ASSERTION FAILED: !callingWindow->document()->getSecurityOrigin()->canAccessChec |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5187962706329600 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: ASSERTION FAILED: !callingWindow->document()->getSecurityOrigin()->canAccessChec blink::DOMWindow::sanitizedCrossDomainAccessErrorMessage blink::V8WrapperInstantiationScope::convertException Minimized Testcase (0.23 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96AIWnjiOvv0Yw1p21r4RUtyavcfhhPBCr9hcNAXqRJTMTLwdmt82mvPM-QKV_5ttZEwYN7nf-J2Iw92x1CnM-Eztj14gPoBgar5-jvUXuDhJ7jI1dhpY7_Vp3wX6OPChDKDbHsgkY0G12ZFM4EBQMhyURWGg <script> var iframe = document.body.appendChild(document.createElement("iframe")); var win = iframe.contentWindow; function recurse() { try { recurse(); } catch(e) {} win.location; } recurse(); </script> Filer: ajha See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 15 2016
Renaming the function isn't causing asserts, though, why assign to me? Can you assign to an owner of the given code?
,
Mar 18 2016
Could this be related to https://codereview.chromium.org/1417023006 yukishiino@: Could you please take a look or help in finding an appropriate owner for this.
,
Mar 18 2016
Remove legacy label cr-blink
,
Mar 23 2016
This issue is not related to my CL, but it's in my area. Seems we have the wrong ASSERT condition.
,
Mar 23 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3174947e46175db49b0fae95863c79cac5f6ba4e commit 3174947e46175db49b0fae95863c79cac5f6ba4e Author: yukishiino <yukishiino@chromium.org> Date: Wed Mar 23 13:20:35 2016 bindings: Removes a wrong ASSERT: Exception must be thrown across origins. It's a wrong assumption that an exception should be thrown across origins if the exception is thrown when we're creating a DOM wrapper for Location. It's wrong because 1) Even if it's cross origins, we should be able to create a DOM wrapper for Location in general because Location is cross-origin-accessible. 2) Even if it's same origins, it's possible that an exception will be thrown due to the runtime error, such as OOM. Thus, removes the wrong ASSERT at DOMWindow::sanitizedCrossDomainAccessErrorMessage BUG= 594919 Review URL: https://codereview.chromium.org/1825323002 Cr-Commit-Position: refs/heads/master@{#382841} [modify] https://crrev.com/3174947e46175db49b0fae95863c79cac5f6ba4e/third_party/WebKit/Source/bindings/core/v8/V8DOMWrapper.h [modify] https://crrev.com/3174947e46175db49b0fae95863c79cac5f6ba4e/third_party/WebKit/Source/core/frame/DOMWindow.cpp
,
Mar 23 2016
,
Mar 23 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ajha@chromium.org
, Mar 15 2016Owner: danakj@chromium.org
Status: Assigned (was: Available)