New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 754595 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2018
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

all description is in "Other comments"

Reported by 28ask...@gmail.com, Aug 11 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

Steps to reproduce the problem:
1. all description is in "Other comments"
2. 
3. 

What is the expected behavior?

What went wrong?
[11496.770324] traps: chromium[14951] trap int3 ip:2c7f003ca7 sp:7ffcff4c2ba0 error:0

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 60.0.3112.90  Channel: stable
OS Version: 
Flash Version: Shockwave Flash 26.0 r0

To whom it my concern,

I found a vulnerability on chromium 60.0.3112.90.
The sample of "dmesg":
[11496.770324] traps: chromium[14951] trap int3 ip:2c7f003ca7 sp:7ffcff4c2ba0 error:0
The file is attached on this report.
Email: 
constantine@mailfa.com
Best Regards
 
crash.html
243 bytes View Download
Labels: Needs-Triage-M60 Needs-Bisect

Comment 2 by 28ask...@gmail.com, Aug 12 2017

To whom it may concern,

would you please let me know about my report's status? should i stay for
you answer ?

Comment 3 by hdodda@chromium.org, Aug 14 2017

Cc: hdodda@chromium.org
Labels: Needs-Feedback
Thanks for your report. 

Tested the issue on ubuntu 14.04 using chrome M60 #60.0.3112.90 and followed steps :

1. Downloaded given html file and observed no crash.

@28askari-- Could you please provide us the crash id from chrome://crashes and also please try in a fresh chrome profile without any extensiona and flags enabled and update us with observations.

Thanks!

Comment 4 by 28ask...@gmail.com, Aug 14 2017

Thank you
Crash ID: crash/9fb8ff04c2b58443
Project Member

Comment 5 by sheriffbot@chromium.org, Aug 14 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "hdodda@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by 28ask...@gmail.com, Aug 14 2017

Thank you
Crash ID: crash/9fb8ff04c2b58443
Cc: susanjuniab@chromium.org
Labels: -OS-Linux -Needs-Bisect M-62 OS-Windows
Status: Untriaged (was: Unconfirmed)
28askari@ : Thanks for the issue 

Able to reproduce this issue on Windows 7 using chrome latest stable 60.0.3112.101 and canary 62.0.3187.0. This is a Non-regression issue which is observed 45.0.2454.103 chrome version.

Note: This issue is not reproducible on Ubuntu 14.04 and Mac OS using chrome latest stable 60.0.3112.101 and canary 62.0.3187.0.

From the given Crash ID: 9fb8ff04c2b58443, looks like this crash happened due to OutOfMemory.

Below is the Stack Trace for the same :-
Thread 0 (id: 2272) CRASHED [Out of Memory @ 0x753f0f63 ] MAGIC SIGNATURE THREAD
Stack Quality79%Show frame trust levels
0x753f0f63	(KERNELBASE.dll + 0x00010f63 )	RaiseException
0x62193254	(chrome_child.dll -partitions.cpp:143 )	WTF::PartitionsOutOfMemoryUsing128M
0x621931f0	(chrome_child.dll -partitions.cpp:185 )	WTF::Partitions::HandleOutOfMemory()
0x61b13106	(chrome_child.dll -partition_alloc.cc:266 )	base::PartitionOutOfMemory
0x61471e8b	(chrome_child.dll -partition_alloc.cc:818 )	base::PartitionAllocSlowPath(base::PartitionRootBase *,int,unsigned int,base::PartitionBucket *)
0x6163e618	(chrome_child.dll -partitionallocator.h:43 )	WTF::PartitionAllocator::AllocateVectorBacking<std::unique_ptr<blink::GraphicsContextState,std::default_delete<blink::GraphicsContextState> > >(unsigned int)
0x6126259c	(chrome_child.dll -vector.h:373 )	WTF::VectorBufferBase<blink::CSSParserToken,1,WTF::PartitionAllocator>::AllocateExpandedBuffer(unsigned int)
0x60e36248	(chrome_child.dll -csstokenizer.cpp:34 )	blink::CSSTokenizer::CSSTokenizer(WTF::String const &)
0x60f01e16	(chrome_child.dll -cssparserimpl.cpp:57 )	blink::CSSParserImpl::ParseValue(blink::MutableStylePropertySet *,blink::CSSPropertyID,WTF::String const &,bool,blink::CSSParserContext const *)
0x60f3c570	(chrome_child.dll -parser-base.h:3426 )	v8::internal::ParserBase<v8::internal::Parser>::ParseMemberWithNewPrefixesExpression(bool *,bool *)
0x60f3b9bb	(chrome_child.dll -parser-base.h:1987 )	v8::internal::ParserBase<v8::internal::Parser>::ParseExpressionCoverGrammar(bool,bool *)
0x60fc7990	(chrome_child.dll -builtins-api.cc:216 )	v8::internal::Builtins::InvokeApiFunction(v8::internal::Isolate *,bool,v8::internal::Handle<v8::internal::HeapObject>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const,v8::internal::Handle<v8::internal::HeapObject>)
0x60d77b24	(chrome_child.dll -execution.cc:88 )	v8::internal::`anonymous namespace'::Invoke
0x60fc9a1f	(chrome_child.dll -execution.cc:207 )	v8::internal::Execution::New(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const)
0x60fc99cb	(chrome_child.dll -api.cc:5246 )	v8::Function::NewInstance(v8::Local<v8::Context>,int,v8::Local<v8::Value> * const)
0x6103e075	(chrome_child.dll -hashtable.h:1782 )	WTF::HashTable<blink::WeakMember<blink::CSSStyleSheet>,blink::WeakMember<blink::CSSStyleSheet>,WTF::IdentityExtractor,WTF::MemberHash<blink::CSSStyleSheet>,WTF::HashTraits<blink::WeakMember<blink::CSSStyleSheet> >,WTF::HashTraits<blink::WeakMember<blink::CSSStyleSheet> >,blink::HeapAllocator>::Rehash(unsigned int,blink::WeakMember<blink::CSSStyleSheet> *)
0x6103e02b	(chrome_child.dll -hashtable.h:1635 )	WTF::HashTable<blink::WeakMember<blink::CSSStyleSheet>,blink::WeakMember<blink::CSSStyleSheet>,WTF::IdentityExtractor,WTF::MemberHash<blink::CSSStyleSheet>,WTF::HashTraits<blink::WeakMember<blink::CSSStyleSheet> >,WTF::HashTraits<blink::WeakMember<blink::CSSStyleSheet> >,blink::HeapAllocator>::Expand(blink::WeakMember<blink::CSSStyleSheet> *)
0x60e329f0	(chrome_child.dll -kurl.cpp:260 )	blink::KURL::KURL(blink::KURL const &)

Thanks
Status: WontFix (was: Untriaged)
This is a generic OOM error. Crash report no longer exists. Closing stale issue.

Sign in to add a comment