Oxide

Crash when visiting a page that requests geolocation

Bug #1267543 reported by Olivier Tilloy
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Oxide
Fix Released
High
Olivier Tilloy

Bug Description

The following QML code crashes while rendering when launched with qmlscene:

    import QtQuick 2.0
    import com.canonical.Oxide 0.1
    WebView {
        width: 800
        height: 600
        url: "http://html5demos.com/geo"
    }

Related branches

lp:~osomon/oxide/fix-geolocation-crash
Chris Coulson: Pending requested
Diff: 180 lines (+121/-0)
7 files modified
qt/tests/qmltests/crash/geolocation.html (+7/-0)
qt/tests/qmltests/crash/tst_bug1267543.qml (+22/-0)
shared/browser/oxide_access_token_store.cc (+42/-0)
shared/browser/oxide_access_token_store.h (+41/-0)
shared/browser/oxide_content_browser_client.cc (+5/-0)
shared/browser/oxide_content_browser_client.h (+2/-0)
shared/shared.gyp (+2/-0)
Revision history for this message
Olivier Tilloy (osomon) wrote :
Download full text (3.3 KiB)

This is the backtrace:

#0 content::LocationArbitratorImpl::StartProviders (this=0x7fff58001780, use_high_accuracy=false)
    at chromium/src/content/browser/geolocation/location_arbitrator_impl.cc:63
#1 0x00007fffbeb23369 in content::GeolocationProviderImpl::StartProviders (this=0x7fff84080660,
    use_high_accuracy=false) at chromium/src/content/browser/geolocation/geolocation_provider_impl.cc:186
#2 0x00007fffbeb26cf2 in base::internal::RunnableAdapter<void (content::GeolocationProviderImpl::*)(bool)>::Run (
    this=0x7fff653714a0, object=0x7fff84080660, a1=@0x7fff84094388: false) at chromium/src/base/bind_internal.h:190
#3 0x00007fffbeb2697a in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (content::GeolocationProviderImpl::*)(bool)>, void (content::GeolocationProviderImpl*, bool const&)>::MakeItSo(base::internal::RunnableAdapter<void (content::GeolocationProviderImpl::*)(bool)>, content::GeolocationProviderImpl*, bool const&) (
    runnable=..., a1=0x7fff84080660, a2=@0x7fff84094388: false) at chromium/src/base/bind_internal.h:898
#4 0x00007fffbeb262fd in base::internal::Invoker<2, base::internal::BindState<base::internal::RunnableAdapter<void (content::GeolocationProviderImpl::*)(bool)>, void (content::GeolocationProviderImpl*, bool), void (base::internal::UnretainedWrapper<content::GeolocationProviderImpl>, bool)>, void (content::GeolocationProviderImpl*, bool)>::Run(base::internal::BindStateBase*) (base=0x7fff84094360) at chromium/src/base/bind_internal.h:1253
#5 0x00007fffba722f98 in base::Callback<void ()>::Run() const (this=0x7fff65371808)
    at chromium/src/base/callback.h:401
#6 0x00007fffba7bb0e8 in base::MessageLoop::RunTask (this=0x7fff58000940, pending_task=...)
    at chromium/src/base/message_loop/message_loop.cc:511
#7 0x00007fffba7bb216 in base::MessageLoop::DeferOrRunPendingTask (this=0x7fff58000940, pending_task=...)
    at chromium/src/base/message_loop/message_loop.cc:523
#8 0x00007fffba7bb766 in base::MessageLoop::DoWork (this=0x7fff58000940)
    at chromium/src/base/message_loop/message_loop.cc:637
#9 0x00007fffba7ca2f5 in base::MessagePumpDefault::Run (this=0x7fff58000cf0, delegate=0x7fff58000940)
    at chromium/src/base/message_loop/message_pump_default.cc:32
#10 0x00007fffba7bac16 in base::MessageLoop::RunInternal (this=0x7fff58000940)
    at chromium/src/base/message_loop/message_loop.cc:461
#11 0x00007fffba7baabc in base::MessageLoop::RunHandler (this=0x7fff58000940)
    at chromium/src/base/message_loop/message_loop.cc:433
#12 0x00007fffba81bc8a in base::RunLoop::Run (this=0x7fff65371c50) at chromium/src/base/run_loop.cc:47
#13 0x00007fffba7ba1f8 in base::MessageLoop::Run (this=0x7fff58000940)
    at chromium/src/base/message_loop/message_loop.cc:321
#14 0x00007fffba86cd08 in base::Thread::Run (this=0x7fff84080668, message_loop=0x7fff58000940)
    at chromium/src/base/threading/thread.cc:172
#15 0x00007fffba86cf5f in base::Thread::ThreadMain (this=0x7fff84080668) at chromium/src/base/threading/thread.cc:225
#16 0x00007fffba85a608 in base::(anonymous namespace)::ThreadFunc (params=0x7fff9cb25960)
    at chromium/src/base/threading/platform_thread_posix.cc:80
#17 0x...

Read more...

Revision history for this message
Olivier Tilloy (osomon) wrote :

The crash happens because GetAccessTokenStore()’s default implementation returns NULL.
We need to override ContentBrowserClient::CreateAccessTokenStore() in shared/browser/oxide_content_browser_client.h to instantiate a concrete implementation of an access token store.

Changed in oxide:
assignee: nobody → Olivier Tilloy (osomon)
Olivier Tilloy (osomon)
Changed in oxide:
status: New → In Progress
Revision history for this message
Olivier Tilloy (osomon) wrote :

Blocked on the availability of a system request context (see bug #1268898).

Changed in oxide:
status: In Progress → Triaged
David Barth (dbarth)
tags: added: desktop webapp-container
Olivier Tilloy (osomon)
Changed in oxide:
importance: Undecided → High
Olivier Tilloy (osomon)
Changed in oxide:
status: Triaged → In Progress
Revision history for this message
Bill Filler (bfiller) wrote :

maps.google.com will cause the crash

Olivier Tilloy (osomon)
Changed in oxide:
status: In Progress → Fix Committed
Chris Coulson (chrisccoulson)
Changed in oxide:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.