[webapp-container] Crash with open context menu

Bug #1501330 reported by Michael Terry on 2015-09-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Critical
David Barth
Oxide
High
Alexandre Abreu
webbrowser-app (Ubuntu)
Critical
Olivier Tilloy

Bug Description

I'm able to reliably crash/freeze webapp-container on the phone.

1) Open to a page with links
2) Hold down your finger over one of the links until you see the "Copy link" popup menu
3) While still pressing down, swipe up and down a bit

For me, this will cause the app to crash or freeze, depending on how it's feeling that moment.

webbrowser-app itself doesn't seem affected by those specific steps (though it has a different context menu anyway). I *have* seen it freeze on me. I just don't know what I did.

current build number: 123
device name: mako
channel: ubuntu-touch/rc-proposed/bq-aquaris.en
last update: 2015-09-29 10:56:11
version version: 123
version ubuntu: 20150929
version device: 20150911
version custom: mako-1.1

Related branches

Olivier Tilloy (osomon) wrote :

I can reliably reproduce the issue, and I confirm that it’s not present in the browser itself. However, in the browser, once the context menu is up, if I continue scrolling up/down with the finger, the page below the menu continues scrolling. It shouldn’t.

summary: - Crash with open context menu
+ [webapp-container] Crash with open context menu
Changed in webbrowser-app (Ubuntu):
assignee: nobody → Alexandre Abreu (abreu-alexandre)
status: New → Confirmed
importance: Undecided → Medium
Michael Terry (mterry) wrote :

Um... I was testing latest rc-proposed and was shocked that this was still there. We should fix this before OTA8!

Michael Terry (mterry) wrote :

I meant we should fix this before OTA7 actually! Which is almost out.

Olivier Tilloy (osomon) wrote :

It is quite likely that this bug has always been there in the webapp container, not a regression introduced in OTA7. In that regard it’s way too late for sneaking in a fix for OTA7 (QA is doing final validation on the image). I’m raising the importance of the bug so it can be fixed early in the OTA8 cycle.

Changed in webbrowser-app (Ubuntu):
importance: Medium → Critical
Changed in canonical-devices-system-image:
milestone: none → ww46-2015
assignee: nobody → Bill Filler (bfiller)
importance: Undecided → Critical
status: New → Confirmed
Michael Terry (mterry) wrote :

This bug is not in OTA6. It is a regression.

And isn't final validation the point where stop-ship bugs can still be discovered? Else it's just rubber-stamping. Obviously, reasonable people can disagree that this is stop-ship. But the fact that we're in final validation doesn't mean that if the bug is bad enough, we can delay.

I think this bug is worse than you believe. It's easy to accidentally (or intentionally) trigger.

Consider you are looking at some webapp. And you put your finger on the screen, ready to scroll when you're done reading the paragraph. But you accidentally long-pressed a link in the article. Crash.

Or you very reasonably want to copy and paste a link. Crash. Copy and pasting links will not be possible in OTA7 if this ships.

Michael Terry (mterry) wrote :

Oh, it's still possible to copy and paste. You just can't scroll.

And it looks like jibel also doesn't believe this is stop-ship (he targeted this for OTA8).

Alright, I've been outvoted. I'll just be careful in webapps for a while. :)

Changed in webbrowser-app (Ubuntu):
status: Confirmed → In Progress
David Barth (dbarth) wrote :

The feature is new actually, ie context menu for webapps. So is not a regression. Worst case, we could disable it until a fix is made for OTA-8

Olivier Tilloy (osomon) wrote :

Sorry I hadn’t realized this wasn’t present in OTA6, and thus it’s a regression. I acknowledge that’s a bad one, let’s fix this ASAP. As to whether this should be considered a stop-ship, I’ll leave it to QA/the product team.

Michael Terry (mterry) wrote :

David, I don't know what you mean. the context menu in webapps that says "Copy Link" was present in OTA6 and remains present unchanged in OTA7-proposed.

This is a regression.

Bill Filler (bfiller) on 2015-10-15
Changed in canonical-devices-system-image:
assignee: Bill Filler (bfiller) → David Barth (dbarth)

The stack trace so far

#0 0x006f0062 in ?? ()
#1 0xadabb6b8 in base::Callback<void ()>::Run() const (this=0xbec5b9d0) at ../../../../third_party/chromium/src/base/callback.h:396
#2 base::debug::TaskAnnotator::RunTask (this=this@entry=0xb8286904, queue_function=<optimized out>, run_function=0xaf8854cc "MessageLoop::RunTask", pending_task=...)
    at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:62
#3 0xadace73c in base::MessageLoop::RunTask (this=this@entry=0xb8286830, pending_task=...) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:473
#4 0xadace8e6 in base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0xb8286830, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:482
#5 0xadacebb8 in base::MessageLoop::DoWork (this=0xb8286830) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:594
#6 0xada74c90 in oxide::qt::MessagePump::RunOneTask (this=0xb8743d98) at ../../../../qt/core/browser/oxide_qt_message_pump.cc:66
#7 0xb6100d46 in QObject::event(QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
#8 0xb6bc09fc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#9 0xb6bc49aa in QApplication::notify(QObject*, QEvent*) () from /usr/lib/arm-linux-gnueabihf/libQt5Widgets.so.5
#10 0xb827ec40 in ?? ()

It is not specific to the container, a simple qml file such as:

import QtQuick 2.4
import QtQuick.Window 2.2
import com.canonical.Oxide 1.8 as Oxide
import Ubuntu.Web 0.2
import Ubuntu.Components 1.3

WebView {
    url: "http://ubuntu.com"

    contextualActions: ActionList {
        Action {
            text: i18n.tr("Copy link")
            objectName: "CopyLinkContextualAction"
            enabled: contextModel && contextModel.linkUrl.toString()
            onTriggered: Clipboard.push(["text/plain", contextModel.linkUrl.toString()])
        }
        Action {
            text: i18n.tr("Cut link")
            objectName: "CutContextualAction"
            enabled: contextModel && contextModel.isEditable &&
                     (contextModel.editFlags & Oxide.WebView.CutCapability)
        }
    }
}

triggers the issue caused I think by a double free memory corruption,

It seems to be the case for apps that dont provide a custom contextMenu component, and use the default one.

Adding oxide to the bug,

Changed in oxide:
assignee: nobody → Alexandre Abreu (abreu-alexandre)
importance: Undecided → High
status: New → In Progress

Added a branch for the container to "fix" the issue, but the core issue is still there, I'll debug oxide next,

Olivier Tilloy (osomon) wrote :

As Alex pointed out in comment #11, the issue is not webapp-container specific, it potentially affects all QML apps embedding a WebView and defining contextual actions. The branch I linked fixes the issue everywhere. This is an even more minimal standalone reproducer:

import QtQuick 2.4
import Ubuntu.Components 1.3
import Ubuntu.Web 0.2
WebView {
    url: "http://ubuntu.com"
    contextualActions: ActionList {
        Action {
            text: i18n.tr("Copy link")
            enabled: contextModel && contextModel.linkUrl.toString()
            onTriggered: Clipboard.push(["text/plain", contextModel.linkUrl.toString()])
        }
    }
}

Changed in webbrowser-app (Ubuntu):
assignee: Alexandre Abreu (abreu-alexandre) → Olivier Tilloy (osomon)
tags: added: hotfix regression-proposed
Changed in canonical-devices-system-image:
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webbrowser-app - 0.23+15.10.20151022.1-0ubuntu1

---------------
webbrowser-app (0.23+15.10.20151022.1-0ubuntu1) wily; urgency=medium

  [ CI Train Bot ]
  * New rebuild forced.
  * Resync trunk.

  [ Olivier Tilloy ]
  * Add an exception to the generated apparmor profile to allow reading
    HERE’s TOS in the browser. (LP: #1507667)
  * Modify the generated apparmor profile to allow rw access to
    /dev/shm/.org.chromium.Chromium.* too. (LP: #1508054)
  * Update translation template.

  [ Ugo Riboni ]
  * Fix inability to drag the map to pan in Google maps, on desktop.
    (LP: #1503506)
  * Implement support for allowing or denying access to media input
    devices and for setting default media input devices. (LP: #1410996)
  * Refactor the BookmarksModel to be a singleton.

 -- Olivier Tilloy <email address hidden> Thu, 22 Oct 2015 15:07:49 +0000

Changed in webbrowser-app (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
Changed in oxide:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers