New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 599921 link

Starred by 1 user
Status: Assigned
Owner:
nhiroki@chromium.org
Cc:
jochen@chromium.org
mkwst@chromium.org
ligim...@chromium.org
haraken@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

ASSERT failed on blink::WorkerOrWorkletScriptController with simple JS syntax error on worker

Project Member Reported by xlai@chromium.org, Apr 1 2016 
Note that the example html has its string var enclosed by single quote on one side and double quote on the other side (a simple syntax error that shouldn't run into exception in browser).

To reproduce the error:

1. Compile content-shell using Debug mode
2. Run "content-shell JSeval.html"
3. Content-shell crashes and shows the following error:

ASSERTION FAILED: !m_globalScope->shouldSanitizeScriptError(state.sourceURL, NotSharableCrossOrigin)
../../third_party/WebKit/Source/bindings/core/v8/WorkerOrWorkletScriptController.cpp(269) : bool blink::WorkerOrWorkletScriptController::evaluate(const blink::ScriptSourceCode &, WTF::RawPtr<ErrorEvent> *, blink::CachedMetadataHandler *, blink::V8CacheOptions)
...
Received signal 11 SEGV_MAPERR 0000fbadbeef
#0 0x0000007212be base::debug::StackTrace::StackTrace()
#1 0x000000720dff base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f71f4f42340 <unknown>
#3 0x000003f3eb11 blink::WorkerOrWorkletScriptController::evaluate()
JSeval.html
554 bytes View Download

Comment 1 by hablich@chromium.org, Apr 4 2016

Cc: jochen@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>API
Status: Available (was: Untriaged)

Comment 2 by tkent@chromium.org, Jan 16 2017

Components: Blink>Workers

Comment 3 by falken@chromium.org, Jan 16 2017

Labels: Needs-Bisect
Status: Untriaged (was: Available)
Mark untriaged for evaluation in the triage process, and it would be nice to have a bisect for this if it's a regression.

Comment 4 by hablich@chromium.org, Jan 16 2017

Components: -Blink>JavaScript>API

Comment 5 by msrchandra@chromium.org, Jan 20 2017

Labels: TE-NeedsTriageHelp

Comment 6 by jochen@chromium.org, Jan 20 2017

Cc: haraken@chromium.org mkwst@chromium.org
we start a worker from a blob url. WorkerThread::initializeOnWorkerThread doesn't pass an ErrorEvent to evaluate, so it assumes that it doesn't need to sanitize the error.

My guess is that the check is incorrect, because we really don't need to sanitize the error here and we just don't deal correctly with URLs that have an inner origin.

Comment 7 by shimazu@chromium.org, Jan 27 2017

Owner: nhiroki@chromium.org
Status: Assigned (was: Untriaged)
(blink-worker's bug triaging process) 
nhiroki@: could you confirm this issue?

Comment 8 by ligim...@chromium.org, Oct 17 2017

Cc: ligim...@chromium.org
Labels: -Needs-Bisect
This bug ended up in our triaging queue, can we have the latest update on this issue?

Sign in to add a comment