Crash on creating a dedicated worker from an iframe sandboxed by CSP header |
|||||||||||
Issue descriptionA test added in crrev.com/c/895165 crashes when creating a dedicated worker inside of an iframe with CSP: sandbox header. Here is the crash trace from the test result: -- crash log for renderer (pid <unknown>): STDOUT: #CRASHED - renderer STDERR: STDERR: DevTools listening on ws://127.0.0.1:46805/devtools/browser/585cabfd-6c64-48f6-8d1a-39f68ee87107 STDERR: CONSOLE ERROR: Failed to load https://web-platform.test:8444/service-workers/service-worker/resources/sandboxed-iframe-fetch-event-iframe.py?script_fetch_cors: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. STDERR: [1:22:0201/105012.587235:FATAL:StdLibExtras.h(128)] Check failed: IsNotRacy(allow_cross_thread_use). STDERR: #0 0x7f95d044063c base::debug::StackTrace::StackTrace() STDERR: #1 0x7f95d046aa3c logging::LogMessage::~LogMessage() STDERR: #2 0x7f95cc8e639d blink::SpaceSplitString::SharedDataMap() STDERR: #3 0x7f95cc8e5c8c blink::SpaceSplitString::Data::Create() STDERR: #4 0x7f95cc8e643d blink::SpaceSplitString::Set() STDERR: #5 0x7f95ccba592f blink::CSPDirectiveList::ApplySandboxPolicy() STDERR: #6 0x7f95ccba4d31 blink::CSPDirectiveList::AddDirective() STDERR: #7 0x7f95ccb9f479 blink::CSPDirectiveList::Parse() STDERR: #8 0x7f95ccb9f1ba blink::CSPDirectiveList::Create() STDERR: #9 0x7f95ccbadac9 blink::ContentSecurityPolicy::AddPolicyFromHeaderValue() STDERR: #10 0x7f95ccbad0ad blink::ContentSecurityPolicy::AddAndReportPolicyFromHeaderValue() STDERR: #11 0x7f95ccbad59e blink::ContentSecurityPolicy::DidReceiveHeader() STDERR: #12 0x7f95cd384510 blink::WorkerOrWorkletGlobalScope::ApplyContentSecurityPolicyFromVector() STDERR: #13 0x7f95cd37e50a blink::WorkerGlobalScope::WorkerGlobalScope() STDERR: #14 0x7f95cd36ae35 blink::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope() STDERR: #15 0x7f95cd36f0b0 blink::DedicatedWorkerThread::CreateWorkerGlobalScope() STDERR: #16 0x7f95cd388357 blink::WorkerThread::InitializeOnWorkerThread() STDERR: #17 0x7f95cd38c5a3 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink12WorkerThreadEFvNSt3__110unique_ptrINS3_25GlobalScopeCreationParamsENS5_14default_deleteIS7_EEEERKNS_8OptionalINS3_30WorkerBackingThreadStartupDataEEENS3_20WorkerInspectorProxy18PauseOnWorkerStartEEJN3WTF28CrossThreadUnretainedWrapperIS4_EENSK_13PassedWrapperISA_EESD_SH_EEEFvvEE3RunEPNS0_13BindStateBaseE STDERR: #18 0x7f95cb2aac11 blink::(anonymous namespace)::RunCrossThreadClosure() STDERR: #19 0x7f95cb2ab745 _ZN4base8internal7InvokerINS0_9BindStateIPFvN3WTF19CrossThreadFunctionIFvvEEEEJS6_EEES5_E7RunOnceEPNS0_13BindStateBaseE STDERR: #20 0x7f95d0440f5a base::debug::TaskAnnotator::RunTask() STDERR: #21 0x7f95cb59a8ec blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue() STDERR: #22 0x7f95cb599e27 blink::scheduler::TaskQueueManager::DoWork() STDERR: #23 0x7f95cb59ebd8 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvNS4_8internal8Sequence8WorkTypeEEJNS_7WeakPtrIS5_EES8_EEEFvvEE3RunEPNS0_13BindStateBaseE STDERR: #24 0x7f95d0440f5a base::debug::TaskAnnotator::RunTask() STDERR: #25 0x7f95cb5a0d78 blink::scheduler::internal::ThreadControllerImpl::DoWork() STDERR: #26 0x7f95cb59ebd8 _ZN4base8internal7InvokerINS0_9BindStateIMN5blink9scheduler16TaskQueueManagerEFvNS4_8internal8Sequence8WorkTypeEEJNS_7WeakPtrIS5_EES8_EEEFvvEE3RunEPNS0_13BindStateBaseE STDERR: #27 0x7f95d0440f5a base::debug::TaskAnnotator::RunTask() STDERR: #28 0x7f95d0475516 base::internal::IncomingTaskQueue::RunTask() STDERR: #29 0x7f95d04797f7 base::MessageLoop::RunTask() STDERR: #30 0x7f95d0479c14 base::MessageLoop::DeferOrRunPendingTask() STDERR: #31 0x7f95d0479ed8 base::MessageLoop::DoWork() STDERR: #32 0x7f95d047b370 base::MessagePumpDefault::Run() STDERR: #33 0x7f95d047904c base::MessageLoop::Run() STDERR: #34 0x7f95d04b0cb6 base::RunLoop::Run() STDERR: #35 0x7f95d04f452a base::Thread::Run() STDERR: #36 0x7f95d04f4b23 base::Thread::ThreadMain() STDERR: #37 0x7f95d04eaf6f base::(anonymous namespace)::ThreadFunc() STDERR: #38 0x7f95d26ca494 start_thread STDERR: #39 0x7f95c9096a8f clone STDERR:
,
Jun 12 2018
,
Jun 12 2018
Let me pass this to nhiroki since you are more familiar with these code. Could you triage this issue?
,
Jun 12 2018
Probably an easy fix is to make SpaceSplitString::DataMap thread-safe (by using DEFINE_THREAD_SAFE_STATIC_LOCAL and a lock?) but I'm not sure performance implications.
,
Jun 22 2018
Updated the owner to inherit it from 855275
,
Jun 22 2018
I guess this can be public since the other bug was.
,
Jun 22 2018
,
Jun 22 2018
Adding WorkerBacklog for more visibility, seems like Worker team could also take this if Andy doesn't mind.
,
Jun 22 2018
Ah, sorry, didn't mean to file a duplicate bug... It does seem like something went pretty wrong here with triaging/fixing though if we have a P1 bug with zero progress after 5 months...
,
Jun 25 2018
mek: No worries, you probably wouldn't have found the bug since it was security restricted. Fair point about triaging/fixing. We should figure out what happened here. Our triage process focuses on particular P1 bugs (security, regression, crash) since we have too many P1s. I suspect this didn't count as security since Type=Security wasn't set.
,
Jun 25 2018
Fadi: Would you be interested in taking this bug as you've looked at Worker + CSP recently? If not, feel free to kick back to me. See also context on issue 855275 , monorail doesn't seem to link to it.
,
Jun 25 2018
,
Jun 25 2018
I will take a look.
,
Jul 13
I did not get a chance to work on this. Marking it available.
,
Today
(7 hours ago)
i'll try to fix this |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by shimazu@chromium.org
, Feb 1 2018