Issue metadata
Sign in to add a comment
|
!m_javaScriptURLFailedAccessCheck in HTMLFrameElementBase.cpp |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4892412577316864 Fuzzer: inferno_twister Job Type: linux_cfi_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !m_javaScriptURLFailedAccessCheck in HTMLFrameElementBase.cpp blink::HTMLFrameElementBase::isURLAllowed blink::HTMLFrameElementBase::openURL Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=407425:407447 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94vdz-Vy7txf8x1WFkXouP5FOj59xL2JmUZsDc8g2SKLAJ862wJPbP8HcQHU9LA7fFB8e2r_ElNCIM3i0SqKfvx0_syp8bmmBjSHk5OLTjt6EfAVTqkYZA-2GBcybCfCEVXHH1mfzfCgYteDwK0WXnHXMFZiQ?testcase_id=4892412577316864 <body id=tCF1> <iframe id=myframe src=http://localhost:8000/inspector/page/resources/test-page.html></iframe> <script> setTimeout("tCFcrash()"); function tCFcrash() { myframe.src = "javascript:window.top.tCF_custom_1()"; tCF1.appendChild(myframe); }</script> Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 26 2016
,
Jul 26 2016
,
Jul 27 2016
I'm wondering if we should make these loads asynchronous: https://groups.google.com/a/chromium.org/d/msg/blink-dev/oGZ4cYjir-Q/bkJ41SbYDQAJ
,
Jul 27 2016
ClusterFuzz has detected this issue as fixed in range 407734:407776. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4892412577316864 Fuzzer: inferno_twister Job Type: linux_cfi_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !m_javaScriptURLFailedAccessCheck in HTMLFrameElementBase.cpp blink::HTMLFrameElementBase::isURLAllowed blink::HTMLFrameElementBase::openURL Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=407425:407447 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=407734:407776 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94vdz-Vy7txf8x1WFkXouP5FOj59xL2JmUZsDc8g2SKLAJ862wJPbP8HcQHU9LA7fFB8e2r_ElNCIM3i0SqKfvx0_syp8bmmBjSHk5OLTjt6EfAVTqkYZA-2GBcybCfCEVXHH1mfzfCgYteDwK0WXnHXMFZiQ?testcase_id=4892412577316864 <body id=tCF1> <iframe id=myframe src=http://localhost:8000/inspector/page/resources/test-page.html></iframe> <script> setTimeout("tCFcrash()"); function tCFcrash() { myframe.src = "javascript:window.top.tCF_custom_1()"; tCF1.appendChild(myframe); }</script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 27 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 26 2016Labels: -Type-Bug M-54 findit-wrong Te-Logged Type-Bug-Regression
Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)