New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 916904 link

Starred by 3 users
Status: Fixed
Owner:
harrisjay@chromium.org
Closed: Jan 7
Cc:
mgiuca@chromium.org
viswa.karala@chromium.org
dominickn@chromium.org
bgalbs@google.com
pcovell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Setting the badge in a PWA, opening in Chrome and setting the badge crashes Chrome

Project Member Reported by harrisjay@chromium.org, Dec 20 
Chrome Version: (copy from chrome://version)
OS: (e.g. Win10, MacOS 10.12, etc...)

What steps will reproduce the problem?
(1) Launch a PWA
(2) In the console, call Badge.set(1)
(3) From the 3 dots menu in the top right of the app menu, select "Open in Chrome(ium)"
(4) In the console, call Badge.set(1)

What is the expected result?

Nothing happens (Badges cannot be set when not in a hosted app window)

What happens instead?

The browser crashes

Introduced in: https://chromium-review.googlesource.com/c/chromium/src/+/1385726

Comment 1 by harrisjay@chromium.org, Dec 20 

This is caused because the browser window that the BadgeService is associated with changes when the web contents are moved from the hosted app to the browser window (the hosted app controller is destroyed, so we have a use after free)

Comment 2 by harrisjay@chromium.org, Dec 20

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Dec 20 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a0cd397aee006d848319e8f7aea5b3f3e1b5a267

commit a0cd397aee006d848319e8f7aea5b3f3e1b5a267
Author: Jay Harris <harrisjay@chromium.org>
Date: Thu Dec 20 23:43:18 2018

Fixes a use after free in the BadgeService

An instance of the badge service can be moved between different browsers
so we should find the delegate/hosted_app as needed instead of storing
them at instantiation.

Bug:  916904 
Change-Id: Ia91875f3342be0bb7b2e7dd1807efd2cdd36206c
Reviewed-on: https://chromium-review.googlesource.com/c/1385726
Commit-Queue: Jay Harris <harrisjay@chromium.org>
Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Cr-Commit-Position: refs/heads/master@{#618380}
[modify] https://crrev.com/a0cd397aee006d848319e8f7aea5b3f3e1b5a267/chrome/browser/badging/badge_service_impl.cc
[modify] https://crrev.com/a0cd397aee006d848319e8f7aea5b3f3e1b5a267/chrome/browser/badging/badge_service_impl.h

Comment 4 by viswa.karala@chromium.org, Dec 21

Cc: -mgiuca@chromium.org mgi...@chromium.orgviswa
Labels: Needs-Feedback
Tried testing the issue on chrome version# 73.0.3645.0 using Windows-10 with steps mentioned below:
1) Launched chrome version and launched PWA(URL: https://killer-marmot.appspot.com/web)
2) In console entered Badge.set(1), seen Uncaught ReferenceError: Badge is not defined
3) On PWA clicked on three dot menu and selected 'open in chrome'
4) In console entered Badge.set(1), seen Uncaught ReferenceError: Badge is not defined

Jay Harris@ Could you please find the attached screencast and above mentioned information and let us know if we missed anything in reproducing the issue and help us in verifying the fix.

Thanks!
916904.mp4
2.2 MB View Download

Comment 5 by viswa.karala@chromium.org, Dec 21

Cc: -mgi...@chromium.orgviswa mgiuca@chromium.org viswa.karala@chromium.org

Comment 6 by harrisjay@chromium.org, Jan 7

Labels: -Needs-Feedback
Status: Fixed (was: Started)
Sorry, this has already been fixed.

Sign in to add a comment