Brotli-encoded JSON response from HTTP endpoint causes crash
Reported by
patr...@figel.email,
Oct 29 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3251.0 Safari/537.36 Steps to reproduce the problem: 1. Open a HTTP endpoint that serves brotli-encoded JSON, such as http://misbehaving.site/brotli What is the expected behavior? The browser should show an appropriate error message (ERR_CONTENT_DECODING_FAILED) since brotli is not supported via HTTP What went wrong? The browser crashes. Crashed report ID: 90bf9b59-8773-4dff-a64d-6f083a456be7 How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 64.0.3251.0 Channel: dev OS Version: OS X 10.13.0 Flash Version: Incognito mode is not affected and correctly displays a ERR_CONTENT_DECODING_FAILED error. I initially thought this might mean the crash is related to an extension, but it can be reproduced on a clean Chrome profile with no extensions.
,
Oct 30 2017
According to the bug, a fix has landed for this in M64. Thread 13 (id: 1668921) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000008 ] 0x000000010fe09826 (Google Chrome Framework -vector:633 ) net::HttpResponseHeaders::EnumerateHeader(unsigned long*, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) const 0x0000000111e488d8 (Google Chrome Framework -data_reduction_proxy_headers.cc:274 ) data_reduction_proxy::GetDataReductionProxyActionValue(net::HttpResponseHeaders const*, base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) 0x0000000111e490ac (Google Chrome Framework -data_reduction_proxy_headers.cc:526 ) data_reduction_proxy::GetDataReductionProxyOFCL(net::HttpResponseHeaders const*) 0x0000000111e4baef (Google Chrome Framework -data_reduction_proxy_util.cc:186 ) data_reduction_proxy::util::CalculateOCLFromOFCL(net::URLRequest const&) 0x0000000111e3ab48 (Google Chrome Framework -data_reduction_proxy_network_delegate.cc:541 ) data_reduction_proxy::DataReductionProxyNetworkDelegate::OnCompletedInternal(net::URLRequest*, bool) 0x000000010fe359ff (Google Chrome Framework -layered_network_delegate.cc:138 ) net::LayeredNetworkDelegate::OnCompleted(net::URLRequest*, bool, int) 0x000000010fe44629 (Google Chrome Framework -network_delegate.cc:118 ) net::NetworkDelegate::NotifyCompleted(net::URLRequest*, bool, int) 0x000000011000388f (Google Chrome Framework -url_request.cc:1142 ) net::URLRequest::NotifyResponseStarted(net::URLRequestStatus const&) 0x000000011000a901 (Google Chrome Framework -url_request_http_job.cc:872 ) net::URLRequestHttpJob::OnStartCompleted(int) 0x000000010fed6810 (Google Chrome Framework -callback.h:103 ) net::HttpCache::Transaction::DoLoop(int) 0x000000010fee89e7 (Google Chrome Framework -callback.h:92 ) <name omitted> 0x000000010ff0a121 (Google Chrome Framework -callback.h:92 ) net::HttpStreamParser::OnIOComplete(int) 0x000000010ffbb233 (Google Chrome Framework -callback.h:92 ) net::TCPClientSocket::DidCompleteRead(base::RepeatingCallback<void (int)> const&, int) 0x000000010ffbcf7f (Google Chrome Framework -callback.h:92 ) net::TCPSocketPosix::ReadCompleted(scoped_refptr<net::IOBuffer> const&, base::RepeatingCallback<void (int)> const&, int) 0x000000010ffb4920 (Google Chrome Framework -callback.h:103 ) net::SocketPosix::RetryRead(int) 0x000000010ffb4caf (Google Chrome Framework -callback.h:103 ) net::SocketPosix::OnFileCanReadWithoutBlocking(int) 0x000000010fa879f6 (Google Chrome Framework -message_pump_libevent.cc:97 ) base::MessagePumpLibevent::OnLibeventNotification(int, short, void*) 0x000000010fb1074b (Google Chrome Framework -event.c:381 ) event_base_loop 0x000000010fa87d33 (Google Chrome Framework -message_pump_libevent.cc:257 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x000000010faaaae3 (Google Chrome Framework -run_loop.cc:114 ) <name omitted> 0x000000010e52dfa3 (Google Chrome Framework -browser_thread_impl.cc:248 ) content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) 0x000000010e52e063 (Google Chrome Framework -browser_thread_impl.cc:283 ) content::BrowserThreadImpl::Run(base::RunLoop*) 0x000000010fadbfda (Google Chrome Framework -thread.cc:338 ) base::Thread::ThreadMain() 0x000000010fad6936 (Google Chrome Framework -platform_thread_posix.cc:75 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007fff72ee86c0 (libsystem_pthread.dylib + 0x000036c0 ) _pthread_body 0x00007fff72ee856c (libsystem_pthread.dylib + 0x0000356c ) _pthread_start 0x00007fff72ee7c5c (libsystem_pthread.dylib + 0x00002c5c ) thread_start 0x000000010fad68df (Google Chrome Framework + 0x01ce08df ) |
||
►
Sign in to add a comment |
||
Comment 1 by patr...@figel.email
, Oct 29 2017