Issue metadata
Sign in to add a comment
|
Security: UNKOWN in blink::HTMLDocumentParser::stopBackgroundParser
Reported by
chromium...@gmail.com,
Aug 4 2016
|
||||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 54.0.2817.0 canary (64-bit) Operating System: Windows 7 REPRODUCTION CASE 1. Navigate to chrome://history 2. Keep reloading the page 3. Crash! FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Crash ID's: 16b9aafe00000000 rax=8b4820ec83485340 rbx=000001a1b048a678 rcx=000007fed3430af0 rdx=0000000000000000 rsi=000001a1b049f000 rdi=000001a1b048a670 rip=000007fed357cb9b rsp=000000000018b900 rbp=000001a1b0481000 r8=0000000000000350 r9=0000000000000000 r10=000000000528ccec r11=000001a1b048a550 r12=fffffffffffff000 r13=0000021cf2094380 r14=0000000000000358 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00010246 *** WARNING: Unable to verify checksum for chrome_child.dll chrome_child!blink::HTMLDocumentParser::stopBackgroundParser+0x3b: 000007fe`d357cb9b ff5048 call qword ptr [rax+48h] ds:8b4820ec`83485388=???????????????? 0:000> k *** Stack trace for last set context - .thread/.cxr resets it Child-SP RetAddr Call Site 00000000`0018b900 000007fe`d3579a75 chrome_child!blink::HTMLDocumentParser::stopBackgroundParser+0x3b [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\html\parser\htmldocumentparser.cpp @ 768] 00000000`0018b930 000007fe`d357997e chrome_child!blink::HTMLDocumentParser::~HTMLDocumentParser+0x35 [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\html\parser\htmldocumentparser.cpp @ 140] 00000000`0018b960 000007fe`d3fad606 chrome_child!blink::HTMLDocumentParser::`scalar deleting destructor'+0xe 00000000`0018b990 000007fe`d3fae4aa chrome_child!blink::HeapObjectHeader::finalize+0x3e [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heappage.cpp @ 107] 00000000`0018b9c0 000007fe`d3fadb0a chrome_child!blink::NormalPage::sweep+0x9a [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heappage.cpp @ 1197] 00000000`0018ba10 000007fe`d3fad966 chrome_child!blink::NormalPageArena::lazySweepPages+0x66 [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heappage.cpp @ 706] 00000000`0018ba50 000007fe`d3fae058 chrome_child!blink::BaseArena::lazySweep+0x11a [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heappage.cpp @ 284] 00000000`0018bb10 000007fe`d31af155 chrome_child!blink::NormalPageArena::outOfLineAllocate+0x7c [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heappage.cpp @ 782] 00000000`0018bb40 000007fe`d33f1836 chrome_child!blink::ThreadHeap::allocateOnArenaIndex+0x85 [c:\b\build\slave\win64\build\src\third_party\webkit\source\platform\heap\heap.h @ 559] 00000000`0018bb70 000007fe`d33f92b3 chrome_child!blink::HTMLDocumentParser::create+0x86 [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\html\parser\htmldocumentparser.h @ 75] 00000000`0018bbc0 000007fe`d3581eeb chrome_child!blink::Document::implicitOpen+0xa3 [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\dom\document.cpp @ 2438] 00000000`0018bc00 000007fe`d3581b9e chrome_child!blink::HTMLImportLoader::startWritingAndParsing+0x1bb [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\html\imports\htmlimportloader.cpp @ 111] 00000000`0018bda0 000007fe`d37cbe14 chrome_child!blink::HTMLImportLoader::responseReceived+0x4e [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\html\imports\htmlimportloader.cpp @ 84] 00000000`0018bdd0 000007fe`d37a8ffa chrome_child!blink::RawResource::responseReceived+0x104 [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\fetch\rawresource.cpp @ 157] 00000000`0018be90 000007fe`d474a9b1 chrome_child!blink::ResourceFetcher::didReceiveResponse+0x2ba [c:\b\build\slave\win64\build\src\third_party\webkit\source\core\fetch\resourcefetcher.cpp @ 987] 00000000`0018c110 000007fe`d47646f5 chrome_child!content::WebURLLoaderImpl::Context::OnReceivedResponse+0x5dd [c:\b\build\slave\win64\build\src\content\child\web_url_loader_impl.cc @ 714] 00000000`0018c880 000007fe`d4761e2b chrome_child!content::ResourceDispatcher::OnReceivedResponse+0x1f1 [c:\b\build\slave\win64\build\src\content\child\resource_dispatcher.cc @ 177] 00000000`0018cc80 000007fe`d4763adf chrome_child!IPC::MessageT<ResourceMsg_ReceivedResponse_Meta,std::tuple<int,content::ResourceResponseHead>,void>::Dispatch<content::ResourceDispatcher,content::ResourceDispatcher,void,void (__cdecl content::ResourceDispatcher::*)(int,content::ResourceResponseHead const & __ptr64) __ptr64>+0xfb [c:\b\build\slave\win64\build\src\ipc\ipc_message_templates.h @ 121] 00000000`0018d070 000007fe`d4763ec8 chrome_child!content::ResourceDispatcher::DispatchMessageW+0x3a7 [c:\b\build\slave\win64\build\src\content\child\resource_dispatcher.cc @ 504] 00000000`0018d100 000007fe`d476ca61 chrome_child!content::ResourceDispatcher::OnMessageReceived+0xdc [c:\b\build\slave\win64\build\src\content\child\resource_dispatcher.cc @ 127]
,
Aug 4 2016
Hmm... this was already reported in issue 634244 .
,
Aug 5 2016
I can reproduce on canary on mac: go/crash/22e9e9fe00000000 Not sure if it repros on beta yet. csharrison/kouhei could you please take a look? Thanks!
,
Aug 5 2016
This looks like dupe of issue 634244 , as khalil mentioned.
,
Nov 11 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by chromium...@gmail.com
, Aug 4 2016767 KB
767 KB View Download