New issue
Advanced search Search tips

Issue 722904 link

Starred by 2 users
Status: Duplicate
Owner:
rogerm@chromium.org
Closed: May 2017
Cc:
ma...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows , Mac
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: Crash in SaveCardBubbleViews (on OS X)

Reported by chromium...@gmail.com, May 16 2017 

VERSION
Chrome Version: 60.0.3100.0 (Build officiel) canary (64 bits)
Operating System: Mac OS X

REPRODUCTION CASE
1. Lunch index.html.
2. Click on the button.
3. On card.html try click on the button (submit) three or four or... clicks to submit the form to trigger the save bubble and wait. >> Crash

Crash/a02e871170000000
card.html
1.3 KB View Download
index.html
179 bytes View Download

Comment 1 by elawrence@chromium.org, May 16 2017

Components: UI>Browser>Autofill>Payments
-browser.h:251 )	autofill::SaveCardBubbleControllerImpl::UpdateIcon()
-save_card_bubble_view_bridge.mm:96 )	-[SaveCardBubbleViewCocoa close]
-base_bubble_controller.mm:275 )	-[BaseBubbleController closeBubble]
-tab_strip_model.cc:1261 )	TabStripModel::NotifyIfActiveTabChanged(content::WebContents*, TabStripModel::NotifyTypes)
-tab_strip_model.cc:398 )	TabStripModel::DetachWebContentsAt(int)
-web_contents_impl.cc:633 )	content::WebContentsImpl::~WebContentsImpl()
-web_contents_impl.cc:532 )	<name omitted>
-tab_strip_model.cc:1235 )	TabStripModel::InternalCloseTab(content::WebContents*, int, bool)
-tab_strip_model.cc:1211 )	TabStripModel::InternalCloseTabs(std::__1::vector<int, std::__1::allocator<int> > const&, unsigned int)
-tab_strip_model.cc:521 )	TabStripModel::CloseWebContentsAt(int, unsigned int)
-browser_tabstrip.cc:82 )	chrome::CloseWebContents(Browser*, content::WebContents*, bool)

Comment 2 Deleted

Comment 3 by wfh@chromium.org, May 17 2017

Cc: ma...@chromium.org
Labels: Security_Impact-Stable Security_Severity-Medium OS-Mac OS-Windows Pri-2
Owner: est...@chromium.org
Status: Assigned (was: Unconfirmed)
looks like a null object property deref. estade->can you take a look at this or assign to others?

This does seem to happen on windows too -> crash/eaac8482a8000000

Comment 4 by ma...@chromium.org, May 17 2017

Owner: rogerm@chromium.org
Project Member

Comment 5 by sheriffbot@chromium.org, May 18 2017

Labels: M-59
Project Member

Comment 6 by sheriffbot@chromium.org, May 18 2017

Labels: -Pri-2 Pri-1

Comment 7 by chromium...@gmail.com, May 19 2017 

Can someone please check this crash under ASan build OS X?

Comment 8 by rogerm@chromium.org, May 23 2017

Status: Started (was: Assigned)

Comment 9 by rogerm@chromium.org, May 30 2017

Mergedinto: 694188
Status: Duplicate (was: Started)

Comment 10 by lafo...@chromium.org, Jun 27 2017

Components: -UI>Browser>Autofill>Payments UI>Browser>Payments
Project Member

Comment 11 by sheriffbot@chromium.org, Sep 6 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment