Crash when accepting empty file string for upload

Bug #1352952 reported by Michael Sheldon on 2014-08-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Undecided
Olivier Tilloy

Bug Description

If oxide's FilePicker is passed an empty string to upload (e.g. by an app not providing the file URL correctly to content-hub) it crashes.

This can be reproduced by simply adding 'model.accept([""])' to the onCompleted function in webbrowser-app's ContentPeerPicker and then attempting a file upload.

Related branches

Olivier Tilloy (osomon) wrote :

I can reliably reproduce the issue with the following simple QML scene:

    import QtQuick 2.0
    import com.canonical.Oxide 1.0

    WebView {
        width: 800
        height: 600

        url: "http://www.wufoo.com/html5/attributes/07-accept.html"

        filePicker: Item {
            Component.onCompleted: model.accept([""])
        }
    }

Changed in oxide:
status: New → Confirmed
Olivier Tilloy (osomon) wrote :
Download full text (3.9 KiB)

Here is the backtrace I’m getting:

#0 0x00007ffff5cabf79 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff5caf388 in __GI_abort () at abort.c:89
#2 0x00007fffcc64bc49 in base::debug::BreakDebugger() ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#3 0x00007fffcc672305 in logging::LogMessage::~LogMessage() ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#4 0x00007fffce8dc257 in content::RenderProcessHostImpl::ReceivedBadMessage() [clone .part.62] ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#5 0x00007fffce8dceb5 in content::RenderProcessHostImpl::ReceivedBadMessage() ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#6 0x00007fffce8ebcc7 in content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&) [clone .part.128] ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#7 0x00007fffce8e1e91 in content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) [clone .part.212] ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#8 0x00007fffccbe0382 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#9 0x00007fffcc679af3 in base::MessageLoop::RunTask(base::PendingTask const&) ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#10 0x00007fffcc67a0a1 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#11 0x00007fffcc67d255 in base::MessageLoop::DoWork() ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#12 0x00007fffcc5ef91a in oxide::qt::MessagePump::customEvent(QEvent*) ()
   from /home/osomon/dev/phablet/oxide/trunk/objdir-x64-release/out/chromium/Release/lib/libOxideQtCore.so.0
#13 0x00007ffff79c42ad in QObject::event (this=0xdcbbe0, e=<optimized out>) at kernel/qobject.cpp:1169
#14 0x00007ffff799befd in QCoreApplication::notify (this=<optimized out>, receiver=<optimized out>,
    event=<optimized out>) at kernel/qcoreapplication.cpp:943
#15 0x00007ffff799bc2d in QCoreApplication::notifyInternal (this=0x7fffffffda90, receiver=0xdcbbe0, event=event@entry=
    0x7fff8c09be10) at kernel/qcoreapplication.cpp:881
#16 0x00007ffff799de07 in sendEvent (event=0x7fff8c09be10, receiver=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:232
#17 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0,
    data=0x607100) at kernel/qcoreapplication.cpp:1485
#18 0x00007ffff799e433 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0,
    event_typ...

Read more...

Olivier Tilloy (osomon) on 2014-08-05
Changed in oxide:
assignee: nobody → Olivier Tilloy (osomon)
status: Confirmed → In Progress
Olivier Tilloy (osomon) on 2014-08-12
Changed in oxide:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers