Crash when add iframe element to "chrome://newtab/" page in Incognito Window
Reported by
nearg1e....@gmail.com,
Sep 26 2017
|
|||||||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Steps to reproduce the problem:
1. New Incognito Window.
2. Open the Developer Tools > Console
3. execute `document.writeln("<iframe src=http://google.com>")`
4. All the tab and the Chrome window(even which is not in Incognito mode) will be crash.
PS. Developer Tools > Elements > Edit as HTML, put the `<iframe src=http://google.com>` in, will be reproduce the problem.
What is the expected behavior?
Should not be crash.
What went wrong?
I have not idea. Can not find a crash ID from chrome://crashes.
Did this work before? N/A
Chrome version: 61.0.3163.100 Channel: stable
OS Version: OS X 10.12.6
Flash Version:
,
Sep 26 2017
Crash Report ID 9b476865a11bdd15 Caused by Browser Side Navigation aka PlzNavigate. Disabling chrome://flags/#browser-side-navigation fixes the bug. Call stack from current Canary r503964: > chrome.dll!content::NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL(content::RenderFrameHostImpl * render_frame_host, const GURL & url) Line 154 C++ chrome.dll!content::NavigationRequest::OnRequestFailed(bool has_stale_copy_in_cache, int net_error, const base::Optional<net::SSLInfo> & ssl_info, bool should_ssl_errors_be_fatal) Line 806 C++ chrome.dll!content::NavigationRequest::BeginNavigation() Line 428 C++ chrome.dll!content::NavigatorImpl::OnBeginNavigation(content::FrameTreeNode * frame_tree_node, const content::CommonNavigationParams & common_params, const content::BeginNavigationParams & begin_params) Line 1047 C++ chrome.dll!content::RenderFrameHostImpl::OnBeginNavigation(const content::CommonNavigationParams & common_params, const content::BeginNavigationParams & begin_params) Line 2369 C++ chrome.dll!IPC::MessageT<FrameHostMsg_BeginNavigation_Meta,std::tuple<content::CommonNavigationParams,content::BeginNavigationParams>,void>::Dispatch<content::RenderFrameHostImpl,content::RenderFrameHostImpl,void,void (__cdecl content::RenderFrameHostImpl::*)(content::CommonNavigationParams const & __ptr64,content::BeginNavigationParams const & __ptr64) __ptr64>(const IPC::Message * msg, content::RenderFrameHostImpl * obj, content::RenderFrameHostImpl * func, void *) Line 146 C++ chrome.dll!content::RenderFrameHostImpl::OnMessageReceived(const IPC::Message & msg) Line 943 C++ chrome.dll!content::RenderProcessHostImpl::OnMessageReceived(const IPC::Message & msg) Line 2888 C++ chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const IPC::Message & message) Line 334 C++ chrome.dll!base::debug::TaskAnnotator::RunTask(const char * queue_function, base::PendingTask * pending_task) Line 57 C++ chrome.dll!base::MessageLoop::RunTask(base::PendingTask * pending_task) Line 407 C++ chrome.dll!base::MessageLoop::DeferOrRunPendingTask(base::PendingTask pending_task) Line 420 C++ chrome.dll!base::MessageLoop::DoWork() Line 524 C++ chrome.dll!base::MessagePumpForUI::DoRunLoop() Line 174 C++ chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate) Line 58 C++ chrome.dll!base::RunLoop::Run() Line 124 C++ chrome.dll!ChromeBrowserMainParts::MainMessageLoopRun(int * result_code) Line 1912 C++ chrome.dll!content::BrowserMainRunnerImpl::Run() Line 140 C++ chrome.dll!content::BrowserMain(const content::MainFunctionParams & parameters) Line 46 C++ chrome.dll!content::ContentMainRunnerImpl::Run() Line 703 C++ chrome.dll!service_manager::Main(const service_manager::MainParams & params) Line 469 C++ chrome.dll!content::ContentMain(const content::ContentMainParams & params) Line 19 C++ chrome.dll!ChromeMain(HINSTANCE__ * instance, sandbox::SandboxInterfaceInfo * sandbox_info, __int64 exe_entry_point_ticks) Line 124 C++ chrome.exe!MainDllLoader::Launch(HINSTANCE__ * instance, base::TimeTicks exe_entry_point_ticks) Line 201 C++ chrome.exe!wWinMain(HINSTANCE__ * instance, HINSTANCE__ * prev, wchar_t * __formal, int __formal) Line 276 C++ chrome.exe!__scrt_common_main_seh() Line 283 C++
,
Sep 26 2017
This is a regression which started in Chrome 61, Please find the regression range below : Bisect result : You are probably looking for a change made after 502250 (known good), but no later than 502259 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/282ea833bef8dbf11acfa618d06568a910242c4d..d9e7ed482c91044a6bce591b56fcdf876b590ef5 Suspecting this to be PlZnavigate.
,
Sep 26 2017
,
Sep 26 2017
Nasko: can you triage/reassign please?
,
Sep 26 2017
Since this isn't showing up as a crash from users, this shouldn't block stable.
,
Sep 26 2017
here's the crash > content.dll!content::NavigatorImpl::CheckWebUIRendererDoesNotDisplayNormalURL(content::RenderFrameHostImpl * render_frame_host, const GURL & url) Line 156 C++ Symbols loaded. content.dll!content::NavigationRequest::OnRequestFailed(bool has_stale_copy_in_cache, int net_error, const base::Optional<net::SSLInfo> & ssl_info, bool should_ssl_errors_be_fatal) Line 835 C++ Symbols loaded. content.dll!content::NavigationRequest::BeginNavigation() Line 445 C++ Symbols loaded. content.dll!content::NavigatorImpl::OnBeginNavigation(content::FrameTreeNode * frame_tree_node, const content::CommonNavigationParams & common_params, const content::BeginNavigationParams & begin_params) Line 1047 C++ Symbols loaded. content.dll!content::RenderFrameHostImpl::OnBeginNavigation(const content::CommonNavigationParams & common_params, const content::BeginNavigationParams & begin_params) Line 2369 C++ Symbols loaded. it's the CHECK(0); since it requires user action, I think this isn't reachable by actual users.
,
Sep 26 2017
on further thought, marking as wontfix. clamy/nasko/creis please reopen if you disagree.
,
Sep 26 2017
I don't think WontFix is appropriate for this. We shouldn't let a simple command in DevTools cause the whole browser process to crash. If we're preventing the renderer from loading a web iframe inside WebUI, then we should kill the renderer instead of the browser (and ideally have the renderer recognize this is going to happen and just give an error instead). It may not be an urgent thing to fix, but we should fix it. I'll put it on my list unless someone else wants to grab it first.
,
Sep 26 2017
,
Sep 26 2017
ok, in that case seems like removing the CHECK is the answer
,
Oct 18 2017
Turns out this helps explain the crashes in issue 741651. We'll be fixing it by preventing the content from loading via a NavigationThrottle (see issue 683418 ). |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by nearg1e....@gmail.com
, Sep 26 2017