New issue
Advanced search Search tips

Issue 786249 link

Starred by 1 user
Status: Fixed
Owner:
caseq@chromium.org
Closed: Jan 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Task



Sign in to add a comment

Devtools response interception crashes on windows 7 bots

Project Member Reported by allada@chromium.org, Nov 17 2017 
Windows 7 bots crashes consistently without any stderr or stack trace, but cannot get it to reproduce on any other windows machine or local work station.

Since the patch is fixing other crashes and the feature is not used yet I am going to push the patch through with the failing tests flagged in TestExpectations. This should allow me to get a larger set of data from the waterfall to hopefully find a useful reproducible crash.
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/85255417090bbf3b9da6707bc1a5872521bc80d3

commit 85255417090bbf3b9da6707bc1a5872521bc80d3
Author: Nathan Bruer <allada@chromium.org>
Date: Thu Nov 30 04:13:38 2017

[Devtools] Fixed crash when intercepting responses

Fixed crash where if intercepting and a stop command is issued while a
request is still in flight it would crash due to an iterator being
changed while iterating.

R=caseq
BUG= 786249 

Change-Id: I85378a624f53b4cbe275ce924308d38f08bfb5d2
Reviewed-on: https://chromium-review.googlesource.com/786991
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Commit-Queue: Blaise Bruer <allada@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520430}
[modify] https://crrev.com/85255417090bbf3b9da6707bc1a5872521bc80d3/content/browser/devtools/devtools_url_request_interceptor.cc

Comment 2 by allada@chromium.org, Nov 30 2017

Owner: caseq@chromium.org

Comment 3 by caseq@chromium.org, Jan 4 2018

Status: Started (was: Assigned)
Project Member

Comment 4 by bugdroid1@chromium.org, Jan 5 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4c51223f5490c2e07bcda46f184179fde5ddab3e

commit 4c51223f5490c2e07bcda46f184179fde5ddab3e
Author: Andrey Kosyakov <caseq@chromium.org>
Date: Fri Jan 05 06:20:05 2018

DevTools: fix UAF in DevToolsURLInterceptorRequestJob::InterceptedRequest

This makes sure we promptly return from InterceptredRequest methods after
dispatching callbacks to the client, which may result in the instance being
deleted.

Bug:  786249 
Change-Id: Id71c1bd45f484c752a1c273e12929573e3a6825d
Reviewed-on: https://chromium-review.googlesource.com/850638
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/master@{#527230}
[modify] https://crrev.com/4c51223f5490c2e07bcda46f184179fde5ddab3e/content/browser/devtools/devtools_url_interceptor_request_job.cc
[modify] https://crrev.com/4c51223f5490c2e07bcda46f184179fde5ddab3e/third_party/WebKit/LayoutTests/TestExpectations

Comment 5 by caseq@chromium.org, Jan 5 2018

Status: Fixed (was: Started)

Sign in to add a comment