Issue metadata
Sign in to add a comment
|
Chrome: Crash Report - `anonymous namespace'::BuildPathFromComponents |
||||||||||||||||||||||||
Issue descriptionreporter:jmukthavaram@google.com crash_analysis_section:start crash_analysis_section:end Magic Signature: `anonymous namespace'::BuildPathFromComponents Crash link: https://crash.corp.google.com/browse?q=product.name%3D'Chrome'%20AND%20product.version%3D'62.0.3188.0'%20AND%20custom_data.ChromeCrashProto.channel%3D'canary'%20AND%20custom_data.ChromeCrashProto.ptype%3D'browser'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'%60anonymous%20namespace%5C'%3A%3ABuildPathFromComponents'%20AND%20ReportID%3D'ce61a56acbd863d1'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D&unnest=#3 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome Magic Signature : `anonymous namespace'::BuildPathFromComponents Product Version: 62.0.3188.0 Report ID: ce61a56acbd863d1 Report Url: https://crash.corp.google.com/ce61a56acbd863d1 Report Time: 2017-08-17T20:24:34-07:00 Upload Time: 2017-08-17T20:25:29-07:00 Uptime: 10000 ms CumulativeProductUptime: 0 ms OS Name: Windows NT OS Version: 10.0.15063 296 CPU Architecture: amd64 CPU Info: family 6 model 61 stepping 4 ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 94%. Thread id: 7212. ------------------------------------------------------------------------------- 0x00007ffd3238cfdf (chrome.dll - elide_url.cc: 44) `anonymous namespace'::BuildPathFromComponents 0x00007ffd3090d58f (chrome.dll - elide_url.cc: 320) url_formatter::ElideUrl(GURL const &,gfx::FontList const &,float) 0x00007ffd309058ac (chrome.dll - status_bubble_views.cc: 768) StatusBubbleViews::SetURL(GURL const &) 0x00007ffd3099e176 (chrome.dll - render_view_host_impl.cc: 782) content::RenderViewHostImpl::OnUpdateTargetURL(GURL const &) 0x00007ffd3099e10e (chrome.dll - ipc_message_templates.h: 121) IPC::MessageT<ViewHostMsg_UpdateTargetURL_Meta,std::tuple<GURL>,void>::Dispatch<content::RenderViewHostImpl,content::RenderViewHostImpl,void,void (content::RenderViewHostImpl::*)(const GURL &)> 0x00007ffd30879541 (chrome.dll - render_view_host_impl.cc: 713) content::RenderViewHostImpl::OnMessageReceived(IPC::Message const &) 0x00007ffd30877cc6 (chrome.dll - render_widget_host_impl.cc: 549) content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const &) 0x00007ffd3086ebf3 (chrome.dll - render_process_host_impl.cc: 2899) content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &) 0x00007ffd3086ea3c (chrome.dll - ipc_channel_proxy.cc: 329) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x00007ffd303c45f0 (chrome.dll - task_annotator.cc: 57) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ffd303c3ec3 (chrome.dll - message_loop.cc: 410) base::MessageLoop::RunTask(base::PendingTask *) 0x00007ffd311706e1 (chrome.dll - message_loop.cc: 421) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x00007ffd303c39d5 (chrome.dll - message_loop.cc: 528) base::MessageLoop::DoWork() 0x00007ffd3049cb8f (chrome.dll - message_pump_win.cc: 173) base::MessagePumpForUI::DoRunLoop() 0x00007ffd303d3e63 (chrome.dll - message_pump_win.cc: 56) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x00007ffd303c33e0 (chrome.dll - run_loop.cc: 123) base::RunLoop::Run() 0x00007ffd306f496e (chrome.dll - chrome_browser_main.cc: 1916) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x00007ffd306f4778 (chrome.dll - browser_main_loop.cc: 1168) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00007ffd306f4698 (chrome.dll - browser_main_runner.cc: 152) content::BrowserMainRunnerImpl::Run() 0x00007ffd303baff6 (chrome.dll - browser_main.cc: 46) content::BrowserMain(content::MainFunctionParams const &) 0x00007ffd303bae0c (chrome.dll - content_main_runner.cc: 408) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x00007ffd303b84e1 (chrome.dll - content_main_runner.cc: 690) content::ContentMainRunnerImpl::Run() 0x00007ffd303a70f0 (chrome.dll - main.cc: 469) service_manager::Main(service_manager::MainParams const &) 0x00007ffd303a6c65 (chrome.dll - content_main.cc: 19) content::ContentMain(content::ContentMainParams const &) 0x00007ffd303a2770 (chrome.dll - chrome_main.cc: 122) ChromeMain 0x00007ff6b43a3f00 (chrome.exe - main_dll_loader_win.cc: 199) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff6b43a1774 (chrome.exe - chrome_exe_main_win.cc: 275) wWinMain 0x00007ff6b44721e2 (chrome.exe - exe_common.inl: 253) __scrt_common_main_seh 0x00007ffd79512773 (KERNEL32.DLL + 0x00012773) BaseThreadInitThunk 0x00007ffd79620d50 (ntdll.dll + 0x00070d50) 0x00007ffd762367bf (KERNELBASE.dll + 0x000067bf)
,
Aug 18 2017
Yep this is a bounds error on elide_url.cc:322 caused by r494713. That CL removes a check for url_path_number_of_elements <= 1, then adds that check back in for the calls to BuildPathFromComponents, but misses the one on Line 322. So if we get to Line 322, and url_path_elements is empty, this will try to access element 0 of an empty vector. I'll revert this now, and re-land with the fix next week.
,
Aug 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3532a7b85cdd1b90274cb2170c654e943f32f569 commit 3532a7b85cdd1b90274cb2170c654e943f32f569 Author: Matt Giuca <mgiuca@chromium.org> Date: Fri Aug 18 10:04:47 2017 Revert "ElideUrl: Fixed inconsistent eliding of domains (depending on path)." This reverts commit fae10d6348ac31702986c53e138a08a3c4c71b26. Reason for revert: Introduces crash (see bug). Bug: 756717 Original change's description: > ElideUrl: Fixed inconsistent eliding of domains (depending on path). > > Previously chopped off the *end* of the domain if there was no path, but > the *start* if there was a path. Now always chops off the start of the > domain (i.e., the least significant part). > > Bug: 739636 > Change-Id: Iea94c5b1c4bcbea2e78d45aa2d3fd12f4ab4858a > Reviewed-on: https://chromium-review.googlesource.com/561029 > Commit-Queue: Matt Giuca <mgiuca@chromium.org> > Reviewed-by: Peter Kasting <pkasting@chromium.org> > Cr-Commit-Position: refs/heads/master@{#494713} TBR=pkasting@chromium.org,mgiuca@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 739636 Change-Id: I1ba9f736a8d570e036538b7aa49d064dfbf29fd9 Reviewed-on: https://chromium-review.googlesource.com/620546 Reviewed-by: Matt Giuca <mgiuca@chromium.org> Commit-Queue: Matt Giuca <mgiuca@chromium.org> Cr-Commit-Position: refs/heads/master@{#495514} [modify] https://crrev.com/3532a7b85cdd1b90274cb2170c654e943f32f569/components/url_formatter/elide_url.cc [modify] https://crrev.com/3532a7b85cdd1b90274cb2170c654e943f32f569/components/url_formatter/elide_url_unittest.cc
,
Aug 18 2017
,
Aug 18 2017
,
Aug 19 2017
ClusterFuzz testcase 5474577575837696 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/49fcda1747f6236cc9410cc19dc139a679167969 commit 49fcda1747f6236cc9410cc19dc139a679167969 Author: Matt Giuca <mgiuca@chromium.org> Date: Tue Aug 29 07:16:12 2017 Reland "ElideUrl: Fixed inconsistent eliding of domains (depending on path)." This is a reland of fae10d6348ac31702986c53e138a08a3c4c71b26 The reland addresses https://crbug.com/756717 (which was introduced by the original CL) and adds a DCHECK and regression test for that issue. Original change's description: > ElideUrl: Fixed inconsistent eliding of domains (depending on path). > > Previously chopped off the *end* of the domain if there was no path, but > the *start* if there was a path. Now always chops off the start of the > domain (i.e., the least significant part). > > Bug: 739636 > Change-Id: Iea94c5b1c4bcbea2e78d45aa2d3fd12f4ab4858a > Reviewed-on: https://chromium-review.googlesource.com/561029 > Commit-Queue: Matt Giuca <mgiuca@chromium.org> > Reviewed-by: Peter Kasting <pkasting@chromium.org> > Cr-Commit-Position: refs/heads/master@{#494713} Bug: 739636 , 756717 Change-Id: I17484bbcf6a58df947f5660b0ee47e795ae5c0e6 Reviewed-on: https://chromium-review.googlesource.com/622290 Commit-Queue: Matt Giuca <mgiuca@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/master@{#498036} [modify] https://crrev.com/49fcda1747f6236cc9410cc19dc139a679167969/components/url_formatter/elide_url.cc [modify] https://crrev.com/49fcda1747f6236cc9410cc19dc139a679167969/components/url_formatter/elide_url_unittest.cc
,
Nov 25 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by jmukthavaram@chromium.org
, Aug 18 2017Labels: -Type-Bug -Pri-2 ReleaseBlock-Stable TE-Reported M-62 OS-Mac Pri-1 Type-Bug-Regression
Owner: mgiuca@chromium.org
Status: Assigned (was: Untriaged)