRunLoop() 0x00007ff9bb4b4c37 (chrome.dll -message_pump_win.cc:56 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x00007ff9bb46f110 (chrome.dll -run_loop.cc:102 ) base::RunLoop::Run() 0x00007ff9bb7fce51 (chrome.dll -chrome_browser_main.cc:2153 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x00007ff9bb7fcc47 (chrome.dll -browser_main_loop.cc:978 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00007ff9bb7fcbf2 (chrome.dll -browser_main_runner_impl.cc:169 ) content::BrowserMainRunnerImpl::Run() 0x00007ff9bbfeb352 (chrome.dll -browser_main.cc:51 ) content::BrowserMain(content::MainFunctionParams const &,std::unique_ptr<content::BrowserProcessSubThread,std::default_delete<content::BrowserProcessSubThread> >) 0x00007ff9bc5323f2 (chrome.dll -content_main_runner_impl.cc:620 ) content::RunBrowserProcessMain(content::MainFunctionParams const &,content::ContentMainDelegate *,std::unique_ptr<content::BrowserProcessSubThread,std::default_delete<content::BrowserProcessSubThread> >) 0x00007ff9bb465985 (chrome.dll -content_main_runner_impl.cc:964 ) content::ContentMainRunnerImpl::Run() 0x00007ff9bb455172 (chrome.dll -main.cc:459 ) service_manager::Main(service_manager::MainParams const &) 0x00007ff9bb454a07 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x00007ff9bb451af1 (chrome.dll -chrome_main.cc:101 ) ChromeMain 0x00007ff75b8735d5 (chrome.exe -main_dll_loader_win.cc:201 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff75b871698 (chrome.exe -chrome_exe_main_win.cc:230 ) wWinMain 0x00007ff75b94bdc5 (chrome.exe -exe_common.inl:283 ) __scrt_common_main_seh 0x00007ff9f48e3033 (KERNEL32.DLL + 0x00013033 ) BaseThreadInitThunk 0x00007ff9f52a1430 (ntdll.dll + 0x00071430 ) RtlUserThreadStart phanindra@: Could you please recheck this and perform a bisect on this.
,
Aug 14
Able to reproduce issue on reported chrome version 67.0.3396.99 & on latest chrome 70.0.3521.0 using Windows 10. Hence providing bisect information below. NOTE: Issue specific to OS windows. Bisect Info: ================ Good build: 63.0.3215.0 Bad build: 63.0.3216.0 suspect: https://chromium-review.googlesource.com/c/chromium/src/+/666065 Reviewed-on: https://chromium-review.googlesource.com/666065 @lazyboy: Please confirm the issue and help in re-assigning if it is not related to your change. Thanks..!
,
Aug 16
HI, i'm glad to see you are able to reproduce, is there any planned version for this fix?
,
Nov 2
I looked at this one a bit before and forgot to update, it seems the size of the ipc becomes larger than max allowed 128 mb. I got [230157:230157:1102/120854.939092:FATAL:ipc_channel_proxy.cc(540)] Check failed: message->size() <= Channel::kMaximumMessageSize (220840196 vs. 134217728) failure when I tried locally. This is coming from extension's OnSettingsChanged observer, so I'm assuming the stored data size is simply too large. /cc rdevlin for thoughts. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mek@chromium.org
, Aug 9