Oxide

browser crashes when attaching photo in gmail

Bug #1349510 reported by Bill Filler on 2014-07-28

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Oxide	Fix Released	Critical	Chris Coulson	Oxide branch-1.2
1.1	Fix Released	Critical	Chris Coulson	Oxide 1.1.2
content-hub	Invalid	Undecided	Michael Sheldon
webbrowser-app	Invalid	High	Olivier Tilloy

Bug Description

build 154

- Save the attached photo in the bug into your ~Pictures directory on the phone
- Open gmail in the browser (or as a webbapp, doesn't make a different)
- Compose a new gmail message
- press the attach button
- select the photo under test in the gallery
- the browser is shown briefly then crashes

NOTE:
the browser only seems to crash with a bunch of photos that I copied to the device, all of their size is 2.1mb. So it may be size related. Or noticing now the orientation of the photo appears rotated when viewing on the desktop, so maybe something about the orientation? Photos taken with the camera work fine.

Tags:

Related branches

lp:~oxide-developers/oxide/oxide.trunk

lp:~oxide-developers/oxide/packaging.utopic

lp:oxide/1.1

lp:~oxide-developers/oxide/packaging.trusty

Revision history for this message

Bill Filler (bfiller) wrote on 2014-07-28:

IMG_0916.JPG Edit (2.2 MiB, image/jpeg)

Revision history for this message

Bill Filler (bfiller) wrote on 2014-07-28:

this is error in browser log before the crash:

[0728/131359:ERROR:render_process_host_impl.cc(1437)] bad message 65594 terminating renderer.

Changed in webbrowser-app:
importance:	Undecided → High
assignee:	nobody → Olivier Tilloy (osomon)
Changed in content-hub:
assignee:	nobody → Michael Sheldon (michael-sheldon)

Revision history for this message

Olivier Tilloy (osomon) wrote on 2014-07-28:

Download full text (3.8 KiB)

This is the backtrace of the webbrowser-app crash:

#0 content::RenderWidgetHostImpl::WasHidden (this=0x0)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:506
#1 0xadada442 in oxide::RenderWidgetHostView::WasHidden (this=0xb7d262a8)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:192
#2 0xadada61e in oxide::RenderWidgetHostView::~RenderWidgetHostView (
    this=0xb7d262a8, __in_chrg=<optimized out>)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:548
#3 0xadada750 in oxide::RenderWidgetHostView::~RenderWidgetHostView (
    this=0xb7d262a8, __in_chrg=<optimized out>)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:549
#4 0xaf1bd4d6 in content::RenderWidgetHostImpl::RendererExited (
    this=this@entry=0xb7c7b670,
    status=base::TERMINATION_STATUS_PROCESS_WAS_KILLED,
    exit_code=exit_code@entry=15)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:1210
#5 0xaf1b22a8 in content::RenderViewHostImpl::OnRenderProcessGone (
    this=0xb7c7b668, status=2, exit_code=15)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:1139
#6 0xaf1b8d4e in DispatchToMethod<content::RenderViewHostImpl, void (content::RenderViewHostImpl::*)(int, int), int, int> (arg=..., method=
    (void (content::RenderViewHostImpl::*)(content::RenderViewHostImpl * const, int, int)) 0xaf1b227d <content::RenderViewHostImpl::OnRenderProcessGone(int, int)>, obj=0xb7c7b668) at ../../../../third_party/chromium/src/base/tuple.h:555
#7 Dispatch<content::RenderViewHostImpl, content::RenderViewHostImpl, void, void (content::RenderViewHostImpl::*)(int, int)> (sender=<optimized out>,
    parameter=0x0, func=
    (void (content::RenderViewHostImpl::*)(content::RenderViewHostImpl * const, int, int)) 0xaf1b227d <content::RenderViewHostImpl::OnRenderProcessGone(int, int)>, obj=0xb7c7b668, msg=0xbeeceef4)
    at ../../../../third_party/chromium/src/content/common/view_messages.h:1075
#8 content::RenderViewHostImpl::OnMessageReceived (this=0xb7c7b668, msg=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:977
#9 0xaf1b1036 in content::RenderProcessHostImpl::ProcessDied (
    this=0xb7c4a138, already_dead=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_process_host_impl.cc:1939
#10 0xadb1dab6 in Run (this=0xbeecf060)
    at ../../../../third_party/chromium/src/base/callback.h:401
#11 base::MessageLoop::RunTask (this=this@entry=0xb7a29430, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:450
#12 0xadb1e046 in base::MessageLoop::DeferOrRunPendingTask (
    this=this@entry=0xb7a29430, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:462
#13 0xadb1fe74 in base::MessageLoop::DoWork (this=0xb7a29430)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:576
#14 0xadabbc9c in oxide::qt::MessagePump::customEvent (this=0xb7a288a0,
    event=<optimized out>)
    at ../.....

This is the backtrace of the webbrowser-app crash:

#0  content::RenderWidgetHostImpl::WasHidden (this=0x0)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:506
#1  0xadada442 in oxide::RenderWidgetHostView::WasHidden (this=0xb7d262a8)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:192
#2  0xadada61e in oxide::RenderWidgetHostView::~RenderWidgetHostView (
    this=0xb7d262a8, __in_chrg=<optimized out>)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:548
#3  0xadada750 in oxide::RenderWidgetHostView::~RenderWidgetHostView (
    this=0xb7d262a8, __in_chrg=<optimized out>)
    at ../../../../shared/browser/oxide_render_widget_host_view.cc:549
#4  0xaf1bd4d6 in content::RenderWidgetHostImpl::RendererExited (
    this=this@entry=0xb7c7b670, 
    status=base::TERMINATION_STATUS_PROCESS_WAS_KILLED, 
    exit_code=exit_code@entry=15)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:1210
#5  0xaf1b22a8 in content::RenderViewHostImpl::OnRenderProcessGone (
    this=0xb7c7b668, status=2, exit_code=15)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:1139
#6  0xaf1b8d4e in DispatchToMethod<content::RenderViewHostImpl, void (content::RenderViewHostImpl::*)(int, int), int, int> (arg=..., method=
    (void (content::RenderViewHostImpl::*)(content::RenderViewHostImpl * const, int, int)) 0xaf1b227d <content::RenderViewHostImpl::OnRenderProcessGone(int, int)>, obj=0xb7c7b668) at ../../../../third_party/chromium/src/base/tuple.h:555
#7  Dispatch<content::RenderViewHostImpl, content::RenderViewHostImpl, void, void (content::RenderViewHostImpl::*)(int, int)> (sender=<optimized out>, 
    parameter=0x0, func=
    (void (content::RenderViewHostImpl::*)(content::RenderViewHostImpl * const, int, int)) 0xaf1b227d <content::RenderViewHostImpl::OnRenderProcessGone(int, int)>, obj=0xb7c7b668, msg=0xbeeceef4)
    at ../../../../third_party/chromium/src/content/common/view_messages.h:1075
#8  content::RenderViewHostImpl::OnMessageReceived (this=0xb7c7b668, msg=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_view_host_impl.cc:977
#9  0xaf1b1036 in content::RenderProcessHostImpl::ProcessDied (
    this=0xb7c4a138, already_dead=<optimized out>)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_process_host_impl.cc:1939
#10 0xadb1dab6 in Run (this=0xbeecf060)
    at ../../../../third_party/chromium/src/base/callback.h:401
#11 base::MessageLoop::RunTask (this=this@entry=0xb7a29430, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:450
#12 0xadb1e046 in base::MessageLoop::DeferOrRunPendingTask (
    this=this@entry=0xb7a29430, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:462
#13 0xadb1fe74 in base::MessageLoop::DoWork (this=0xb7a29430)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:576
#14 0xadabbc9c in oxide::qt::MessagePump::customEvent (this=0xb7a288a0, 
    event=<optimized out>)
    at ../../../../qt/core/browser/oxide_qt_message_pump.cc:60
#15 0xb6da1064 in QObject::event(QEvent*) ()
   from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
#16 0xb60829a4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#17 0xb608613a in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
Backtrace stopped: Cannot access memory at address 0x2d4ff0e0

The real issue is that the renderer process was terminated. However the browser app shouldn’t crash when that happens. The above stacktrace looks very much like bug #1337338, which I’ll re-open.

Changed in webbrowser-app:
status:	New → Confirmed
Changed in oxide:
status:	New → Confirmed
assignee:	nobody → Chris Coulson (chrisccoulson)

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2014-07-28:

The browser crash is bug 1337338, but the real problem here is that the renderer is terminated because it sent a message that can't be serialized (from comment 2):

[0728/131359:ERROR:render_process_host_impl.cc(1437)] bad message 65594 terminating renderer.

Message 65594 is OxideHostMsg_GetUserAgentOverride. My guess is that the renderer is sending a URL that exceeds 2*1024*1024 characters, which is the limit at which the GURL ParamTraits specialization will fail to serialize the url parameter required for determining the navigator.userAgent override for the page

Changed in webbrowser-app:
status:	Confirmed → Invalid
Changed in oxide:
importance:	Undecided → Critical
milestone:	none → branch-1.2
status:	Confirmed → Triaged

Chris Coulson (chrisccoulson) on 2014-07-28

Changed in content-hub:
status:	New → Invalid

Allan LeSage (allanlesage) on 2014-07-30

tags:

added: qa-daily-testing qa-touch rtm14

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2014-07-31:

With Oxide 1.1.1 in the phablet-team PPA, this is no longer a browser crash (but the original problem that causes the renderer to crash is still there)

Chris Coulson (chrisccoulson) on 2014-08-12