Manual bisect:
Good build: 59.0.3051.3  
Bad build: 59.0.3053.0

Deleted: Actual_settings.mov 1.4 MB

Actual_settings.mov 1.4 MB Download

Using the per-revision bisect providing the bisect results,
Good build:59.0.3051.3 (Revision:459592).
Bad build:59.0.3053.0 (Revision:459685).

You are probably looking for a change made after 459613 (known good), but no later than 459614 (first known bad).

CHANGE-LOG URL:
---------------
https://chromium.googlesource.com/chromium/src/+log/9de6f24edfb54f9afd3d2dee474a2602585f68dc..2f7628484099e467516f27c8a6e9f056461c1aab

From the CL above, assigning the issue to the concern owner

@scottchen : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.

Review-Url: https://codereview.chromium.org/2766093002
Note :Able to reproduce the issue in Win 10.0,Ubuntu 14.04 & Mac 10.12.3 and Able to reproduce in latest Canary #59.0.3053.0
Since this is crashing the browser so adding Release Block-Beta for this issue.Please remove if not the case.

Stack Trace:
------------
Thread 0 CRASHED [EXCEPTION_BREAKPOINT @ 0x000007fee365408c ] MAGIC SIGNATURE THREAD
Stack Quality100%Show frame trust levels
0x000007fee365408c	(chrome.dll -web_ui_message_handler.cc:80 )	content::WebUIMessageHandler::ResolveJavascriptCallback(base::Value const &,base::Value const &)
0x000007fee45b6f2b	(chrome.dll -settings_startup_pages_handler.cc:196 )	settings::StartupPagesHandler::HandleValidateStartupPage(base::ListValue const *)
0x000007fee36539c6	(chrome.dll -web_ui_impl.cc:249 )	content::WebUIImpl::ProcessWebUIMessage(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &)
0x000007fee3653922	(chrome.dll -web_ui_impl.cc:112 )	content::WebUIImpl::OnWebUISend(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &)
0x000007fee3652aea	(chrome.dll -ipc_message_templates.h:121 )	IPC::MessageT<ViewHostMsg_WebUISend_Meta,std::tuple<GURL,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::ListValue>,void>::Dispatch<content::WebUIImpl,content::WebUIImpl,void,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &)>(IPC::Message const *,content::WebUIImpl *,content::WebUIImpl *,void *,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &))
0x000007fee365382b	(chrome.dll -web_ui_impl.cc:95 )	content::WebUIImpl::OnMessageReceived(IPC::Message const &)
0x000007fee363db4c	(chrome.dll -web_contents_impl.cc:691 )	content::WebContentsImpl::OnMessageReceived(content::RenderViewHostImpl *,IPC::Message const &)
0x000007fee357c743	(chrome.dll -render_view_host_impl.cc:735 )	content::RenderViewHostImpl::OnMessageReceived(IPC::Message const &)
0x000007fee3584dcf	(chrome.dll -render_widget_host_impl.cc:540 )	content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const &)
0x000007fee3575e96	(chrome.dll -render_process_host_impl.cc:2079 )	content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &)
0x000007fee3cc6e37	(chrome.dll -ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &)
0x000007fee2c30e41	(chrome.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007fee2be0456	(chrome.dll -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask *)
0x000007fee2be1009	(chrome.dll -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x000007fee2c313fe	(chrome.dll -message_pump_win.cc:173 )	base::MessagePumpForUI::DoRunLoop()
0x000007fee2c31033	(chrome.dll -message_pump_win.cc:56 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x000007fee2c022af	(chrome.dll -run_loop.cc:37 )	base::RunLoop::Run()
0x000007fee38dcc53	(chrome.dll -chrome_browser_main.cc:1969 )	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x000007fee3370a39	(chrome.dll -browser_main_loop.cc:1190 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x000007fee3371ff1	(chrome.dll -browser_main_runner.cc:140 )	content::BrowserMainRunnerImpl::Run()
0x000007fee336c357	(chrome.dll -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const &)
0x000007fee3887b0a	(chrome.dll -content_main_runner.cc:437 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x000007fee388794f	(chrome.dll -content_main_runner.cc:729 )	content::ContentMainRunnerImpl::Run()
0x000007fee3f37c11	(chrome.dll -main.cc:179 )	service_manager::Main(service_manager::MainParams const &)
0x000007fee388727b	(chrome.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x000007fee3073e1b	(chrome.dll -chrome_main.cc:123 )	ChromeMain
0x000000013f49093f	(chrome.exe -main_dll_loader_win.cc:202 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x000000013f48fa06	(chrome.exe -chrome_exe_main_win.cc:271 )	wWinMain
0x000000013f4c2222	(chrome.exe -exe_common.inl:253 )	__scrt_common_main_seh
0x7759652c	(kernel32.dll + 0x0001652c )	BaseThreadInitThunk
0x776cc520	(ntdll.dll + 0x0002c520 )	RtlUserThreadStart

Users experienced this crash on the following builds:

Mac Canary 59.0.3053.0 -  2.67 CPM, 3 reports, 3 clients (signature content::WebUIMessageHandler::ResolveJavascriptCallback)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

+tommycli: Adding Tommy who has dealt with various WebUI C++ handler crashes.

I was just playing around with repro cases, and noticed a few things:
- it only crashes sometimes.
- when it does crash, it crashes on input "a" as well as "@".

Taking a look now...

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9b4945ffcbfc14e7a648e20053ec7909927275c0

commit 9b4945ffcbfc14e7a648e20053ec7909927275c0
Author: tommycli <tommycli@chromium.org>
Date: Tue Mar 28 23:46:41 2017

MD Settings: Fix Appearance home page URL crash

The Appearance home page URL validation occurs before the On Startup
section calls 'onStartupPrefsPageLoad', there will be a
IsJavascriptAllowed crash. Having the URL validation function itself
call AllowJavascript within SettingsStartupPagesHandler is problematic
because that handler is so heavy.

This CL moves 'validateStartupPage' to the OnStartupHandler, which is
lightweight and has no hooks to OnJavascriptAllowed, so we can make
'validateStartupPage' call AllowJavascript.

BUG= 705366 

Review-Url: https://codereview.chromium.org/2781623006
Cr-Commit-Position: refs/heads/master@{#460240}

[modify] https://crrev.com/9b4945ffcbfc14e7a648e20053ec7909927275c0/chrome/browser/ui/webui/settings/on_startup_handler.cc
[modify] https://crrev.com/9b4945ffcbfc14e7a648e20053ec7909927275c0/chrome/browser/ui/webui/settings/on_startup_handler.h
[modify] https://crrev.com/9b4945ffcbfc14e7a648e20053ec7909927275c0/chrome/browser/ui/webui/settings/settings_startup_pages_handler.cc
[modify] https://crrev.com/9b4945ffcbfc14e7a648e20053ec7909927275c0/chrome/browser/ui/webui/settings/settings_startup_pages_handler.h

If the above CL doesn't fix it i'll be a monkey's...

Tested the issue on Windows-7,Mac 10.12.3 using Chrome version 59.0.3061.3 as per the comment #0

Observed that the fix is working as expected.Hence adding the verified labels.

Note: Verified the issue on Ubuntu 14.04 using chrome version #59.0.3061.0 as the linux chrome build #59.0.3061.3 got failed(Issue id: 708077)

Please find the attached screen cast for reference.

Thanks.

Deleted: 705366.mp4 462 KB

	705366.mp4 462 KB View Download