New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 700323 link

Starred by 2 users
Status: WontFix
Owner:
nasko@chromium.org
Out until 24 Jan
Closed: Sep 2017
Cc:
creis@chromium.org
och...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

params.origin.IsSamePhysicalOriginWith(url::Origin(params.url)). url:http://NUM

Project Member Reported by ClusterFuzz, Mar 10 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4720300043534336

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  params.origin.IsSamePhysicalOriginWith(url::Origin(params.url)).  url:http://NUM
  content::RenderFrameImpl::SendDidCommitProvisionalLoad
  content::RenderFrameImpl::didCommitProvisionalLoad
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=406033:406232

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95Bwy5-bY_yRIlpWPWPH_0awM-6mbm_ePsN8bhQ6NIP1OIyUELtkFpXe7VEcK33udFBDzDPpbHJ_HQmPbzdPNMnRgcHxk1nRTTiQlb_hwsR80ZDkv--0ZpczatuB-msweX6YkgudbNLt4wtpGkr5tA8DFI6F1HCMPYPQpv_iM9mEny0LRSw-dOU92D42FbOZ93Dg-D8vyduf6PaedfELOAhdmX21Psw3HlwPtSXhgOVN_0hDq2NFucnEPd2MqBlprfBpo3MOstpyODu9eZ5V7okwXZx21RFEhBdbaD9SQC6JZksdChsy2TngtyaJYFzgPpKWf9oe-n-RFyJUFSMT6u7Yc1t45t4Favw04sST7HrF1DLkz8?testcase_id=4720300043534336


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by durga.behera@chromium.org, Mar 10 2017

Components: UI>Browser>Navigation
Labels: Test-Predator-Wrong M-59
Owner: nasko@chromium.org
Status: Assigned (was: Untriaged)
From the above Change log, suspecting the below.
Review-Url: https://codereview.chromium.org/2151323003
nasko@: Could you please take a look into this if its related to your change.

Comment 2 by nasko@chromium.org, Mar 10 2017 

This is an explicit crash when a constraint is violated. I will investigate to see if there is more that we can learn from it, but if not, it is an expected crash and is actually ok. If I were to remove it, the browser process will kill the renderer process once the IPC is received.

Comment 3 by creis@chromium.org, Mar 10 2017

Cc: och...@chromium.org creis@chromium.org
The log says:

[1:1:0308/163632.819108:5057065036:FATAL:render_frame_impl.cc(5020)] Check failed: params.origin.IsSamePhysicalOriginWith(url::Origin(params.url)).  url:http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/history/resources/back.html origin:file://

That seems concerning, if there's a way for an HTTP URL to be sent up with params.origin set to file://.  Might be worth trying to repro to see how we got into that state.
Project Member

Comment 4 by ClusterFuzz, Mar 16 2017

Labels: OS-Mac
Project Member

Comment 5 by ClusterFuzz, Sep 4 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 4720300043534336 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment