Segmentation fault in case a website would open a file picker on the host

Question

Segmentation fault in case a website would open a file picker on the host

SRAZKVT opened this issue 2 years ago · 13 comments

SRAZKVT commented 2 years ago

Operating System Info

Other

Other OS

Void Linux

OBS Studio Version

28.1.2

OBS Studio Version (Other)

No response

OBS Studio Log URL

https://obsproject.com/logs/Xi6IH3xMndBH73pD

OBS Studio Crash Log URL

No response

Expected Behavior

In interaction mode with the browser, a filepicker would be opened when necessary, allowing to choose a file.

Current Behavior

OBS completely crashes, due to a segmentation fault.

Steps to Reproduce

Set as target any website that would open a filepicker.
Enter interact mode with the browser.
Do the action that would open the filepicker.
OBS should close instantly.

Anything else we should know?

Both me and a friend have tried reproducing this, both on the flatpak version, it crashes every time.

Answer 1 · 2022-11-24T07:01:40.000Z

I can confirm this occurs on the Flatpak on GNOME, including when building my own Flatpak using Builder. It does not occur on standard builds.

This occurs both in browser docks and browser sources. Note that while using the file picker in browser sources is not officially supported, crashing is never a solution.

Annoyingly, I'm unable to get debug symbols to load with my local OBS/CEF build, and the CEF debug.log terminates immediately, so it doesn't log whatever goes wrong within CEF in this situation. I will continue trying to track down this bug.

Answer 2 · 2022-12-01T12:42:46.000Z

Right, I've finally managed to get the Flatpak to give me proper debugging information.

https://github.com/obsproject/cef/blob/5060-shared-textures/libcef/browser/file_dialog_manager.cc#L440-L447

Note: this crash is limited to Flatpak at this time.

If a file browser is opened via the Inspect dialog of a browser source, the crash occurs on line 443, where it attempts to fetch a window handle.

If a file browser is opened via a Browser Dock, the crash occurs deeper, within the function called in 446. The code that crashes seems to be in Chromium itself.

I expect the cause of both is the same, even though the stack traces are different. It's important to note that we build CEF with use_gtk=false, however as this crash does not occur the apt package & local builds, I don't expect it's the cause.

This likely leaves it to either be a missing runtime dependency, or more likely a Flatpak sandbox issue. Unfortunately, this means it's outside my skillset. I will do what digging I can, and discuss with people who know Flatpak and/or CEF more in-depth.

Answer 3 · 2023-01-06T16:18:06.000Z

Coming from obsproject/obs-studio#8012, since the issues seem related, thought i'd also say that for me, the crash happens on both the PPA package, custom build from source and Flatpak so i don't think it's a Flatpak related issue

Answer 4 · 2023-01-06T22:50:58.000Z

@Refragg What desktop environment are you using?

Answer 5 · 2023-01-07T09:44:57.000Z

I'm on Ubuntu MATE 22.10, a friend of mine also reproduced this issue on Linux Mint Cinnamon 21.1

Answer 6 · 2023-01-08T04:40:40.000Z

Hmm, that's helpful. As I'm on 22.04 LTS, I can't reproduce - even on MATE, but I'll try on 22.10.

Answer 7 · 2023-05-02T14:18:27.000Z

The issue is reproducable in Ubuntu 22.04 LTS. (at least in Browser Dock)

Answer 8 · 2023-06-20T09:34:55.000Z

Does anyone else can confirm the issue or give me a hint for a workarround?

Answer 9 · 2023-06-20T09:50:42.000Z

I can confirm it still happens in latest flatpak release, and i unfortunately haven't found a workaround as of yet.

Answer 10 · 2024-01-11T21:47:43.000Z

Is that issue still open? Or I miss something?
As my OBS (30.0.2) installed either via PPA or Flatpack on Ubuntu 22.04 crashes while trying open a file in browser (in Dock, like Lower Third plugin, or just in browser). Also tried older versions of OBS (like 29.1.2) and still the same result - OBS closes its self while trying to open file manager via < input type="file" >.

Answer 11 · 2024-01-12T08:21:14.000Z

Yes this issue is still open, if it wasn't, it would've been marked as closed

Answer 12 · 2024-01-18T10:20:07.000Z

Yes, the issue is still open. I would really appreciate if it could be fixed.

Answer 13 · 2024-03-11T16:51:02.000Z

Got a backtrace on this, but I is missing a lot of symbols. I'm not sure how to get a better trace with the source file and line number.

Thread 74 "CrBrowserMain" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff43df9640 (LWP 1178)]
0x00007fff83710b41 in ?? () from /usr/local//lib/obs-plugins/libcef.so
(gdb) 
(gdb) 
(gdb) 
(gdb) bt
#0  0x00007fff83710b41 in  () at /usr/local//lib/obs-plugins/libcef.so
#1  0x000000000000000b in  ()
#2  0x00007ffee42f3d10 in  ()
#3  0x00007ffee4301920 in  ()
#4  0x00007ffeec016380 in  ()
#5  0x00007ffee4301950 in  ()
#6  0x00007ffff3ca5453 in __GI___libc_free (mem=) at ./malloc/malloc.c:3391
#7  0x00007ffee4237fc0 in  ()
#8  0x00007fff43df7690 in  ()
#9  0x00007fff81589357 in  () at /usr/local//lib/obs-plugins/libcef.so
#10 0x00007fff43df7af0 in  ()
#11 0x00007ffee4237fc0 in  ()
#12 0x0000000000000000 in  ()