New issue
Advanced search Search tips

Issue 876116 link

Starred by 1 user
Status: Unconfirmed
Owner: ----
Cc:
carlosil@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

GPU and low trusted processes crash

Reported by kitt...@gmail.com, Aug 20 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36

Steps to reproduce the problem:
1. On Windows 10 with certain policies (couldn't pinpoint yet), GPU process and other process with Low/Untrusted privilege crash.

What is the expected behavior?
No crash

What went wrong?
(fe4.3b14): Guard page violation - code 80000001 (first/second chance not available)
00 (Inline Function) --------`-------- Electron!base::win::PEImage::GetNTHeaders+0xa
01 (Inline Function) --------`-------- Electron!base::win::PEImage::GetImageDirectoryEntryAddr+0xa
02 (Inline Function) --------`-------- Electron!base::win::PEImage::GetExportDirectory+0xa
03 00000000`089de310 00007ff6`547aa33e Electron!base::win::PEImage::GetExportEntry+0x19 c:\users\sysadmin\buildagent\workspace\358518\src\base\win\pe_image.cc @ 186]
04 00000000`089de340 00007ff6`555f6259 Electron!base::win::PEImage::GetProcAddress+0xe c:\users\sysadmin\buildagent\workspace\358518\src\base\win\pe_image.cc @ 202]
05 00000000`089de370 00007ff6`555f5dd4 Electron!sandbox::ServiceResolverThunk::ResolveTarget+0x39 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\service_resolver.cc @ 32]
06 00000000`089de3b0 00007ff6`555f6178 Electron!sandbox::ResolverThunk::Init+0x84 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\resolver.cc @ 36]
07 00000000`089de3e0 00007ff6`554a59ec Electron!sandbox::ServiceResolverThunk::Setup+0x48 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\service_resolver_64.cc @ 148]
08 00000000`089de430 00007ff6`554a5c52 Electron!sandbox::InterceptionManager::PatchClientFunctions+0x14c c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\interception.cc @ 533]
09 00000000`089de560 00007ff6`554a57a8 Electron!sandbox::InterceptionManager::PatchNtdll+0x192 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\interception.cc @ 439]
0a 00000000`089de750 00007ff6`551fb4b5 Electron!sandbox::InterceptionManager::InitializeInterceptions+0x78 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\interception.cc @ 150]
0b 00000000`089de780 00007ff6`551fa713 Electron!sandbox::PolicyBase::SetupAllInterceptions+0xd5 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\sandbox_policy_base.cc @ 646]
0c 00000000`089de7d0 00007ff6`54e25b9a Electron!sandbox::PolicyBase::AddTarget+0x53 c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\sandbox_policy_base.cc @ 519]
0d 00000000`089de810 00007ff6`54ecc42e Electron!sandbox::BrokerServicesBase::SpawnTarget+0x9ca c:\users\sysadmin\buildagent\workspace\358518\src\sandbox\win\src\broker_services.cc @ 435]
0e 00000000`089deb20 00007ff6`55012dc6 Electron!content::StartSandboxedProcess+0x65e c:\users\sysadmin\buildagent\workspace\358518\src\content\common\sandbox_win.cc @ 833]
0f 00000000`089def30 00007ff6`5501250a Electron!content::internal::ChildProcessLauncherHelper::LaunchProcessOnLauncherThread+0x1d6 c:\users\sysadmin\buildagent\workspace\358518\src\content\browser\child_process_launcher_helper_win.cc @ 80]
10 00000000`089df090 00007ff6`5478fd58 Electron!content::internal::ChildProcessLauncherHelper::LaunchOnLauncherThread+0x9a c:\users\sysadmin\buildagent\workspace\358518\src\content\browser\child_process_launcher_helper.cc @ 104]
11 (Inline Function) --------`-------- Electron!base::Callback<void __cdecl(void),0,0>::Run+0xb c:\users\sysadmin\buildagent\workspace\358518\src\base\callback.h @ 91]
12 00000000`089df190 00007ff6`5472dd26 Electron!base::debug::TaskAnnotator::RunTask+0x188 c:\users\sysadmin\buildagent\workspace\358518\src\base\debug\task_annotator.cc @ 59]
13 00000000`089df2b0 00007ff6`5472c810 Electron!base::MessageLoop::RunTask+0x566 c:\users\sysadmin\buildagent\workspace\358518\src\base\message_loop\message_loop.cc @ 424]
14 (Inline Function) --------`-------- Electron!base::MessageLoop::DeferOrRunPendingTask+0x4f c:\users\sysadmin\buildagent\workspace\358518\src\base\message_loop\message_loop.cc @ 434]
15 00000000`089df560 00007ff6`54791d93 Electron!base::MessageLoop::DoWork+0x190 c:\users\sysadmin\buildagent\workspace\358518\src\base\message_loop\message_loop.cc @ 527]
16 00000000`089df680 00007ff6`5473344e Electron!base::MessagePumpDefault::Run+0x83 c:\users\sysadmin\buildagent\workspace\358518\src\base\message_loop\message_pump_default.cc @ 34]
17 00000000`089df6b0 00007ff6`548067fe Electron!base::RunLoop::Run+0x6e c:\users\sysadmin\buildagent\workspace\358518\src\base\run_loop.cc @ 38]
18 00000000`089df700 00007ff6`54806b37 Electron!content::BrowserThreadImpl::ProcessLauncherThreadRun+0x2e c:\users\sysadmin\buildagent\workspace\358518\src\content\browser\browser_thread_impl.cc @ 267]
19 00000000`089df850 00007ff6`54750e47 Electron!content::BrowserThreadImpl::Run+0x167 c:\users\sysadmin\buildagent\workspace\358518\src\content\browser\browser_thread_impl.cc @ 309]
1a 00000000`089df990 00007ff6`54711605 Electron!base::Thread::ThreadMain+0x1a7 c:\users\sysadmin\buildagent\workspace\358518\src\base\threading\thread.cc @ 336]
1b 00000000`089dfa20 00007ff8`30901fe4 Electron!base::`anonymous namespace'::ThreadFunc+0x155 c:\users\sysadmin\buildagent\workspace\358518\src\base\threading\platform_thread_win.cc @ 91]
1c 00000000`089dfa90 00007ff8`3284cb31 kernel32!BaseThreadInitThunk+0x14 base\win32\client\thread.c @ 64]
1d 00000000`089dfac0 00000000`00000000 ntdll!RtlUserThreadStart+0x21 minkernel\ntdll\rtlstrt.c @ 997]

Did this work before? N/A 

Chrome version: 61.0.3163.100  Channel: stable
OS Version: 10.0
Flash Version:

Comment 1 by carlosil@chromium.org, Aug 21 

This looks like a crash on a very old version of Chrome (61), are you able to reproduce this is current Stable(68), Beta(69) or Dev(70)?

Comment 2 by carlosil@chromium.org, Aug 21

Cc: carlosil@chromium.org
Labels: Needs-Feedback

Comment 3 by kitt...@gmail.com, Aug 21 

Thanks for fast response. We are working on electron framework and don't have newer build of electron with latest chromium builds. Can you please help us understand why this issue could happen?
Project Member

Comment 4 by sheriffbot@chromium.org, Aug 21

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by dtapu...@chromium.org, Aug 21

Components: Internals>Sandbox
Perhaps the sandbox folks might have an idea but it could be electron isn't setting up the sandbox process correctly.

Comment 6 by wfh@chromium.org, Aug 22

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug
Hi - can you try and reproduce with a later version of Chromium, even if this was an issue, the issue might have been fixed in the meantime, so it wouldn't really be actionable.

Alternatively, or in addition, can you provide a set of reproduction steps?

Also, not a security issue.

Comment 7 by susan.boorgula@chromium.org, Aug 23

Labels: Needs-Milestone

Sign in to add a comment