ASSERTION FAILED: frame()->isRemoteFrame() || !activeOrigin->canAccessCheckSubor |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5714629291933696 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: ASSERTION FAILED: frame()->isRemoteFrame() || !activeOrigin->canAccessCheckSubor blink::DOMWindow::crossDomainAccessErrorMessage blink::V8WrapperInstantiationScope::convertException Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96NVDT2Dc5p4RGQoZv9sZTR4Qd7O9VVFoowj2WBGZdaIHUN0bGTm4Yw7S2c4X5bl6y8WCNO5Y8yqRtCgdnHpEH9Hw20kd9bYL4vPPJK9EIsueNLQhNvkpdK5lVCpsdfuZ-G7CqL2FTtGSBTVhzBq8QdurP_4w list-style-position: outside;<script> var iframe = document.body.appendChild(document.createElement("iframe")); var win = iframe.contentWindow; function recurse() { try { recurse(); } catch(e) {} win.location; } recurse(); </script> Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 9 2016
Daniel, this hits your assert :)
,
Aug 9 2016
ClusterFuzz has detected this issue as fixed in range 410349:410400. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5714629291933696 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: frame()->isRemoteFrame() || !activeOrigin->canAccessCheckSuborigins(targetOrigin blink::DOMWindow::crossDomainAccessErrorMessage blink::V8WrapperInstantiationScope::convertException Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=348655:348681 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=410349:410400 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96K1vcss2j5N8j-BnIUNMdZD5AkqxrUux6U9Elf3cDsYIBS01iNl20AuqV_X9Iqbx1GaAzAZAMX02yJ-l3BF8_7b5Ls5GJLfoA3AX9woeTC9SpXk08_AGLwhdYaHDJ-nL3PUB0_1OGO4fl7UxJ76W9U0P7SMw?testcase_id=5714629291933696 list-style-position: outside;<script> var iframe = document.body.appendChild(document.createElement("iframe")); var win = iframe.contentWindow; function recurse() { try { recurse(); } catch(e) {} win.location; } recurse(); </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 9 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 10 2016
FWIW I'm a bit suspicious of clusterfuzz's methodology here. I don't see anything in the fixed range that suggests it would have affected this behavior...
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by rnimmagadda@chromium.org
, May 9 2016Labels: -Pri-1 findit-for-crash Te-Logged M-51 Pri-2
Owner: jochen@chromium.org
Status: Assigned (was: Available)