My favorites | Sign in
Logo
Project Home
  
Downloads
  
Wiki
  
Issues
    
New issue | Search
for
| Advanced search | Search tips
Issue 26883: Chrome crash: dragging an image on the browser
1 person starred this issue and may be notified of changes. Back to list
 
Reported by rohitbm@chromium.org, Nov 05, 2009 
Platform:
  Hostname: RohMac-2.local
  Mac OS X Version 10.5.8 (Build 9L30)
  Processor: 2 Intel 2.40 GHz
  RAM: 2048 MB

Chrome:
  Chrome version: 4.0.237.0 r31086  <<<Release>>>
  QuickTime Player: 7.6.4
  QuickTime PlayerX: <unknown>
  Flash Player: 10.0.32

What steps will reproduce the problem?
1. Have any image in TextEdit.app
2. Login to Gmail and click on 'Compose Mail'.
3. Try to drag image from TextEdit to Gmail compose text box.

Expected result:
3.1 Image can be dragged to Gmail compose text box.

Actual result:
3.2 Chrome crashes.

Note:
- Breakpad doesn't generate crash report for this crash.
- Chrome also crashes if dragging an image just on the browser. GMail is 
an example where dragging an image is useful to compose an email.
Comment 1 by kr...@chromium.org, Nov 05, 2009 
Breakpad DOES NOT generate a report for this crash.
Labels: Crash
Comment 4 by mark@chromium.org, Nov 05, 2009 
This doesn't appear to be a regression from 4.0.229.1.  Breakpad doesn't seem to
generate a report for this crash in that build either.

Gmail is not required.  Attempting to drag any image from TextEdit into the content
area of a Chrome window results in an instant browser crash, not caught by Breakpad.
 CrashReporter does pick this one up.

Here are some bits from CrashReporter:

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Application Specific Information:
abort() called

Breakpad doesn't pick this up because it doesn't listen for EXC_CRASH, corresponding
to abort().  It only picks up EXC_BAD_ACCESS, EXC_BAD_INSTRUCTION, EXC_ARITHMETIC,
and EXC_BREAKPOINT.

I filed http://code.google.com/p/google-breakpad/issues/detail?id=343 for Breakpad.

Additional information follows.

This is logged:

terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_S_construct NULL not valid
Abort trap

In the debugger:

Program received signal SIGABRT, Aborted.
0x91494912 in __kill ()
(gdb) bt
#0  0x91494912 in __kill ()
#1  0x91494904 in kill$UNIX2003 ()
#2  0x91527b99 in raise ()
#3  0x9153dc50 in abort ()
#4  0x950e6fda in __gnu_cxx::__verbose_terminate_handler ()
#5  0x950e517a in __cxxabiv1::__terminate ()
#6  0x950e51ba in std::terminate ()
#7  0x950e52b8 in __cxa_throw ()
#8  0x950a1856 in std::__throw_logic_error ()
#9  0x950ccced in std::string::_S_construct<char const*> ()
#10 0x950cd1fb in std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::basic_string ()
#11 0x0026372d in -[WebDropTarget populateURLAndTitle:fromPasteboard:]
(self=0x6929f10, _cmd=0x1b628cf, data=0xbfffd0ac, pboard=0x68308d0) at
/chrome/trunk/src/chrome/browser/cocoa/web_drop_target.mm:190
#12 0x00263203 in -[WebDropTarget populateWebDropData:fromPasteboard:]
(self=0x6929f10, _cmd=0x1b62239, data=0xbfffd0ac, pboard=0x68308d0) at
/chrome/trunk/src/chrome/browser/cocoa/web_drop_target.mm:204
#13 0x00263e74 in -[WebDropTarget draggingEntered:view:] (self=0x6929f10,
_cmd=0x97fd9fcf, info=0x6970130, view=0x6929e90) at
/chrome/trunk/src/chrome/browser/cocoa/web_drop_target.mm:83
#14 0x005b2f48 in -[TabContentsViewCocoa draggingEntered:] (self=0x6929e90,
_cmd=0x90f56fcc, sender=0x6970130) at
/chrome/trunk/src/chrome/browser/tab_contents/tab_contents_view_mac.mm:462
#15 0x90b2cb98 in NSCoreDragTrackingProc ()
#16 0x98567ecc in DoTrackingMessage ()
#17 0x98568f63 in CoreDragMessageHandler ()
#18 0x923e7323 in __CFMessagePortPerform ()
#19 0x92357b8e in __CFRunLoopDoSource1 ()
#20 0x923539e9 in __CFRunLoopRun ()
#21 0x92351d34 in CFRunLoopRunSpecific ()
#22 0x92351b61 in CFRunLoopRunInMode ()
#23 0x95501fec in RunCurrentEventLoopInMode ()
#24 0x95501da3 in ReceiveNextEventCommon ()
#25 0x95501c28 in BlockUntilNextEventMatchingListInMode ()
#26 0x907bec95 in _DPSNextEvent ()
#27 0x907be50a in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#28 0x9078069b in -[NSApplication run] ()
#29 0x0071bdc4 in base::MessagePumpNSApplication::DoRun (this=0x681c560,
delegate=0xbffff1a8) at /chrome/trunk/src/base/message_pump_mac.mm:652
#30 0x0071c19b in base::MessagePumpCFRunLoopBase::Run (this=0x681c560,
delegate=0xbffff1a8) at /chrome/trunk/src/base/message_pump_mac.mm:195
#31 0x007149ae in MessageLoop::RunInternal (this=0xbffff1a8) at
/chrome/trunk/src/base/message_loop.cc:205
#32 0x007149c9 in MessageLoop::RunHandler (this=0xbffff1a8) at
/chrome/trunk/src/base/message_loop.cc:177
#33 0x00714a2d in MessageLoop::Run (this=0xbffff1a8) at
/chrome/trunk/src/base/message_loop.cc:155
#34 0x0019d77e in (anonymous namespace)::RunUIMessageLoop (browser_process=0x6817900)
at /chrome/trunk/src/chrome/browser/browser_main.cc:151
#35 0x0019f96d in BrowserMain (parameters=@0xbffff6e4) at
/chrome/trunk/src/chrome/browser/browser_main.cc:876
#36 0x000403d5 in ChromeMain (argc=1, argv=0xbffff7f8) at
/chrome/trunk/src/chrome/app/chrome_dll_main.cc:624
#37 0x00001f5e in main (argc=1, argv=0xbffff7f8) at
/chrome/trunk/src/chrome/app/chrome_exe_main.mm:17
Comment 5 by mikesm...@chromium.org, Nov 06, 2009 
Suggest MStone:4 (crasher, Gmail)
Comment 6 by jrg@chromium.org, Nov 06, 2009 
(No comment was entered for this change.)
Status: Assigned
Owner: pinker...@chromium.org
Cc: j...@chromium.org
Labels: Mstone-4 ReleaseBlock-Beta
Comment 7 by mark@chromium.org, Nov 06, 2009 
Re comment 5, this bug has nothing to do with gmail, it's just a handy page to be on.
Cc: mikesm...@chromium.org
Comment 8 by rohitbm@chromium.org, Nov 06, 2009 
Mark, that's correct. I just mentioned GMail as an example where image dragging 
feature is useful.
Comment 9 by pinkerton@chromium.org, Nov 06, 2009 
patch ready for review
Status: Started
Comment 10 by pinkerton@chromium.org, Nov 06, 2009 
(No comment was entered for this change.)
Status: Fixed
Comment 11 by bugdroid1@chromium.org, Nov 06, 2009 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31312 

------------------------------------------------------------------------
r31312 | pinkerton@chromium.org | 2009-11-06 14:21:50 -0800 (Fri, 06 Nov 2009) | 5 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/cocoa/web_drop_target.mm?r1=31312&r2=31311

Bulletproof the url going into a std::string and ensure it's not going to
be NULL, which throws and exception.
BUG=26883
TEST=dragging things into the content area (urls, images, text, etc)
Review URL: http://codereview.chromium.org/373016
------------------------------------------------------------------------
Comment 12 by rohitbm@chromium.org, Nov 09, 2009 
4.0.241.0 (Official Build 31417)

I have filed new bug for specific image dragging to GMail problem crbug.com/27184
Status: Verified
Comment 13 by bugdroid1@chromium.org, Nov 18, 2009 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31312 

------------------------------------------------------------------------
r31312 | pinkerton@chromium.org | 2009-11-06 14:21:50 -0800 (Fri, 06 Nov 2009) | 5 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/cocoa/web_drop_target.mm?r1=31312&r2=31311

Bulletproof the url going into a std::string and ensure it's not going to
be NULL, which throws and exception.
BUG=26883
TEST=dragging things into the content area (urls, images, text, etc)
Review URL: http://codereview.chromium.org/373016
------------------------------------------------------------------------
Sign in to add a comment