-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Desktop] Crash in CanvasAsyncBlobCreator #10913
Labels
crash/webview
Only tab webview crash. Browser doesn't crash
OS/Desktop
priority/P2
A bad problem. We might uplift this to the next planned release.
QA/No
release-notes/include
Milestone
Comments
iefremov
added
crash/webview
Only tab webview crash. Browser doesn't crash
priority/P1
A very extremely bad problem. We might push a hotfix for it.
OS/Desktop
labels
Jul 24, 2020
cc @bsclifton to triage |
bsclifton
added
priority/P2
A bad problem. We might uplift this to the next planned release.
and removed
priority/P1
A very extremely bad problem. We might push a hotfix for it.
labels
Aug 3, 2020
32 tasks
This one should be fixed with brave/brave-core#6320 @pilgrim-brave |
I believe they are different problems. I mis-linked the PR. This crash is fixed now, #10914 is not yet. |
This was referenced Aug 6, 2020
QA/No because it's handled by new automated tests which were part of the PR that fixed it. |
Awesome, thanks @pilgrim-brave 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
crash/webview
Only tab webview crash. Browser doesn't crash
OS/Desktop
priority/P2
A bad problem. We might uplift this to the next planned release.
QA/No
release-notes/include
It appears to me that static cast to
LocalDomWindow
in overridencanvas_async_blob_creator.cc
is not safe (Document* document = To<LocalDOMWindow>(context)->document();
), becausecontext
is not necessarily a window, it could be a worker. We can actually seeV8OffscreenCanvas
in the callstack that is used in workers.So I suggest to change
To
toDynamicTo
and also check other potentially dangerous callsites in Farbling infrastructurehttps://brave.sp.backtrace.io/p/brave/triage?aggregations=((guid%2Cunique)%2C(classifiers%2Chead))&fingerprint=0e19f930cd9b5a95610deadfcf5e934c7c08b3213d535412d5559179d3bad178
also https://brave.sp.backtrace.io/p/brave/debug?filters=(_deleted%3D0%2C(ver%2Cregex%2C%228%5B1%7C2%7C3%7C4%5D.*%22)%2Cptype%3Drenderer%2C(callstack%2Ccontains%2CCanvasAsyncBlobCreator))&debug=(%224bbf3%22,0,0)
The text was updated successfully, but these errors were encountered: