[iOS Chrome] Crash when saving password for password forms inside iframe. |
||||||||
Issue descriptionChrome Version: 71.0.3567.0 OS: iOS 11.4.1 What steps will reproduce the problem? (1) Open https://scottwug.github.io/autofill/frame.html (2) Fill-in username and password in first password form and submit. (3) Tap "Save" What is the expected result? Not crash What happens instead? Crash Looks like the issue is caused by calling driver->GetPasswordAutofillManager()->DeleteFillData() in password_manager.cc, while GetPasswordAutofillManager() is returning nullptr in ios chrome (see ios/chrome/browser/passwords/ios_chrome_password_manager_driver.mm)
,
Oct 1
,
Oct 1
+vasilii - maybe related to the security checks you introduced recently? +dvadym FYI
,
Oct 1
,
Oct 1
I tried it on the simulator 71.0.3568.0. My changes about security checks are not compiled on iOS. Can you reproduce it in the simulator and give us a stack trace?
,
Oct 1
* thread #1, name = 'CrWebMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
* frame #0: 0x000000010fda536a Chromium`password_manager::PasswordAutofillManager::DeleteFillData() [inlined] std::__1::unique_ptr<autofill::PasswordFormFillData, std::__1::default_delete<autofill::PasswordFormFillData> >::reset(this=0x0000000000000008, __p=0x0000000000000000) at memory:2632
frame #1: 0x000000010fda536a Chromium`password_manager::PasswordAutofillManager::DeleteFillData(this=0x0000000000000000) at password_autofill_manager.cc:264
frame #2: 0x000000010fe0bd09 Chromium`password_manager::PasswordManager::UpdateFormManagers(this=0x00007fb13ac7aed0) at password_manager.cc:596
frame #3: 0x000000010fdb61b2 Chromium`password_manager::PasswordFormManager::Save(this=0x00007fb13b0ca800) at password_form_manager.cc:345
frame #4: 0x000000010b4c85f2 Chromium`IOSChromeSavePasswordInfoBarDelegate::Accept(this=0x0000600003a53b70) at ios_chrome_save_password_infobar_delegate.mm:75
frame #5: 0x000000010b4deec2 Chromium`::-[ConfirmInfoBarController infoBarButtonDidPress:](self=0x0000600003a53120, _cmd="infoBarButtonDidPress:", sender=0x00007fb13aa54930) at confirm_infobar_controller.mm:144
frame #6: 0x000000011f3b399f UIKitCore`-[UIApplication sendAction:to:from:forEvent:] + 83
frame #7: 0x000000011f4ebfc9 UIKitCore`-[UIControl sendAction:to:forEvent:] + 67
frame #8: 0x000000011f4ec2e6 UIKitCore`-[UIControl _sendActionsForEvents:withEvent:] + 450
frame #9: 0x000000011f4eb22a UIKitCore`-[UIControl touchesEnded:withEvent:] + 583
frame #10: 0x000000010b511f2c Chromium`-[MDCButton touchesEnded:withEvent:](self=0x00007fb13aa54930, _cmd="touchesEnded:withEvent:", touches=1 element, event=0x00006000006ed050) at MDCButton.m:323
frame #11: 0x000000011fbc5c54 UIKitCore`-[UIWindow _sendTouchesForEvent:] + 2729
frame #12: 0x000000011fbc7350 UIKitCore`-[UIWindow sendEvent:] + 4080
frame #13: 0x000000011f3cdfec UIKitCore`-[UIApplication sendEvent:] + 352
frame #14: 0x000000011f3062ac UIKitCore`__dispatchPreprocessedEventFromEventQueue + 3024
frame #15: 0x000000011f308ece UIKitCore`__handleEventQueueInternal + 5948
frame #16: 0x0000000118979b31 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #17: 0x00000001189793a3 CoreFoundation`__CFRunLoopDoSources0 + 243
frame #18: 0x0000000118973a4f CoreFoundation`__CFRunLoopRun + 1263
frame #19: 0x0000000118973221 CoreFoundation`CFRunLoopRunSpecific + 625
frame #20: 0x0000000124a051dd GraphicsServices`GSEventRunModal + 62
frame #21: 0x000000011f3b22f1 UIKitCore`UIApplicationMain + 140
frame #22: 0x0000000109e2b4b3 Chromium`(anonymous namespace)::RunUIApplicationMain(argc=1, argv=0x00007ffee5dd5148) at chrome_exe_main.mm:54
frame #23: 0x0000000109e2af81 Chromium`main(argc=1, argv=0x00007ffee5dd5148) at chrome_exe_main.mm:78
frame #24: 0x0000000121e695cd libdyld.dylib`start + 1
frame #25: 0x0000000121e695cd libdyld.dylib`start + 1
,
Oct 1
,
Oct 1
,
Oct 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0823d6a7da29d15b588d95faa0f425d95f9375d1 commit 0823d6a7da29d15b588d95faa0f425d95f9375d1 Author: Scott Wu <scottwu@chromium.org> Date: Tue Oct 02 02:41:17 2018 Add null check to prevent crash when saving password. This check is needed since iOS Chrome is returning nullptr in GetPasswordAutofillManager() https://cs.chromium.org/chromium/src/ios/chrome/browser/passwords/ios_chrome_password_manager_driver.mm Bug: 890655 Change-Id: I33951b54d0e618f861284df7aeabcbf3d9e1681b Reviewed-on: https://chromium-review.googlesource.com/1253164 Commit-Queue: Scott Wu <scottwu@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#595702} [modify] https://crrev.com/0823d6a7da29d15b588d95faa0f425d95f9375d1/components/password_manager/core/browser/password_manager.cc
,
Oct 2
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by scottwu@chromium.org
, Oct 1