params.origin.IsSameOriginWith(url::Origin(params.url)). url:http://NUMBER:8000 |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5841632058671104 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: params.origin.IsSameOriginWith(url::Origin(params.url)). url:http://NUMBER:8000 content::RenderFrameImpl::SendDidCommitProvisionalLoad content::RenderFrameImpl::didCommitProvisionalLoad Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=406033:406232 Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94R_8zUIRVYCm2qlRuK9s466RN-HDlKWVveYtrqzaecFephX8kwjpZc94SQ7TOA44eGB4x6rkWlvQ3qEvoTR3j--NEHmfhXJCxR-5lxHtTFRKH8_NSt2BPML6zQ_efg1DkCTNqkWwea63xFKOVVwa29GKrqTA?testcase_id=5841632058671104 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 28 2016
The minimized test case is expected to hit this CHECK. The code is:
<script>
testRunner.setAllowUniversalAccessFromFileURLs(false);
history.pushState({}, "", "http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/history/resources/back.html");
</script>
The first line disables universal access from file: URLs. Since the repro is loaded from a file: URL and universal access is disabled, it is not allowed to perform a pushState call with a web URL (http: in this case).
This CHECK behaves as expected since it catches this and kills the renderer process. It is added to help us diagnose a class of bugs with mismatched origin and URL. Therefore I'm not sure there is anything actionable in this report.
,
Aug 29 2016
inferno@, can you check if there is anything actionable in this bug?
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 8 2017
ClusterFuzz has detected this issue as fixed in range 454873:455052. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5841632058671104 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: params.origin.IsSameOriginWith(url::Origin(params.url)). url:http://NUMBER:8000 content::RenderFrameImpl::SendDidCommitProvisionalLoad content::RenderFrameImpl::didCommitProvisionalLoad Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=406033:406232 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=454873:455052 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94R_8zUIRVYCm2qlRuK9s466RN-HDlKWVveYtrqzaecFephX8kwjpZc94SQ7TOA44eGB4x6rkWlvQ3qEvoTR3j--NEHmfhXJCxR-5lxHtTFRKH8_NSt2BPML6zQ_efg1DkCTNqkWwea63xFKOVVwa29GKrqTA?testcase_id=5841632058671104 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2017
ClusterFuzz testcase 5841632058671104 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmohammad@chromium.org
, Jul 28 2016Status: Assigned (was: Untriaged)