Browser crashes if tab is closed during directory scan for folder upload
Reported by
ivan@ludios.org,
Dec 19
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Steps to reproduce the problem: 1. Have at least one other tab open. 2. Visit https://ludios.org/tmp/upload_folder.html or your own test page with <input type="file" webkitdirectory mozdirectory> 3. Click "Choose File" and select a folder with thousands of files or more, where the directory listings are not already cached in memory. A folder on HDD storage will work better, but this is not strictly necessary. 4. Immediately close the tab, before Chrome shows the "Upload N files to this site?" confirmation dialog. 5. Keep waiting for Chrome to finish scanning the directory; Chrome will then always crash. What is the expected behavior? What went wrong? Whole-browser crash Crashed report ID: 33344fda443222ef How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 73.0.3642.0 Channel: dev OS Version: 73.0.3642.0 Flash Version: This affects Windows, macOS, and Linux. Crash IDs: Windows 10 1803 / Chrome Version 73.0.3642.0 (Official Build) dev (64-bit) Uploaded Crash Report ID 33344fda443222ef (Local Crash ID: 0cb4aa86-ee75-4145-8a45-c6671ecf4f64) Crash report captured on Wednesday, December 19, 2018 at 1:09:07 PM, uploaded on Wednesday, December 19, 2018 at 1:09:17 PM macOS 10.13.6 / Chrome Version 73.0.3645.0 (Official Build) canary (64-bit) Uploaded Crash Report ID 889abe65a9280532 (Local Crash ID: a392c5ee-76fb-4306-b406-b88e9df53389) Crash report captured on Wednesday, December 19, 2018 at 1:15:52 PM, uploaded on Wednesday, December 19, 2018 at 1:15:53 PM Linux / Chrome Version 71.0.3578.98 (Official Build) (64-bit) also crashes.
,
Dec 19
,
Dec 20
0x000000010b75cc77 (Google Chrome Framework -web_contents_user_data.h:52 ) constrained_window::ShowWebModalDialogViews(views::WidgetDelegate*, content::WebContents*) 0x000000010b598783 (Google Chrome Framework -folder_upload_confirmation_view.cc:52 ) FolderUploadConfirmationView::ShowDialog(base::FilePath const&, base::OnceCallback<void (std::__1::vector<ui::SelectedFileInfo, std::__1::allocator<ui::SelectedFileInfo> > const&)>, std::__1::vector<ui::SelectedFileInfo, std::__1::allocator<ui::SelectedFileInfo> >, content::WebContents*) 0x000000010b598a3b (Google Chrome Framework -folder_upload_confirmation_view.cc:103 ) ShowFolderUploadConfirmationDialog(base::FilePath const&, base::OnceCallback<void (std::__1::vector<ui::SelectedFileInfo, std::__1::allocator<ui::SelectedFileInfo> > const&)>, std::__1::vector<ui::SelectedFileInfo, std::__1::allocator<ui::SelectedFileInfo> >, content::WebContents*) 0x000000010883dc0d (Google Chrome Framework -file_select_helper.cc:250 ) FileSelectHelper::LaunchConfirmationDialog(base::FilePath const&, std::__1::vector<ui::SelectedFileInfo, std::__1::allocator<ui::SelectedFileInfo> >) 0x000000010883e059 (Google Chrome Framework -file_select_helper.cc:269 ) FileSelectHelper::OnListDone(int)
,
Jan 3
,
Jan 3
,
Jan 3
,
Jan 4
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/088a341f7d0a9110b2cca2f8803b7bbe006f0dc4 commit 088a341f7d0a9110b2cca2f8803b7bbe006f0dc4 Author: Collin Baker <collinbaker@chromium.org> Date: Fri Jan 04 23:27:19 2019 Fix crash when tab is closed during folder upload FileSelectHelper::OnListDone(), which is called when directory listing is complete, launches an upload confirmation dialog associated with the WebContents the upload request originated from. It does not consider the case where the WebContents has been destroyed. FileSelectHelper already handles the WebContentsDestroyed message, and sets its web_contents_ member to null accordingly. All that needs to be done is cleanup and an early return in OnListDone() if web_contents_ is null. Bug: 916529 Change-Id: Ic362c42a72a2c83bf21ad798d4b05c080c4b972f Reviewed-on: https://chromium-review.googlesource.com/c/1395138 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Collin Baker <collinbaker@chromium.org> Cr-Commit-Position: refs/heads/master@{#620104} [modify] https://crrev.com/088a341f7d0a9110b2cca2f8803b7bbe006f0dc4/chrome/browser/file_select_helper.cc
,
Jan 7
Tried reproducing the issue on chrome reported version# 73.0.3642.0 using Windows-10 with steps mentioned below: 1) Launched chrome reported version and navigated to URL: https://ludios.org/tmp/upload_folder.html 2) Clicked on 'Choose File' and selected the folder which has 1300 files in it and clicked on 'Upload' 3) Immediately after clicking on 'Upload' option, seen "Upload 1300 files to this site?" pop-up on the screen Collin Baker/ivan@ludios.org@ Please find above mentioned information and attached screencast for your reference. Could you please try to test this issue on latest chrome# 73.0.3664.0 and help us in verifying the fix. Thanks!
,
Jan 7
This is easier to test by selecting a folder with a large nested directory tree with e.g. 100K files, because the child folders won't all be in the OS cache. I verified this is fixed in Version 73.0.3664.0 (Official Build) canary (64-bit) on Windows 10.
,
Jan 7
I forgot to mark this fixed on Friday. But yeah, that folder wasn't large enough to reproduce the issue. It has to be large enough for the confirmation pop-up to not immediately show. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by dtapu...@chromium.org
, Dec 19