Issue 742463 link

Starred by 6 users

Issue metadata

Status:	Fixed
Owner:	vakh@chromium.org
Closed:	Jul 2017
Cc:	█ kbr@chromium.org bpastene@chromium.org hartma...@chromium.org vakh@chromium.org █ bauerb@chromium.org █ aber...@chromium.org █ dskiba@chromium.org asvitk...@chromium.org sergeybe...@chromium.org mthiesse@chromium.org jbudorick@chromium.org
Components:	Infra>Git Internals>GPU>Testing Services>Safebrowsing
EstimatedDays:	----
NextAction:	----
OS:	Android
Pri:	1
Type:	Bug-Regression
sheriff-android

Chrome crashes on navigation with scoped_refptr check in SafeBrowsing code

Project Member Reported by avayvod@chromium.org, Jul 13 2017

Issue description

ToT build of Chrome
Android O, Pixel

Stack trace from debug build:

-----------------------------------------------------

signal 6 (SIGABRT), code -6 in tid 3344 (Thread-3)
pid: 3275, tid: 3344, name: Thread-3  >>> org.chromium.chrome <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
     r0 00000000  r1 00000d10  r2 00000006  r3 00000008
     r4 00000ccb  r5 00000d10  r6 bab9b888  r7 0000010c
     r8 c32ef680  r9 00000000  sl c32ef680  fp b8020000
     ip 00000000  sp bab9b878  lr e59b6537  pc e59e6c0c

Stack Trace:
  RELADDR   FUNCTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            FILE:LINE
  0004ac0c  tgkill+12                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           /system/lib/libc.so
  0001a533  abort+54                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            /system/lib/libc.so
  0001eb05  __libc_fatal+24                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     /system/lib/libc.so
  0001a749  __assert2+16                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        /system/lib/libc.so
  001b141d  scoped_refptr<safe_browsing::SafeBrowsingDatabaseManager>::operator->() const                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       /usr/local/google/code/chromium/src/base/memory/ref_counted.h:523
  008817d7  SafeBrowsingResourceThrottle::MaybeCreate(net::URLRequest*, content::ResourceType, safe_browsing::SafeBrowsingService*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             /usr/local/google/code/chromium/src/chrome/browser/loader/safe_browsing_resource_throttle.cc:50
  00367291  ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles(net::URLRequest*, content::ResourceContext*, content::ResourceType, std::__ndk1::vector<std::__ndk1::unique_ptr<content::ResourceThrottle, std::__ndk1::default_delete<content::ResourceThrottle> >, std::__ndk1::allocator<std::__ndk1::unique_ptr<content::ResourceThrottle, std::__ndk1::default_delete<content::ResourceThrottle> > > >*)                                                                                                                                                                                                                                                                                                                                                                 /usr/local/google/code/chromium/src/chrome/browser/loader/chrome_resource_dispatcher_host_delegate.cc:707
  00366d37  ChromeResourceDispatcherHostDelegate::RequestBeginning(net::URLRequest*, content::ResourceContext*, content::AppCacheService*, content::ResourceType, std::__ndk1::vector<std::__ndk1::unique_ptr<content::ResourceThrottle, std::__ndk1::default_delete<content::ResourceThrottle> >, std::__ndk1::allocator<std::__ndk1::unique_ptr<content::ResourceThrottle, std::__ndk1::default_delete<content::ResourceThrottle> > > >*)                                                                                                                                                                                                                                                                                                                                                     /usr/local/google/code/chromium/src/chrome/browser/loader/chrome_resource_dispatcher_host_delegate.cc:575
  008f19ef  content::ResourceDispatcherHostImpl::AddStandardHandlers(net::URLRequest*, content::ResourceType, content::ResourceContext*, content::RequestContextType, blink::WebMixedContentContextType, content::AppCacheService*, int, int, std::__ndk1::unique_ptr<content::ResourceHandler, std::__ndk1::default_delete<content::ResourceHandler> >, content::NavigationURLLoaderImplCore*, std::__ndk1::unique_ptr<content::StreamHandle, std::__ndk1::default_delete<content::StreamHandle> >)                                                                                                                                                                                                                                                                                            /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:1618
  008f15af  content::ResourceDispatcherHostImpl::CreateResourceHandler(content::ResourceRequesterInfo*, net::URLRequest*, content::ResourceRequest const&, base::Callback<void (content::SyncLoadResult const*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, content::ResourceContext*, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, mojo::InterfacePtr<content::mojom::URLLoaderClient>)                                                                                                                                                                                                                                                                                                                                                     /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:1561
  008f10f5  content::ResourceDispatcherHostImpl::ContinuePendingBeginRequest(scoped_refptr<content::ResourceRequesterInfo>, int, content::ResourceRequest const&, base::Callback<void (content::SyncLoadResult const*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, net::HttpRequestHeaders const&, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, mojo::InterfacePtr<content::mojom::URLLoaderClient>, std::__ndk1::vector<std::__ndk1::unique_ptr<storage::BlobDataHandle, std::__ndk1::default_delete<storage::BlobDataHandle> >, std::__ndk1::allocator<std::__ndk1::unique_ptr<storage::BlobDataHandle, std::__ndk1::default_delete<storage::BlobDataHandle> > > >, net::NetworkTrafficAnnotationTag const&, content::HeaderInterceptorResult)  /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:1486
  008f0029  content::ResourceDispatcherHostImpl::BeginRequest(content::ResourceRequesterInfo*, int, content::ResourceRequest const&, base::Callback<void (content::SyncLoadResult const*), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, mojo::InterfacePtr<content::mojom::URLLoaderClient>, net::NetworkTrafficAnnotationTag const&)                                                                                                                                                                                                                                                                                                                                                                  /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:1230
  008efbbd  content::ResourceDispatcherHostImpl::OnRequestResourceInternal(content::ResourceRequesterInfo*, int, int, content::ResourceRequest const&, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, mojo::InterfacePtr<content::mojom::URLLoaderClient>, net::NetworkTrafficAnnotationTag const&)                                                                                                                                                                                                                                                                                                                                                                                                                                                                               /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:920
  008f2a77  content::ResourceDispatcherHostImpl::OnRequestResourceWithMojo(content::ResourceRequesterInfo*, int, int, content::ResourceRequest const&, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, mojo::InterfacePtr<content::mojom::URLLoaderClient>, net::NetworkTrafficAnnotationTag const&)                                                                                                                                                                                                                                                                                                                                                                                                                                                                               /usr/local/google/code/chromium/src/content/browser/loader/resource_dispatcher_host_impl.cc:2272
  008fd8a9  content::URLLoaderFactoryImpl::CreateLoaderAndStart(content::ResourceRequesterInfo*, mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, int, int, content::ResourceRequest const&, mojo::InterfacePtr<content::mojom::URLLoaderClient>, net::NetworkTrafficAnnotationTag const&)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          /usr/local/google/code/chromium/src/content/browser/loader/url_loader_factory_impl.cc:87
  008f7fc3  content::ResourceMessageFilter::CreateLoaderAndStart(mojo::AssociatedInterfaceRequest<content::mojom::URLLoader>, int, int, unsigned int, content::ResourceRequest const&, mojo::InterfacePtr<content::mojom::URLLoaderClient>, net::MutableNetworkTrafficAnnotationTag const&)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     /usr/local/google/code/chromium/src/content/browser/loader/resource_message_filter.cc:96
  0060b859  content::mojom::URLLoaderFactoryStubDispatch::Accept(content::mojom::URLLoaderFactory*, mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             /usr/local/google/code/chromium/src/out/Debug/gen/content/public/common/url_loader_factory.mojom.cc:395
  0001afa7  mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:416
  0001abe9  mojo::FilterChain::Accept(mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/filter_chain.cc:40
  0001ba69  mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:303
  0001e12f  IPC::(anonymous namespace)::ChannelAssociatedGroupController::Accept(mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /usr/local/google/code/chromium/src/ipc/ipc_mojo_bootstrap.cc:753
  0001abe9  mojo::FilterChain::Accept(mojo::Message*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/filter_chain.cc:40
  00017fcb  mojo::Connector::ReadSingleMessage(unsigned int*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/connector.cc:439
  0001851d  mojo::Connector::ReadAllAvailableMessages()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/connector.cc:468
  00018449  mojo::Connector::OnHandleReadyInternal(unsigned int)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/lib/connector.cc:373
  00018fe7  void base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int), base::internal::UnretainedWrapper<mojo::Connector> >, void (unsigned int)>::RunImpl<void (mojo::Connector::* const&)(unsigned int), std::__ndk1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > const&, 0u>(void (mojo::Connector::* const&)(unsigned int), std::__ndk1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > const&, base::IndexSequence<0u>, unsigned int&&)                                                                                                                                                                                                                                                                                    /usr/local/google/code/chromium/src/base/bind_internal.h:351
  00016b9d  base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run(unsigned int) const &                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          /usr/local/google/code/chromium/src/base/callback.h:80
  000059dd  base::Callback<void (unsigned int, mojo::HandleSignalsState const&), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run(unsigned int, mojo::HandleSignalsState const&) const &                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        /usr/local/google/code/chromium/src/base/callback.h:80
  00005917  mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              /usr/local/google/code/chromium/src/mojo/public/cpp/system/simple_watcher.cc:276
  00005ccf  void base::internal::InvokeHelper<true, void>::MakeItSo<void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher> const&, int const&, unsigned int const&, mojo::HandleSignalsState const&>(void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher> const&, int const&, unsigned int const&, mojo::HandleSignalsState const&)                                                                                                                                                                                                                                                                                                               /usr/local/google/code/chromium/src/base/bind_internal.h:295
  00005ca1  void base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState>, void ()>::RunImpl<void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), std::__ndk1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> const&, 0u, 1u, 2u, 3u>(void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), std::__ndk1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> const&, base::IndexSequence<0u, 1u, 2u, 3u>)                                                                      /usr/local/google/code/chromium/src/base/bind_internal.h:351
  0008abaf  base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() &&                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       /usr/local/google/code/chromium/src/base/callback.h:91
  00095105  base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:59
  000ae817  base::MessageLoop::RunTask(base::PendingTask*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:422
  000aea73  base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:433
  000aec25  base::MessageLoop::DoWork()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:540
  000b0c27  base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        /usr/local/google/code/chromium/src/base/message_loop/message_pump_libevent.cc:220
  000ae65d  base::MessageLoop::Run()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:369
  000c890d  base::RunLoop::Run()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /usr/local/google/code/chromium/src/base/run_loop.cc:111
  000ea00f  base::Thread::Run(base::RunLoop*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   /usr/local/google/code/chromium/src/base/threading/thread.cc:255
  007b7491  content::BrowserThreadImpl::IOThreadRun(base::RunLoop*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             /usr/local/google/code/chromium/src/content/browser/browser_thread_impl.cc:278
  007b7581  content::BrowserThreadImpl::Run(base::RunLoop*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     /usr/local/google/code/chromium/src/content/browser/browser_thread_impl.cc:313
  000ea2f1  base::Thread::ThreadMain()                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          /usr/local/google/code/chromium/src/base/threading/thread.cc:338
  000e535f  base::(anonymous namespace)::ThreadFunc(void*)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      /usr/local/google/code/chromium/src/base/threading/platform_thread_posix.cc:71
  00047f2f  __pthread_start(void*)+22                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           /system/lib/libc.so
  0001b0ef  __start_thread+32                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   /system/lib/libc.so

Comment 1 by dskiba@chromium.org, Jul 13 2017

Cc: dskiba@chromium.org
Labels: OS-Android

I'm having the same crash (512 device). I believe sb_service->database_manager() returns NULL.

Comment 2 by avayvod@chromium.org, Jul 13 2017

As a workaround, build/android/adb_chrome_public_command_line "--disable-features=SafeBrowsingV4LocalDatabaseManagerEnabled,SafeBrowsingV4OnlyEnabled" prevents the crash for me.

Comment 3 by hartma...@chromium.org, Jul 13 2017

Labels: -Pri-3 Pri-2

Comment 4 by dskiba@chromium.org, Jul 13 2017

Thanks, that worked! Now I'm hitting issue 742056 :)

Comment 5 by mthiesse@chromium.org, Jul 13 2017

Looks like this is caused by https://chromium-review.googlesource.com/c/567182/

Comment 6 by hartma...@chromium.org, Jul 13 2017

Cc: bauerb@chromium.org vakh@chromium.org
Owner: dgn@chromium.org
Status: Assigned (was: Untriaged)

Comment 7 by mthiesse@chromium.org, Jul 13 2017

I kicked off a revert.

Comment 8 by dskiba@chromium.org, Jul 13 2017

Even with that commit reverted I still need command line from #2 to avoid the crash.

Comment 9 by avayvod@chromium.org, Jul 13 2017

Owner: hkamila@google.com

I'm not sure how that change affects SafeBrowsing... It's far more likely to cause the bug dskiba@ mentions in #c4.

https://codereview.chromium.org/2964693003 is a much more likely candidate imo.

Comment 10 by vakh@chromium.org, Jul 13 2017

Owner: vakh@chromium.org

Based on #2, it seems to be related to V4 changes. I'll take this one.

Comment 11 by mthiesse@chromium.org, Jul 13 2017

With https://chromium-review.googlesource.com/c/567182/ reverted I don't see the crash, even without the command line.

Comment 12 by mthiesse@chromium.org, Jul 13 2017

Nevermind, when I synced back to ToT and reverted both https://chromium-review.googlesource.com/c/567182/ and https://codereview.chromium.org/2964693003 I still see the crash...

Comment 13 by vakh@chromium.org, Jul 13 2017

Re #11: that's super strange. That CL seems to be totally unrelated to SafeBrowsing.

Re #12: Yes, that's what I thought.

I am not sure how that's possible, because I don't think fieldtrial_testing_config.json should be used for local runs, but one of my recent non-code CLs was merged incorrectly:
patch: https://screen/QGKMPviZDDf outcome: https://screen/ep69c4GW4uS

I'll try to fix that quickly.

Comment 14 by vakh@chromium.org, Jul 13 2017

Status: Started (was: Assigned)

Comment 15 by vakh@chromium.org, Jul 13 2017

sorry: patch: http://screen/QGKMPviZDDf outcome: http://screen/ep69c4GW4uS

Comment 16 by avayvod@chromium.org, Jul 13 2017

Cc: asvitk...@chromium.org

+asvitkine I too wouldn't expect the field trial config json file to affect local runs.
The incorrect merge explains though how V4Only is enabled on Android via another unrelated experiment.

Comment 17 by mthiesse@chromium.org, Jul 13 2017

Apologies for noise, aborted my revert.

Comment 18 by vakh@chromium.org, Jul 13 2017

Created https://chromium-review.googlesource.com/c/570843/

Comment 19 by kbr@chromium.org, Jul 13 2017

Labels: -Type-Bug -Pri-2 sheriff-android Pri-1 Type-Bug-Regression

Comment 20 by kbr@chromium.org, Jul 13 2017

Cc: kbr@chromium.org

Comment 21 by kbr@chromium.org, Jul 13 2017

Components: Internals>GPU>Testing

Comment 22 by jbudorick@chromium.org, Jul 13 2017

Cc: jbudorick@chromium.org

 Issue 742486  has been merged into this issue.

Project Member

Comment 23 by bugdroid1@chromium.org, Jul 13 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5f4bb2f552aeb48610c1b59fe9a555e4c9ac78fa

commit 5f4bb2f552aeb48610c1b59fe9a555e4c9ac78fa
Author: Varun Khaneja <vakh@chromium.org>
Date: Thu Jul 13 20:32:26 2017

Fix the incorrect merge done in dee0b4dc2f15

Incorrect:
patch: http://screen/QGKMPviZDDf outcome: http://screen/ep69c4GW4uS

NOTRY=true

Bug:  543161 , 742463 
Change-Id: I0134f1fd992a49f3411be8ea6f4df72d1f4f9e3d
Reviewed-on: https://chromium-review.googlesource.com/570843
Commit-Queue: Varun Khaneja <vakh@chromium.org>
Reviewed-by: Alexei Svitkine (slow) <asvitkine@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486470}
[modify] https://crrev.com/5f4bb2f552aeb48610c1b59fe9a555e4c9ac78fa/testing/variations/fieldtrial_testing_config.json

Comment 24 by vakh@chromium.org, Jul 13 2017

Status: Fixed (was: Started)

Landed forcefully.

Comment 25 by vakh@chromium.org, Jul 13 2017

Components: Infra>Git

Comment 26 by sergeybe...@chromium.org, Jul 13 2017

Cc: bpastene@chromium.org sergeybe...@chromium.org

 Issue 742499  has been merged into this issue.

Comment 27 by jbudorick@chromium.org, Jul 13 2017

 Issue 742544  has been merged into this issue.

Comment 28 by vakh@chromium.org, Jul 13 2017

 Issue 742564  has been merged into this issue.

Comment 29 by vakh@chromium.org, Jul 14 2017

Issue 742418 has been merged into this issue.

►

Issue 742463 link

Issue metadata

Chrome crashes on navigation with scoped_refptr check in SafeBrowsing code

Issue description

Comment 1 by dskiba@chromium.org, Jul 13 2017

Comment 1 Deleted

Comment 2 by avayvod@chromium.org, Jul 13 2017

Comment 2 Deleted

Comment 3 by hartma...@chromium.org, Jul 13 2017

Comment 3 Deleted

Comment 4 by dskiba@chromium.org, Jul 13 2017

Comment 4 Deleted

Comment 5 by mthiesse@chromium.org, Jul 13 2017

Comment 5 Deleted

Comment 6 by hartma...@chromium.org, Jul 13 2017

Comment 6 Deleted

Comment 7 by mthiesse@chromium.org, Jul 13 2017

Comment 7 Deleted

Comment 8 by dskiba@chromium.org, Jul 13 2017

Comment 8 Deleted

Comment 9 by avayvod@chromium.org, Jul 13 2017

Comment 9 Deleted

Comment 10 by vakh@chromium.org, Jul 13 2017

Comment 10 Deleted

Comment 11 by mthiesse@chromium.org, Jul 13 2017

Comment 11 Deleted

Comment 12 by mthiesse@chromium.org, Jul 13 2017

Comment 12 Deleted

Comment 13 by vakh@chromium.org, Jul 13 2017

Comment 13 Deleted

Comment 14 by vakh@chromium.org, Jul 13 2017

Comment 14 Deleted

Comment 15 by vakh@chromium.org, Jul 13 2017

Comment 15 Deleted

Comment 16 by avayvod@chromium.org, Jul 13 2017

Comment 16 Deleted

Comment 17 by mthiesse@chromium.org, Jul 13 2017

Comment 17 Deleted

Comment 18 by vakh@chromium.org, Jul 13 2017

Comment 18 Deleted

Comment 19 by kbr@chromium.org, Jul 13 2017

Comment 19 Deleted

Comment 20 by kbr@chromium.org, Jul 13 2017

Comment 20 Deleted

Comment 21 by kbr@chromium.org, Jul 13 2017

Comment 21 Deleted

Comment 22 by jbudorick@chromium.org, Jul 13 2017

Comment 22 Deleted

Comment 23 by bugdroid1@chromium.org, Jul 13 2017

Comment 23 Deleted

Comment 24 by vakh@chromium.org, Jul 13 2017

Comment 24 Deleted

Comment 25 by vakh@chromium.org, Jul 13 2017

Comment 25 Deleted

Comment 26 by sergeybe...@chromium.org, Jul 13 2017

Comment 26 Deleted

Comment 27 by jbudorick@chromium.org, Jul 13 2017

Comment 27 Deleted

Comment 28 by vakh@chromium.org, Jul 13 2017

Comment 28 Deleted

Comment 29 by vakh@chromium.org, Jul 14 2017

Comment 29 Deleted

Sign in to add a comment