Issue 733731 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 733283
Owner:	----
Closed:	Jun 2017
Components:	Blink>Network>FetchAPI
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Crash in blink::`anonymous namespace'::NotifyFinishObservers

Reported by chromium...@gmail.com, Jun 15 2017

Issue description

VERSION
Chrome Version: 61.0.3132.0 (Build de développement) (64 bits) 
Operating System: Windows 7

- Visit http://indiatoday.intoday.in/story/5-haunted-places-in-india-other-than-bhangarh-fort-shaniwarwaada-damus-savoy-mussoorie-barog-shimla-dow-hill-lifetr/1/592163.html

Crash/58df21e7f0000000.

rax=0000004a000010b7 rbx=0000028feba7c030 rcx=0000028feba38398
rdx=0000000000000008 rsi=000007feecf98818 rdi=0000028feba7c060
rip=000007feed42166c rsp=000000000041e170 rbp=000000000041e210
 r8=0000000000000000  r9=000000000041e190 r10=000000000041e1f0
r11=000000008500e6da r12=000007feef495820 r13=0000000001082c48
r14=0000000000000008 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
cs=0033  ss=0000  ds=0000  es=0000  fs=0053  gs=002b             efl=00010283
*** WARNING: Unable to verify checksum for chrome_child.dll
chrome_child!blink::`anonymous namespace'::NotifyFinishObservers+0x488e54:
000007fe`ed42166c ff5020          call    qword ptr [rax+20h] ds:0000004a`000010d7=????????????????
0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
00000000`0041e170 000007fe`ecf987fd chrome_child!blink::`anonymous namespace'::NotifyFinishObservers+0x488e54 [c:\b\c\b\win64_pgo\src\third_party\webkit\source\platform\loader\fetch\resource.cpp @ 67]
00000000`0041e1b0 000007fe`ecaafab4 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(blink::HeapHashSet<blink::WeakMember<blink::ResourceFinishObserver>,WTF::MemberHash<blink::ResourceFinishObserver>,WTF::HashTraits<blink::WeakMember<blink::ResourceFinishObserver> > >),blink::HeapHashSet<blink::WeakMember<blink::ResourceFinishObserver>,WTF::MemberHash<blink::ResourceFinishObserver>,WTF::HashTraits<blink::WeakMember<blink::ResourceFinishObserver> > > >,void __cdecl(void)>::Run+0x79 [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 333]
00000000`0041e220 000007fe`ecaafa27 chrome_child!base::Callback<void __cdecl(void),0,0>::Run+0x18 [c:\b\c\b\win64_pgo\src\base\callback.h @ 91]
00000000`0041e250 000007fe`ecaae552 chrome_child!base::debug::TaskAnnotator::RunTask+0xff [c:\b\c\b\win64_pgo\src\base\debug\task_annotator.cc @ 61]
00000000`0041e3e0 000007fe`ecb40873 chrome_child!blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue+0x1d2 [c:\b\c\b\win64_pgo\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 534]
00000000`0041e690 000007fe`ecb45427 chrome_child!blink::scheduler::TaskQueueManager::DoWork+0x13b [c:\b\c\b\win64_pgo\src\third_party\webkit\source\platform\scheduler\base\task_queue_manager.cc @ 329]
00000000`0041e810 000007fe`ecaafab4 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl blink::scheduler::TaskQueueManager::*)(bool) __ptr64,base::WeakPtr<blink::scheduler::TaskQueueManager>,bool>,void __cdecl(void)>::Run+0x4b [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 333]
00000000`0041e850 000007fe`ecaafa27 chrome_child!base::Callback<void __cdecl(void),0,0>::Run+0x18 [c:\b\c\b\win64_pgo\src\base\callback.h @ 91]
00000000`0041e880 000007fe`ecaae212 chrome_child!base::debug::TaskAnnotator::RunTask+0xff [c:\b\c\b\win64_pgo\src\base\debug\task_annotator.cc @ 61]
00000000`0041ea10 000007fe`ecaaf619 chrome_child!base::MessageLoop::RunTask+0xba [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 423]
00000000`0041eb30 000007fe`ecb9288c chrome_child!base::MessageLoop::DoWork+0x1d9 [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 540]
00000000`0041ece0 000007fe`ecce467f chrome_child!base::MessagePumpDefault::Run+0x28 [c:\b\c\b\win64_pgo\src\base\message_loop\message_pump_default.cc @ 34]
00000000`0041ed60 000007fe`ecdf1dd4 chrome_child!base::RunLoop::Run+0x67 [c:\b\c\b\win64_pgo\src\base\run_loop.cc @ 112]
00000000`0041ee10 000007fe`ecdfa576 chrome_child!content::RendererMain+0x1d4 [c:\b\c\b\win64_pgo\src\content\renderer\renderer_main.cc @ 219]
00000000`0041ef30 000007fe`ecdfa373 chrome_child!content::RunNamedProcessTypeMain+0xb6 [c:\b\c\b\win64_pgo\src\content\app\content_main_runner.cc @ 428]

Comment 1 by est...@chromium.org, Jun 15 2017

Components: Blink>Network>FetchAPI
Mergedinto: 733283
Status: Duplicate (was: Unconfirmed)

Project Member

Comment 2 by sheriffbot@chromium.org, Sep 24 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 733731 link

Issue metadata

Security: Crash in blink::`anonymous namespace'::NotifyFinishObservers

Issue description

Comment 1 by est...@chromium.org, Jun 15 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Sep 24 2017

Comment 2 Deleted

Sign in to add a comment