Issue metadata
Sign in to add a comment
|
Security: Crash in content::RenderFrameDevToolsAgentHost::RevokePolicy
Reported by
chromium...@gmail.com,
Jul 31 2017
|
||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 62.0.3172.0 (Build officiel) canary (64 bits) (cohort: 64-Bit) Operating System: Windows 7 rax=69726f687475613a rbx=0000000011afa550 rcx=000000001b238f40 rdx=000000001b238f40 rsi=0000000000000000 rdi=000000001b238f40 rip=000007fec9956914 rsp=000000000029e890 rbp=0000000012205530 r8=000000004f59a62e r9=000000000029e740 r10=0000000897b70f6b r11=000000000029e8f0 r12=0000000000000008 r13=0000000000000000 r14=0000000012205530 r15=0000000000000010 iopl=0 nv up ei pl zr na po nc cs=0033 ss=0000 ds=0000 es=0000 fs=0053 gs=002b efl=00010246 chrome_7fec9490000!content::RenderFrameDevToolsAgentHost::RevokePolicy+0x38: 000007fe`c9956914 ff5050 call qword ptr [rax+50h] ds:69726f68`7475618a=???????????????? 0:000> k *** Stack trace for last set context - .thread/.cxr resets it Child-SP RetAddr Call Site 00000000`0029e890 000007fe`c9956610 chrome_7fec9490000!content::RenderFrameDevToolsAgentHost::RevokePolicy+0x38 [c:\b\c\b\win64_pgo\src\content\browser\devtools\render_frame_devtools_agent_host.cc @ 753] 00000000`0029e910 000007fe`c99560cd chrome_7fec9490000!content::RenderFrameDevToolsAgentHost::UpdateFrameHost+0x64 [c:\b\c\b\win64_pgo\src\content\browser\devtools\render_frame_devtools_agent_host.cc @ 707] 00000000`0029e940 000007fe`c9bed2b6 chrome_7fec9490000!content::RenderFrameDevToolsAgentHost::ReadyToCommitNavigation+0x4d [c:\b\c\b\win64_pgo\src\content\browser\devtools\render_frame_devtools_agent_host.cc @ 638] 00000000`0029e970 000007fe`c99bf0f4 chrome_7fec9490000!content::WebContentsImpl::ReadyToCommitNavigation+0x4e [c:\b\c\b\win64_pgo\src\content\browser\web_contents\web_contents_impl.cc @ 3663] 00000000`0029e9e0 000007fe`c99bfd6c chrome_7fec9490000!content::NavigationHandleImpl::ReadyToCommitNavigation+0x264 [c:\b\c\b\win64_pgo\src\content\browser\frame_host\navigation_handle_impl.cc @ 723] 00000000`0029eae0 000007fe`cafbbc35 chrome_7fec9490000!content::NavigationHandleImpl::ResumeInternal+0x150 [c:\b\c\b\win64_pgo\src\content\browser\frame_host\navigation_handle_impl.cc @ 1014] 00000000`0029ebc0 000007fe`c979aab4 chrome_7fec9490000!subresource_filter::ActivationStateComputingNavigationThrottle::OnActivationStateComputed+0xad [c:\b\c\b\win64_pgo\src\components\subresource_filter\content\browser\activation_state_computing_navigation_throttle.cc @ 124] 00000000`0029ec10 000007fe`cafbc4c4 chrome_7fec9490000!base::internal::Invoker<base::internal::BindState<void (__cdecl google_apis::RequestSender::*)(google_apis::AuthenticatedRequestInterface * __ptr64) __ptr64,base::WeakPtr<google_apis::RequestSender> >,void __cdecl(google_apis::AuthenticatedRequestInterface * __ptr64)>::Run+0x1c [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 320] 00000000`0029ec40 000007fe`cafbc8f7 chrome_7fec9490000!subresource_filter::AsyncDocumentSubresourceFilter::OnActivateStateCalculated+0x38 [c:\b\c\b\win64_pgo\src\components\subresource_filter\content\browser\async_document_subresource_filter.cc @ 123] 00000000`0029ec70 000007fe`c9a4d720 chrome_7fec9490000!base::internal::Invoker<base::internal::BindState<void (__cdecl subresource_filter::AsyncDocumentSubresourceFilter::*)(base::Callback<void __cdecl(subresource_filter::ActivationState),1,1>,subresource_filter::ActivationState) __ptr64,base::WeakPtr<subresource_filter::AsyncDocumentSubresourceFilter>,base::Callback<void __cdecl(subresource_filter::ActivationState),1,1> >,void __cdecl(subresource_filter::ActivationState)>::Run+0x4b [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 320] 00000000`0029eca0 000007fe`c9608106 chrome_7fec9490000!base::internal::ReplyAdapter<__int64,__int64>+0x30 [c:\b\c\b\win64_pgo\src\base\post_task_and_reply_with_result_internal.h @ 27] 00000000`0029ecd0 000007fe`ca02af44 chrome_7fec9490000!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(base::Callback<void __cdecl(bool),0,0>,bool * __ptr64),base::Callback<void __cdecl(bool),0,0>,base::internal::OwnedWrapper<bool> >,void __cdecl(void)>::RunOnce+0x22 [c:\b\c\b\win64_pgo\src\base\bind_internal.h @ 307] 00000000`0029ed00 000007fe`ca03ad02 chrome_7fec9490000!base::`anonymous namespace'::PostTaskAndReplyRelay::RunReplyAndSelfDestruct+0x24 [c:\b\c\b\win64_pgo\src\base\threading\post_task_and_reply_impl.cc @ 60] 00000000`0029ed30 000007fe`c9fdd6d9 chrome_7fec9490000!base::debug::TaskAnnotator::RunTask+0x1a2 [c:\b\c\b\win64_pgo\src\base\debug\task_annotator.cc @ 59] 00000000`0029eee0 000007fe`c9fde233 chrome_7fec9490000!base::MessageLoop::RunTask+0x269 [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 419] 00000000`0029f050 000007fe`ca03b281 chrome_7fec9490000!base::MessageLoop::DoWork+0x553 [c:\b\c\b\win64_pgo\src\base\message_loop\message_loop.cc @ 536] 00000000`0029f250 000007fe`ca03af04 chrome_7fec9490000!base::MessagePumpForUI::DoRunLoop+0x71 [c:\b\c\b\win64_pgo\src\base\message_loop\message_pump_win.cc @ 174] 00000000`0029f2c0 000007fe`c9ffda49 chrome_7fec9490000!base::MessagePumpWin::Run+0x54 [c:\b\c\b\win64_pgo\src\base\message_loop\message_pump_win.cc @ 58] 00000000`0029f310 000007fe`c9f19b50 chrome_7fec9490000!base::RunLoop::Run+0x69 [c:\b\c\b\win64_pgo\src\base\run_loop.cc @ 113] 00000000`0029f3c0 000007fe`c98e6ecc chrome_7fec9490000!ChromeBrowserMainParts::MainMessageLoopRun+0x164 [c:\b\c\b\win64_pgo\src\chrome\browser\chrome_browser_main.cc @ 1917]
,
Jul 31 2017
Possible dupe of Issue 742955?
,
Aug 1 2017
,
Nov 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by chromium...@gmail.com
, Jul 31 2017