From 31dcc872a360d0b5dfea4ce15c4cf7a09466c4db Mon Sep 17 00:00:00 2001 From: Shelley Vohr Date: Mon, 17 Jan 2022 23:52:40 +0100 Subject: [PATCH 1/2] fix: crash when saving edited PDF files --- patches/chromium/.patches | 4 + ...x_crash_when_saving_edited_pdf_files.patch | 86 +++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 patches/chromium/fix_crash_when_saving_edited_pdf_files.patch diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 78219342c7b17..96a190f552f7d 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -130,3 +130,7 @@ cherry-pick-6bb320d134b1.patch cherry-pick-109fde1088be.patch m96_fileapi_move_origin_checks_in_bloburlstore_sooner.patch cherry-pick-f781748dcb3c.patch +revert_stop_using_nsrunloop_in_renderer_process.patch +fix_dont_delete_SerialPortManager_on_main_thread.patch +feat_add_data_transfer_to_requestsingleinstancelock.patch +fix_crash_when_saving_edited_pdf_files.patch diff --git a/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch b/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch new file mode 100644 index 0000000000000..409db5c2413c1 --- /dev/null +++ b/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch @@ -0,0 +1,86 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Shelley Vohr +Date: Mon, 17 Jan 2022 23:47:54 +0100 +Subject: fix: crash when saving edited PDF files + +This commit fixes a crash that persists any time a user attempts to +download an edited PDF. This was happening because the logic flow for +downloading of any edited PDF triggers a call to +chrome.fileSystem.chooseEntry, which we do not support and which +therefore causes unmapped page access crashes. + +This patch can be removed should we choose to support chrome.fileSystem +or support it enough to fix the crash. + +diff --git a/chrome/browser/resources/pdf/pdf_viewer.js b/chrome/browser/resources/pdf/pdf_viewer.js +index 42407ef7c214bed1eb44165a87c6d0dc44f0ad7f..64225caf3738549520b35259628559ec6c15d901 100644 +--- a/chrome/browser/resources/pdf/pdf_viewer.js ++++ b/chrome/browser/resources/pdf/pdf_viewer.js +@@ -967,25 +967,12 @@ export class PDFViewerElement extends PDFViewerBaseElement { + dataArray = [result.dataToSave]; + } + ++ const a = document.createElement('a'); ++ a.download = this.attachments_[index].name; + const blob = new Blob(dataArray); +- const fileName = this.attachments_[index].name; +- chrome.fileSystem.chooseEntry( +- {type: 'saveFile', suggestedName: fileName}, entry => { +- if (chrome.runtime.lastError) { +- if (chrome.runtime.lastError.message !== 'User cancelled') { +- console.error( +- 'chrome.fileSystem.chooseEntry failed: ' + +- chrome.runtime.lastError.message); +- } +- return; +- } +- entry.createWriter(writer => { +- writer.write(blob); +- // Unblock closing the window now that the user has saved +- // successfully. +- chrome.mimeHandlerPrivate.setShowBeforeUnloadDialog(false); +- }); +- }); ++ a.href = URL.createObjectURL(blob); ++ a.click(); ++ URL.revokeObjectURL(a.href); + } + + /** +@@ -1112,30 +1099,13 @@ export class PDFViewerElement extends PDFViewerBaseElement { + if (!fileName.toLowerCase().endsWith('.pdf')) { + fileName = fileName + '.pdf'; + } +- // Create blob before callback to avoid race condition. ++ ++ const a = document.createElement('a'); ++ a.download = fileName; + const blob = new Blob([result.dataToSave], {type: 'application/pdf'}); +- chrome.fileSystem.chooseEntry( +- { +- type: 'saveFile', +- accepts: [{description: '*.pdf', extensions: ['pdf']}], +- suggestedName: fileName +- }, +- entry => { +- if (chrome.runtime.lastError) { +- if (chrome.runtime.lastError.message !== 'User cancelled') { +- console.error( +- 'chrome.fileSystem.chooseEntry failed: ' + +- chrome.runtime.lastError.message); +- } +- return; +- } +- entry.createWriter(writer => { +- writer.write(blob); +- // Unblock closing the window now that the user has saved +- // successfully. +- chrome.mimeHandlerPrivate.setShowBeforeUnloadDialog(false); +- }); +- }); ++ a.href = URL.createObjectURL(blob); ++ a.click(); ++ URL.revokeObjectURL(a.href); + + // + // Saving in Annotation mode is destructive: crbug.com/919364 From 0206e780d9d7fd77ad754396a0536abbafb1c1e7 Mon Sep 17 00:00:00 2001 From: John Kleinschmidt Date: Wed, 19 Jan 2022 16:26:31 -0500 Subject: [PATCH 2/2] chore: update patches after backport --- patches/chromium/.patches | 3 --- ...x_crash_when_saving_edited_pdf_files.patch | 19 +++++++++---------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 96a190f552f7d..5d43f39ca18e7 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -130,7 +130,4 @@ cherry-pick-6bb320d134b1.patch cherry-pick-109fde1088be.patch m96_fileapi_move_origin_checks_in_bloburlstore_sooner.patch cherry-pick-f781748dcb3c.patch -revert_stop_using_nsrunloop_in_renderer_process.patch -fix_dont_delete_SerialPortManager_on_main_thread.patch -feat_add_data_transfer_to_requestsingleinstancelock.patch fix_crash_when_saving_edited_pdf_files.patch diff --git a/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch b/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch index 409db5c2413c1..a55507bee60f7 100644 --- a/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch +++ b/patches/chromium/fix_crash_when_saving_edited_pdf_files.patch @@ -13,10 +13,10 @@ This patch can be removed should we choose to support chrome.fileSystem or support it enough to fix the crash. diff --git a/chrome/browser/resources/pdf/pdf_viewer.js b/chrome/browser/resources/pdf/pdf_viewer.js -index 42407ef7c214bed1eb44165a87c6d0dc44f0ad7f..64225caf3738549520b35259628559ec6c15d901 100644 +index 7b1e50624df15f4d77cbe5d014e4f57c7499a999..f3b8dcd32369e9f954a0791588ba4955c6cdae7e 100644 --- a/chrome/browser/resources/pdf/pdf_viewer.js +++ b/chrome/browser/resources/pdf/pdf_viewer.js -@@ -967,25 +967,12 @@ export class PDFViewerElement extends PDFViewerBaseElement { +@@ -974,25 +974,12 @@ export class PDFViewerElement extends PDFViewerBaseElement { dataArray = [result.dataToSave]; } @@ -47,15 +47,10 @@ index 42407ef7c214bed1eb44165a87c6d0dc44f0ad7f..64225caf3738549520b35259628559ec } /** -@@ -1112,30 +1099,13 @@ export class PDFViewerElement extends PDFViewerBaseElement { - if (!fileName.toLowerCase().endsWith('.pdf')) { +@@ -1120,29 +1107,12 @@ export class PDFViewerElement extends PDFViewerBaseElement { fileName = fileName + '.pdf'; } -- // Create blob before callback to avoid race condition. -+ -+ const a = document.createElement('a'); -+ a.download = fileName; - const blob = new Blob([result.dataToSave], {type: 'application/pdf'}); + - chrome.fileSystem.chooseEntry( - { - type: 'saveFile', @@ -72,12 +67,16 @@ index 42407ef7c214bed1eb44165a87c6d0dc44f0ad7f..64225caf3738549520b35259628559ec - return; - } - entry.createWriter(writer => { -- writer.write(blob); +- writer.write( +- new Blob([result.dataToSave], {type: 'application/pdf'})); - // Unblock closing the window now that the user has saved - // successfully. - chrome.mimeHandlerPrivate.setShowBeforeUnloadDialog(false); - }); - }); ++ const a = document.createElement('a'); ++ a.download = fileName; ++ const blob = new Blob([result.dataToSave], {type: 'application/pdf'}); + a.href = URL.createObjectURL(blob); + a.click(); + URL.revokeObjectURL(a.href);