Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash due to index out of bounds at CefFileDialogManager::MaybeRunDelegate #3779

Closed
jaragunde opened this issue Aug 30, 2024 · 0 comments
Closed

Crash due to index out of bounds at CefFileDialogManager::MaybeRunDelegate #3779

jaragunde opened this issue Aug 30, 2024 · 0 comments
Labels
bug Bug report

Comments

@jaragunde
Copy link
Contributor

jaragunde commented Aug 30, 2024
edited
Loading

Describe the bug
When there is a CefDialogHandler installed, it's possible to produce a crash due to an index out of bounds in CefFileDialogManager::MaybeRunDelegate. The Chromium code base doesn't always provide a description to match every entry in the extension vector. One such case is when saving a PDF via the print dialog.

To Reproduce
Steps to reproduce the behavior:

  1. There needs to be a CefDialogHandler installed. Here is a modification of CefSimple that does it: https://bitbucket.org/jaragunde/cef/commits/f03a6ca1e756327af09a4187939627ad2f8b22c8
  2. Run cefsimple --enable-print-preview
  3. Open print dialog with ctrl+p or right click menu.
  4. Select "Save as PDF" and click "save".
  5. See error:
../../third_party/libc++/src/include/vector:1408: assertion __n < size() failed: vector[] index out of bounds
Received signal 6
#0 0x7fdf220f9a7c base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1044:7]
#1 0x7fdf220bab7b base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:242:20]
#2 0x7fdf220bab15 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:237:28]
#3 0x7fdf220f93e5 base::debug::(anonymous namespace)::StackDumpSignalHandler() [../../base/debug/stack_trace_posix.cc:463:3]
#4 0x7fdefcc5c9a0 (/usr/lib64/libc.so.6+0x3e99f)
#5 0x7fdefccae834 __pthread_kill_implementation
#6 0x7fdefcc5c8ee __GI_raise
#7 0x7fdefcc448ff __GI_abort
#8 0x55983a1122ae std::__Cr::__libcpp_verbose_abort()
#9 0x7fdf0fe0c918 std::__Cr::vector<>::operator[]() [../../third_party/libc++/src/include/vector:1408:3]
#10 0x7fdf0fe08ef9 CefFileDialogManager::MaybeRunDelegate() [../../cef/libcef/browser/file_dialog_manager.cc:518:41]
#11 0x7fdf0fe0955d CefFileDialogManager::RunSelectFile() [../../cef/libcef/browser/file_dialog_manager.cc:384:14]
#12 0x7fdf0fd6f6c9 CefBrowserHostBase::RunSelectFile() [../../cef/libcef/browser/browser_host_base.cc:1284:25]
#13 0x7fdf0fe169d1 (anonymous namespace)::CefSelectFileDialog::SelectFileImpl() [../../cef/libcef/browser/file_dialog_runner.cc:110:15]
#14 0x7fdf2838a0ef ui::SelectFileDialog::SelectFile() [../../ui/shell_dialogs/select_file_dialog.cc:154:3]
#15 0x7fdf3647dce0 printing::PdfPrinterHandler::OnDirectorySelected() [../../chrome/browser/ui/webui/print_preview/pdf_printer_handler.cc:535:24]
...

Expected behavior
No crash.

Versions (please complete the following information):

  • OS: Linux Fedora 39
  • CEF Version: 128, built from master branch.

Additional context
The code that adds an entry of "extensions" but not for "descriptions" is Chromium code located at: PdfPrinterHandler::OnDirectorySelected() : https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ui/webui/print_preview/pdf_printer_handler.cc;l=505
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jaragunde