Regression: PDF Viewer extension crashes on reloading PDF page.
Reported by
aiman.an...@etouch.net,
Oct 25
|
||||
Issue descriptionChrome Version: 72.0.3591.0 (Official Build) Revision 148434e1b31c81381aec3e1346c9bf7954de39d6-refs/branch-heads/3591@{#1} (32/64-bit) OS: Win(7,8,8.1,10), Mac(10.13.1, 10.13.6, 10.14.1). Pre-Condition: Install extension from https://chrome.google.com/webstore/detail/pdf-viewer/oemmndcbldboiebfnladdacbdfmadadm?hl=en Test URL: http://cb.vu/unixtoolbox.pdf Steps to reproduce: 1. Launch chrome, click on extension icon in omnibox and select Options from context menu. 2. On PDF Viewer extension option overlay and change first two drop-down options. 3. Navigate to above test url and observe Actual Result: PDF Viewer extension crashes on reloading PDF page. Expected Result: Extension should not crash reload on reloading pdf page. Crash Report ID 282f2a10f7be1323 (Local Crash ID: f4fc40e1-2784-4c93-a66d-4b8a33e87018) This is Regression issue seen in M-72, and will soon update other info. Good Build: 72.0.3590.0 Bad Build: 72.0.3591.0 Kindly refer attached screen-cast for reference. Thank You!
,
Oct 25
Stack trace for the crash id: ----------------------------- Thread 0 (id: 0x14b4) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000020 ] MAGIC SIGNATURE THREAD Stack Quality97%Show frame trust levels 0x000007fee1cbb8d0 (chrome_child.dll + 0x0086b8d0 ) BIO_get_data 0x000007fee150a674 (chrome_child.dll -web_string.cc:183 ) blink::WebString::operator AtomicString 0x000007fee1586ce4 (chrome_child.dll -web_local_frame_impl.cc:1681 ) blink::WebLocalFrameImpl::CreateMainFrame(blink::WebView *,blink::WebLocalFrameClient *,blink::InterfaceRegistry *,blink::WebFrame *,blink::WebString const &,blink::WebSandboxFlags) 0x000007fee1585ba0 (chrome_child.dll -render_frame_impl.cc:1272 ) content::RenderFrameImpl::CreateMainFrame(content::RenderViewImpl *,int,mojo::InterfacePtr<service_manager::mojom::InterfaceProvider>,int,bool,content::ScreenInfo const &,content::CompositorDependencies *,blink::WebFrame *,base::UnguessableToken const &,content::FrameReplicationState const &,bool) 0x000007fee1567847 (chrome_child.dll -render_view_impl.cc:537 ) content::RenderViewImpl::Initialize(mojo::StructPtr<content::mojom::CreateViewParams>,base::OnceCallback<void >,scoped_refptr<base::SingleThreadTaskRunner>) 0x000007fee156618b (chrome_child.dll -render_view_impl.cc:1035 ) content::RenderViewImpl::Create(content::CompositorDependencies *,mojo::StructPtr<content::mojom::CreateViewParams>,base::OnceCallback<void >,scoped_refptr<base::SingleThreadTaskRunner>) 0x000007fee15660dd (chrome_child.dll -render_thread_impl.cc:2117 ) content::RenderThreadImpl::CreateView(mojo::StructPtr<content::mojom::CreateViewParams>) 0x000007fee1522743 (chrome_child.dll -renderer.mojom.cc:946 ) content::mojom::RendererStubDispatch::Accept(content::mojom::Renderer *,mojo::Message *) 0x000007fee3968864 (chrome_child.dll -ipc_mojo_bootstrap.cc:877 ) IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptOnProxyThread 0x000007fee3966d39 (chrome_child.dll -bind_internal.h:671 ) base::internal::Invoker<base::internal::BindState<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::*)(mojo::Message),scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>,base::internal::PassedWrapper<mojo::Message> >,void ()>::Run 0x000007fee14a6d3f (chrome_child.dll -task_annotator.cc:99 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fee14fc4c1 (chrome_child.dll -thread_controller_impl.cc:196 ) base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) 0x000007fee14a6d3f (chrome_child.dll -task_annotator.cc:99 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fee14a65de (chrome_child.dll -message_loop.cc:547 ) base::MessageLoop::RunTask(base::PendingTask *) 0x000007fee14a0244 (chrome_child.dll -message_loop.cc:630 ) base::MessageLoop::DoWork() 0x000007fee14a0098 (chrome_child.dll -message_pump_default.cc:37 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x000007fee149f470 (chrome_child.dll -run_loop.cc:102 ) base::RunLoop::Run() 0x000007fee148312c (chrome_child.dll -renderer_main.cc:202 ) content::RendererMain(content::MainFunctionParams const &) 0x000007fee147cb62 (chrome_child.dll -content_main_runner_impl.cc:918 ) content::ContentMainRunnerImpl::Run(bool) 0x000007fee145497f (chrome_child.dll -main.cc:472 ) service_manager::Main(service_manager::MainParams const &) 0x000007fee1454584 (chrome_child.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x000007fee1451a0d (chrome_child.dll -chrome_main.cc:102 ) ChromeMain 0x000000013f53374b (chrome.exe -main_dll_loader_win.cc:201 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x000000013f5315ef (chrome.exe -chrome_exe_main_win.cc:229 ) wWinMain 0x000000013f607351 (chrome.exe -exe_common.inl:283 ) __scrt_common_main_seh 0x778459cc (KERNEL32.dll + 0x000159cc ) BaseThreadInitThunk 0x7797b980 (ntdll.dll + 0x0002b980 ) RtlUserThreadStart As this is recent regression adding release blocker label for this issue.Please reduce priority or remove if not the case. Thank You!
,
Oct 25
Did a bisect and ended up at https://chromium-review.googlesource.com/c/chromium/src/+/1297000 The stack trace is different from the one in comment #2 above, though. I kept getting: Received signal 11 SEGV_MAPERR 000000000020 #0 0x7f48ad0a553f base::debug::StackTrace::StackTrace() #1 0x7f48ad0a50b1 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7f48a32d30c0 <unknown> #3 0x7f48a5df4210 <unknown> #4 0x7f48a6584c7d blink::FrameTree::IsDescendantOf() #5 0x7f48a6130cc2 blink::LocalFrame::HasTransientUserActivation() #6 0x7f48ab211c03 content::RenderFrameImpl::WillSendRequest() #7 0x7f48a608c1e9 blink::LocalFrameClientImpl::DispatchWillSendRequest() #8 0x7f48a652c2d1 blink::FrameFetchContext::PrepareRequest() #9 0x7f48a4d8c95b blink::ResourceFetcher::PrepareRequest() #10 0x7f48a4d8ccb2 blink::ResourceFetcher::RequestResource() #11 0x7f48a6552916 blink::ImageResource::Fetch() #12 0x7f48a6555789 blink::ImageResourceContent::Fetch() #13 0x7f48a6539c8b blink::ImageLoader::DoUpdateFromElement() #14 0x7f48a653b5ef blink::ImageLoader::Task::Run() #15 0x7f48a653b7bb _ZN4base8internal7InvokerINS0_9BindStateIMN5blink11ImageLoader4TaskEFvvEJN3WTF13PassedWrapperINSt3__110unique_ptrIS5_NSA_14default_deleteIS5_EEEEEEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE #16 0x7f48a4bdb19a blink::MicrotaskFunctionCallback() #17 0x7f48a75337de v8::internal::Runtime_RunMicrotaskCallback() #18 0x7f48a777e8ae <unknown> The CL got reverted earlier today. This bug is a duplicate.
,
Oct 26
|
||||
►
Sign in to add a comment |
||||
Comment 1 by aiman.an...@etouch.net
, Oct 25Owner: mstensho@chromium.org
Status: Assigned (was: Unconfirmed)