Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: Dana Jansens
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/71331253d6537b9409518dec2368388c5d73cb94
Time: Wed Mar 09 20:57:22 2016
The CL last changed line 900 of file Database.cpp, which is stack frame 0.

Author: jsbell
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/1d0a8a44b6c8b671a45cf8d4fe7da52a74d42930
Time: Tue Mar 22 20:07:28 2016
The CL last changed line 735 of file Database.cpp, which is stack frame 1.

Author: iclelland
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/f1615358fb40347ba0df1e5bf0923fc6a3b5bdd3
Time: Tue Aug 02 15:57:38 2016
The CL last changed line 169 of file SQLTransaction.cpp, which is stack frame 2.

Author: mark.lam@apple.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/ecb31f786a7d4292e24f6aa12d9034fe5204cbe0
Time: Thu Feb 14 22:31:20 2013
The CL last changed line 272 of file SQLTransaction.cpp, which is stack frame 3.

Author: hiroshige
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/65db3fe5a8ebb20beb15d43fcfd8fea419a096e6
Time: Tue May 17 14:11:21 2016
The CL last changed line 82 of file ExecutionContextTask.h, which is stack frame 4.

Author: morrita@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/4cb7cefdd1ee65433146663ab170bd7e46cf19fe
Time: Tue Nov 12 08:43:32 2013
The CL last changed line 88 of file MainThreadTaskRunner.cpp, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 214 of file bind_internal.h, which is stack frame 6.

Suspected Project: chromium
===================

From the above find it tool information the changes made to the file "Database.cpp" of frame 1 is more related to it.

jsbell@ Could you please look into this issue if it is related to your change,else please route this to an appropriate owner for this issue.

Thanks,

I suspect this is fallout from:

https://chromium.googlesource.com/chromium/src/+/b729a998b05ec916731171d59de95e0aea31bbac

i.e. getExecutionContext() will return to return nullptr 

The fix is probably as simple as an early `return nullptr` in Database::getSecurityOrigin() if getExecutionContext()->isContextThread() yields nullptr, since that method already returns nullptr (well, 0) in some cases. But that may not be a tested/used code path - possibly we'll want something higher up the stack.

I expect there are more of these lurking in the websql code. But I also expect that therealholden's fuzzer will find them and provide awesome repros. :)

They'll be nullptr deferences in the renderer so no security issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0fe809e04a61ce645439aad1b9cf3012271ab6a4

commit 0fe809e04a61ce645439aad1b9cf3012271ab6a4
Author: jsbell <jsbell@chromium.org>
Date: Wed Sep 28 16:11:12 2016

Add missing null check in Database::getSecurityOrigin()

Following r419951 getExecutionContext() may return null, so
return value must be checked.

BUG= 650173 
R=haraken@chromium.org

Review-Url: https://codereview.chromium.org/2375733003
Cr-Commit-Position: refs/heads/master@{#421534}

[add] https://crrev.com/0fe809e04a61ce645439aad1b9cf3012271ab6a4/third_party/WebKit/LayoutTests/storage/websql/transaction-removed-context-crash-expected.txt
[add] https://crrev.com/0fe809e04a61ce645439aad1b9cf3012271ab6a4/third_party/WebKit/LayoutTests/storage/websql/transaction-removed-context-crash.html
[modify] https://crrev.com/0fe809e04a61ce645439aad1b9cf3012271ab6a4/third_party/WebKit/Source/modules/webdatabase/Database.cpp

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot