New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 590596 link

Starred by 2 users
Status: Duplicate
Merged: issue 568456
Owner: ----
Closed: Feb 2016
Cc:
tkonch...@chromium.org
scottmg@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

browser crash entering text on realtor.ca

Reported by sgra...@gmail.com, Feb 28 2016 
Chrome Version: 48.0.2564.116
Operating System: e.g., "Windows 7", "Mac OSX 10.6"

URL (if applicable) where crash occurred: realtor.ca

Can you reproduce this crash? not reliably

What steps will reproduce this crash? (or if it's not reproducible, what were you doing just before the crash)?

1. type text into "where are you looking?" text field
2. browser crash

was typing/backspacing, might have been about to show a dialog/overlay for autocomplete when it crashed.

cc: scottmg@

*Please note that issues filed with no information filled in above will be marked as WontFix*

****DO NOT CHANGE BELOW THIS LINE****
report_id:9143f29800000000

Comment 1 by scottmg@chromium.org, Feb 28 2016

Cc: scottmg@chromium.org
Labels: Type-Bug
Status: Available (was: Unconfirmed)
Summary: browser crash entering text on realtor.ca (was: entering text on realtor.ca)
On OS X 10.11.3 corp.

I... can't find the Platform tag anymore.

Comment 2 by scottmg@chromium.org, Feb 28 2016

Labels: -Restrict-View-EditIssue
Looks like a UAF, but I don't know what's going on exactly.

Thread 0 CRASHED [EXC_BAD_ACCESS / 0x0000000d @ 0x00007fff8fa7b57e ] MAGIC SIGNATURE THREAD
0x00007fff8fa7b57e	(libdispatch.dylib + 0x0000857e )	_dispatch_alloc_continuation_free
0x00007fff8fa8ca69	(libdispatch.dylib + 0x00019a69 )	_dispatch_continuation_free_to_cache_limit
0x00007fff8fa88c6a	(libdispatch.dylib + 0x00015c6a )	_dispatch_main_queue_callback_4CF
0x00007fff8cfb9cd8	(CoreFoundation + 0x000b4cd8 )	__CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__
0x00007fff8cf74d3c	(CoreFoundation + 0x0006fd3c )	__CFRunLoopRun
0x00007fff8cf74337	(CoreFoundation + 0x0006f337 )	CFRunLoopRunSpecific
0x00007fff9377f934	(HIToolbox + 0x00030934 )	RunCurrentEventLoopInMode
0x00007fff9377f76e	(HIToolbox + 0x0003076e )	ReceiveNextEventCommon
0x00007fff9377f5ae	(HIToolbox + 0x000305ae )	_BlockUntilNextEventMatchingListInModeWithFilter
0x00007fff860a00ed	(AppKit + 0x0008a0ed )	_DPSNextEvent
0x00007fff8646c942	(AppKit + 0x00456942 )	-[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x00007fff86095fc7	(AppKit + 0x0007ffc7 )	-[NSApplication run]
0x000000010428258d	(Google Chrome Framework -message_pump_mac.mm:663 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000104281c13	(Google Chrome Framework -message_pump_mac.mm:236 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x00000001042bfbc2	(Google Chrome Framework -run_loop.cc:55 )	base::RunLoop::Run()
0x0000000103da1a17	(Google Chrome Framework -chrome_browser_main.cc:1784 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x00000001071aafe6	(Google Chrome Framework -browser_main_loop.cc:946 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x00000001071ad861	(Google Chrome Framework -browser_main_runner.cc:235 )	content::BrowserMainRunnerImpl::Run()
0x00000001071a6acc	(Google Chrome Framework -browser_main.cc:44 )	content::BrowserMain(content::MainFunctionParams const&)
0x000000010423d6ab	(Google Chrome Framework -content_main_runner.cc:808 )	content::ContentMainRunnerImpl::Run()
0x000000010423cc15	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x0000000103d03471	(Google Chrome Framework -chrome_main.cc:66 )	ChromeMain

Comment 3 by scottmg@chromium.org, Feb 28 2016

Labels: Pri-2

Comment 4 by tkonch...@chromium.org, Feb 29 2016

Cc: tkonch...@chromium.org
Mergedinto: 568456
Status: Duplicate (was: Available)
Based on similar stack trace duping this issue

Sign in to add a comment