Issue 548912 in chromium: Stack overflow when updating cursor on a page with <webview> with --site-per-process
1 view
Skip to first unread message
chro...@googlecode.com
Oct 28, 2015, 9:35:14 PM10/28/15
to chromi...@chromium.org
Status: Assigned
Owner: ke...@chromium.org
CC: alex...@chromium.org
Labels: Type-Bug Pri-2 Cr-Internals-Sandbox-SiteIsolation OS-All
New issue 548912 by alex...@chromium.org: Stack overflow when updating
cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912
What steps will reproduce the problem?
1. Install a sample webview app ("multi-tabbed browser") from
https://chrome.google.com/webstore/detail/multi-tabbed-browser/nfcmophndjlljioblddmepjbcfnocnak
2. Run Chrome with --site-per-process and launch the new app. By default,
it opens google.com via a <webview> tag.
3. Hover over the Google search box in the middle of the page.
This leads to a crash in the browser process:
Program received signal SIGSEGV, Segmentation fault.
base::internal::scoped_ptr_impl<content::ContentMainRunner,
base::DefaultDeleter<content::ContentMainRunner> >::get (this=<error
reading variable: Cannot access memory at address 0x7fffff7feff8>)
at ../../base/memory/scoped_ptr.h:241
241 T* get() const { return data_.ptr; }
#0 base::internal::scoped_ptr_impl<content::ContentMainRunner,
base::DefaultDeleter<content::ContentMainRunner> >::get (this=<error
reading variable: Cannot access memory at address 0x7fffff7feff8>)
at ../../base/memory/scoped_ptr.h:241
#1 std::string::data (this=)
at
/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/basic_string.h:1811
#2 content::RenderFrameHostManager::current_frame_host (this=)
at ../../content/browser/frame_host/render_frame_host_manager.h:216
#3 content::FrameTreeNode::current_frame_host (this=)
at ../../content/browser/frame_host/frame_tree_node.h:151
#4 content::CrossProcessFrameConnector::GetRootRenderWidgetHostView (this=)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:231
#5 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:168
#6 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#7 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#8 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#9 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#10 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#11 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#12 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
...
It looks like GetRootRenderWidgetHostView keeps returning the same
RenderWidgetHostViewChildFrame. Ken, any ideas on how this is possible?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ke...@chromium.org
CC: alex...@chromium.org
Labels: Type-Bug Pri-2 Cr-Internals-Sandbox-SiteIsolation OS-All
New issue 548912 by alex...@chromium.org: Stack overflow when updating
cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912
What steps will reproduce the problem?
1. Install a sample webview app ("multi-tabbed browser") from
https://chrome.google.com/webstore/detail/multi-tabbed-browser/nfcmophndjlljioblddmepjbcfnocnak
2. Run Chrome with --site-per-process and launch the new app. By default,
it opens google.com via a <webview> tag.
3. Hover over the Google search box in the middle of the page.
This leads to a crash in the browser process:
Program received signal SIGSEGV, Segmentation fault.
base::internal::scoped_ptr_impl<content::ContentMainRunner,
base::DefaultDeleter<content::ContentMainRunner> >::get (this=<error
reading variable: Cannot access memory at address 0x7fffff7feff8>)
at ../../base/memory/scoped_ptr.h:241
241 T* get() const { return data_.ptr; }
#0 base::internal::scoped_ptr_impl<content::ContentMainRunner,
base::DefaultDeleter<content::ContentMainRunner> >::get (this=<error
reading variable: Cannot access memory at address 0x7fffff7feff8>)
at ../../base/memory/scoped_ptr.h:241
#1 std::string::data (this=)
at
/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/basic_string.h:1811
#2 content::RenderFrameHostManager::current_frame_host (this=)
at ../../content/browser/frame_host/render_frame_host_manager.h:216
#3 content::FrameTreeNode::current_frame_host (this=)
at ../../content/browser/frame_host/frame_tree_node.h:151
#4 content::CrossProcessFrameConnector::GetRootRenderWidgetHostView (this=)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:231
#5 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:168
#6 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#7 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#8 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#9 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#10 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
#11 content::CrossProcessFrameConnector::UpdateCursor (this=, cursor=...)
at ../../content/browser/frame_host/cross_process_frame_connector.cc:170
#12 content::RenderWidgetHostViewChildFrame::UpdateCursor (this=,
cursor=...)
at ../../content/browser/frame_host/render_widget_host_view_child_frame.cc:166
...
It looks like GetRootRenderWidgetHostView keeps returning the same
RenderWidgetHostViewChildFrame. Ken, any ideas on how this is possible?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
chro...@googlecode.com
Oct 29, 2015, 4:06:45 PM10/29/15
to chromi...@chromium.org
Updates:
Status: Started
Comment #2 on issue 548912 by ke...@chromium.org: Stack overflow when
Status: Started
Comment #2 on issue 548912 by ke...@chromium.org: Stack overflow when
updating cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912
(No comment was entered for this change.)
https://code.google.com/p/chromium/issues/detail?id=548912
chro...@googlecode.com
Oct 29, 2015, 8:04:13 PM10/29/15
to chromi...@chromium.org
Comment #3 on issue 548912 by bugd...@chromium.org: Stack overflow when
updating cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912#c3
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/6dca6cf96d346d5a8868ab79746ad539e9880e51
commit 6dca6cf96d346d5a8868ab79746ad539e9880e51
Author: alexmos <ale...@chromium.org>
Date: Thu Oct 29 23:39:49 2015
Disable WebViewTest.InterstitialTeardown(OnBrowserShutdown) on Site
Isolation FYI bots.
BUG=548912
Review URL: https://codereview.chromium.org/1421733004
Cr-Commit-Position: refs/heads/master@{#356984}
[modify]
http://crrev.com/6dca6cf96d346d5a8868ab79746ad539e9880e51/testing/buildbot/chromium.fyi.json
chro...@googlecode.com
Nov 2, 2015, 10:22:23 AM11/2/15
to chromi...@chromium.org
Comment #4 on issue 548912 by bugd...@chromium.org: Stack overflow when
updating cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912#c4
The following revision refers to this bug:
commit 29e91242fd0e1db2632ac1a0f83d645080ce20d4
Author: kenrb <ke...@chromium.org>
Date: Mon Nov 02 15:20:13 2015
Correctly find root RWHV from a nested WebContents
CrossProcessFrameConnector::GetRootRenderWidgetHostView() does not
traverse up through a tree of WebContents, which results in infinite
recursion. This adds a check for whether the current WebContents is
nested, and returns the root of the outer WebContents if so.
BUG=548912
R=na...@chromium.org
Review URL: https://codereview.chromium.org/1420203007
Cr-Commit-Position: refs/heads/master@{#357355}
[modify]
http://crrev.com/29e91242fd0e1db2632ac1a0f83d645080ce20d4/content/browser/frame_host/cross_process_frame_connector.cc
[modify]
http://crrev.com/29e91242fd0e1db2632ac1a0f83d645080ce20d4/content/browser/frame_host/render_frame_host_manager.cc
[modify]
http://crrev.com/29e91242fd0e1db2632ac1a0f83d645080ce20d4/content/browser/frame_host/render_frame_host_manager.h
chro...@googlecode.com
Nov 4, 2015, 2:30:30 PM11/4/15
to chromi...@chromium.org
Comment #6 on issue 548912 by cr...@chromium.org: Stack overflow when
updating cursor on a page with <webview> with --site-per-process
https://code.google.com/p/chromium/issues/detail?id=548912
Ken, can you also re-enable the
https://code.google.com/p/chromium/issues/detail?id=548912
WebViewTest.InterstitialTeardown(OnBrowserShutdown) tests now that this is
fixed? (See comment 3.)
Reply all
Reply to author
Forward
0 new messages