New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 750495 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
hdodda@chromium.org
hablich@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Tab crashing with specific JS call

Reported by lysio...@gmail.com, Jul 30 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36

Steps to reproduce the problem:
1. Open arguments-crash.html
2. Observe crash

What is the expected behavior?
No crash or exception saying that I reached maximum size of call stack

What went wrong?
Crash

Did this work before? N/A 

Chrome version: 60.0.3112.78  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

1. If you change 41000 to 410000 then you get exception.
2. When run it on build asan-win32-release-490315 I can observe following backtrace on console:
base:debug::StackTrace::StackTrace [0x...] (src\base\debug\stack_trace_win.cc:217)
base:debug::StackTrace::StackTrace [0x...] (src\base\debug\stack_trace.cc:199)
gin::'anonymous namespace'::PrintStackTrace[0x...] (src\gin\v8_platform.cc:54)
V8_Fatal [0x...] (src\v8\base\logging.cc:125)
v8::internal::Runtime_AllocateInNewSpace [0x...]
arguments-crash.html
125 bytes View Download

Comment 1 by dtapu...@chromium.org, Jul 31 2017

Components: -Blink Blink>JavaScript
Passing off to the V8 team to decide if this is something we want to support looks like a OOM.

Comment 2 by ranjitkan@chromium.org, Aug 2 2017

Labels: Needs-Triage-M60

Comment 3 by hdodda@chromium.org, Aug 3 2017

Cc: hdodda@chromium.org
Labels: -Type-Bug -Pri-2 hasbisect-per-revision M-62 Pri-1 Type-Bug-Regression
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on windows 7 using chrome M60 #60.0.3112.90 and canary M62 #62.0.3175.2.

This is a regression issue broken in M49.

Using the per-revision bisect providing the bisect results,
Good build: 49.0.2605.0(Revision: 366944).
Bad build: 49.0.2607.0 (Revision: 367105).

You are probably looking for a change made after 366964 (known good), but no later than 366966 (first known bad).

CHANGELOG URL:

The script might not always return single CL as suspectas some perf builds might get missing due to failure.

 https://chromium.googlesource.com/chromium/src/+log/06c3bd3beabbd81d6036aa207e633f9bec66233a..75c7843dcb738620b94332bc4d744dcdf38dbdec

Unable to find the suspect from the above cl ,

@could anyone from dev help in assiging the issue to the concern owner.

Note : Issue is seen only on windows .

Thanks!

Comment 4 by hablich@chromium.org, Aug 3 2017

Cc: hablich@chromium.org
Labels: Needs-Feedback
On my build "Version 60.0.3112.78 (Official Build) beta (64-bit)" it prints on the console:

arguments-crash.html:1 Uncaught RangeError: Maximum call stack size exceeded
    at arguments-crash.html:1

Which IMO is fine. What am I missing?

Comment 5 by hablich@chromium.org, Aug 14 2017

Status: WontFix (was: Untriaged)
WontFix because of #4

Sign in to add a comment