New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 877516 link

Starred by 1 user
Status: Assigned
Owner:
caseq@chromium.org
Cc:
dvallet@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

EXC_BAD_ACCESS Downloading a file using Chrome + Watir

Reported by ha...@convopanda.com, Aug 24 
Chrome Version       : 68.0.3440.106
OS Version: OS X 10.13.6
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari:
    Firefox:
    IE/Edge:

What steps will reproduce the problem?
1. Running Chrome using Watir (not headless) (https://github.com/watir/watir)
2. Use the bridge to set Page.setDownloadBehavior to 'allow' and specify a downloadPath
3. When attempting to download a file, Chrome crashes hard.

What is the expected result?

Chrome downloads the file to the specified downloadPath


What happens instead of that?

EXC_BAD_ACCESS error. See attached error report.


Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
ella_download_error_report.txt
95.6 KB View Download

Comment 1 by rsesek@chromium.org, Aug 24

Components: UI>Browser>Downloads
Labels: -Pri-3 Stability-Crash Pri-2
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000018

VM Regions Near 0x18:
--> 
    __TEXT                 00000001077cc000-00000001077cd000 [    4K] r-x/rwx SM=COW  /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

Thread 0 Crashed:: CrBrowserMain  Dispatch queue: com.apple.main-thread
0   com.google.Chrome.framework     0x0000000109989594 base::SupportsUserData::GetUserData(void const*) const + __tree:1089
1   com.google.Chrome.framework     0x00000001082bce7b content::protocol::DevToolsDownloadManagerDelegate::ShouldOpenDownload(download::DownloadItem*, base::RepeatingCallback<void (bool)> const&) + web_contents_user_data.h:47
2   com.google.Chrome.framework     0x00000001081172a6 download::DownloadItemImpl::OnDownloadRenamedToFinalName(download::DownloadInterruptReason, base::FilePath const&) + download_item_impl.cc:1781
3   com.google.Chrome.framework     0x000000010810e98f base::internal::Invoker<base::internal::BindState<base::RepeatingCallback<void (download::DownloadInterruptReason, base::FilePath const&)>, download::DownloadInterruptReason, base::FilePath>, void ()>::RunOnce(base::internal::BindStateBase*) + callback_internal.h:169
4   com.google.Chrome.framework     0x000000010992e957 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + callback_forward.h:11
5   com.google.Chrome.framework     0x000000010994e8f4 base::MessageLoop::RunTask(base::PendingTask*) + vector:639
6   com.google.Chrome.framework     0x000000010994edc8 base::MessageLoop::DoWork() + message_loop.cc:373
7   com.google.Chrome.framework     0x0000000109950a8a base::MessagePumpCFRunLoopBase::RunWork() + message_pump_mac.mm:455
8   com.google.Chrome.framework     0x000000010994164a base::mac::CallWithEHFrame(void () block_pointer) + 
9   com.google.Chrome.framework     0x00000001099503af base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + message_pump_mac.mm:434
10  com.apple.CoreFoundation        0x00007fff2aca1a11 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
11  com.apple.CoreFoundation        0x00007fff2ad5b42c __CFRunLoopDoSource0 + 108
12  com.apple.CoreFoundation        0x00007fff2ac84470 __CFRunLoopDoSources0 + 208
13  com.apple.CoreFoundation        0x00007fff2ac838ed __CFRunLoopRun + 1293
14  com.apple.CoreFoundation        0x00007fff2ac83153 CFRunLoopRunSpecific + 483
15  com.apple.HIToolbox             0x00007fff29f6dd96 RunCurrentEventLoopInMode + 286
16  com.apple.HIToolbox             0x00007fff29f6db06 ReceiveNextEventCommon + 613
17  com.apple.HIToolbox             0x00007fff29f6d884 _BlockUntilNextEventMatchingListInModeWithFilter + 64
18  com.apple.AppKit                0x00007fff2821ea73 _DPSNextEvent + 2085
19  com.apple.AppKit                0x00007fff289b4e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
20  com.google.Chrome.framework     0x0000000109585450 __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + chrome_browser_application_mac.mm:233
21  com.google.Chrome.framework     0x000000010994164a base::mac::CallWithEHFrame(void () block_pointer) + 
22  com.google.Chrome.framework     0x0000000109585384 -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + chrome_browser_application_mac.mm:238
23  com.apple.AppKit                0x00007fff28213885 -[NSApplication run] + 764
24  com.google.Chrome.framework     0x000000010995136c base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + message_pump_mac.mm:824
25  com.google.Chrome.framework     0x000000010994fece base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + message_pump_mac.mm:306
26  com.google.Chrome.framework     0x0000000109973285 <name omitted> + run_loop.cc:108
27  com.google.Chrome.framework     0x000000010958c049 ChromeBrowserMainParts::MainMessageLoopRun(int*) + chrome_browser_main.cc:2157
28  com.google.Chrome.framework     0x0000000108242f14 content::BrowserMainLoop::RunMainMessageLoopParts() + browser_main_loop.cc:980
29  com.google.Chrome.framework     0x00000001082454d2 content::BrowserMainRunnerImpl::Run() + memory:2603
30  com.google.Chrome.framework     0x000000010823fa4b content::BrowserMain(content::MainFunctionParams const&, std::__1::unique_ptr<content::BrowserProcessSubThread, std::__1::default_delete<content::BrowserProcessSubThread> >) + browser_main.cc:51
31  com.google.Chrome.framework     0x000000010953fb27 content::ContentMainRunnerImpl::Run() + content_main_runner_impl.cc:620
32  com.google.Chrome.framework     0x000000010ad91d44 service_manager::Main(service_manager::MainParams const&) + main.cc:459
33  com.google.Chrome.framework     0x000000010953eba4 content::ContentMain(content::ContentMainParams const&) + content_main.cc:19
34  com.google.Chrome.framework     0x00000001077fb773 ChromeMain + chrome_main.cc:0
35  com.google.Chrome               0x00000001077ccdd5 main + chrome_exe_main_mac.cc:169
36  libdyld.dylib                   0x00007fff52ac4015 start + 1

Comment 2 by davidben@chromium.org, Aug 24

Components: Platform>DevTools
Looks like the crash is because DownloadItemUtils::GetWebContents is returning nullptr here, and the DevTools code doesn't handle it correctly.
https://cs.chromium.org/chromium/src/content/browser/devtools/protocol/devtools_download_manager_delegate.cc?rcl=633a77ea42c1d12705d06c28c321865110645c31&l=131

Sampling other callers, they handle the null case. DevTools is just missing it.

Comment 3 by ha...@convopanda.com, Aug 24 

Robert & David,

Thank you for your help troubleshooting this. Let me know if I can assist with anything in getting this resolved. Unfortunately I don't know C or C++ well enough to help with that.

Kind regards,

Harry

Comment 4 by davidben@chromium.org, Aug 24

Cc: dvallet@chromium.org
DevToolsDownloadManagerDelegate::DetermineDownloadTarget in that file has the same issue.

+dvallet who appears to have written most of this file.

Comment 5 by lushnikov@chromium.org, Aug 25

Owner: caseq@chromium.org
Status: Assigned (was: Unconfirmed)

Sign in to add a comment