Chrome Version: 67
OS: OSX
What steps will reproduce the problem?
(1) configure DoH to be enbled
(2) open chrome://net-internals
(3) navigate to another site in another tab
What is the expected result? no crash
What happens instead? Crash
Please use labels and text to provide additional information.
some lldb output:
(lldb) f 0
frame #0: 0x000000011cb6a104 libnet.dylib`net::NetLogSource::AddToEventParameters(this=0x0000000000000080, event_params=0x000000015f6a2cf0) const at net_log_source.cc:48
45 void NetLogSource::AddToEventParameters(
46 base::DictionaryValue* event_params) const {
47 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-> 48 dict->SetInteger("type", static_cast<int>(type));
49 dict->SetInteger("id", static_cast<int>(id));
50 event_params->Set("source_dependency", std::move(dict));
51 }
(lldb) p this
(net::NetLogSource *) $3 = 0x0000000000000080
(lldb) bt 5
* thread #8, name = 'Chrome_IOThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x80)
* frame #0: 0x000000011cb6a104 libnet.dylib`net::NetLogSource::AddToEventParameters(this=0x0000000000000080, event_params=0x000000015f6a2cf0) const at net_log_source.cc:48
frame #1: 0x000000011cef7368 libnet.dylib`net::(anonymous namespace)::DnsAttempt::NetLogResponseCallback(this=0x000000015cfd1690, capture_mode=(value_ = 1)) const at dns_transaction.cc:172
frame #2: 0x000000011cef7a22 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::FunctorTraits<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (method=50 70 ef 1c 01 00 00 00 00 00 00 00 00 00 00 00, receiver_ptr=0x000070000fc309b0, args=0x000070000fc30a60)::DnsAttempt::*)(net::NetLogCaptureMode) const, void>::Invoke<net::(anonymous namespace)::DnsAttempt const*, net::NetLogCaptureMode>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::*)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*&&, net::NetLogCaptureMode&&) at bind_internal.h:462
frame #3: 0x000000011cef7936 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::InvokeHelper<false, std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > >::MakeItSo<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (functor=0x0000000100456230, args=0x000070000fc309b0, args=0x000070000fc30a60)::DnsAttempt::* const&)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*, net::NetLogCaptureMode>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&&&)(net::NetLogCaptureMode) const, net::(anonymous namespace)::DnsAttempt const*&&, net::NetLogCaptureMode&&) at bind_internal.h:530
frame #4: 0x000000011cef78a2 libnet.dylib`std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > base::internal::Invoker<base::internal::BindState<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (functor=0x0000000100456230, bound=0x0000000100456240, (null)=std::__1::index_sequence<0UL> @ 0x000070000fc30980, unbound_args=0x000070000fc30a60)::DnsAttempt::*)(net::NetLogCaptureMode) const, base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> >, std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::NetLogCaptureMode)>::RunImpl<std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&)(net::NetLogCaptureMode) const, std::__1::tuple<base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> > const&, 0ul>(std::__1::unique_ptr<base::Value, std::__1::default_delete<base::Value> > (net::(anonymous namespace)::DnsAttempt::* const&&&)(net::NetLogCaptureMode) const, std::__1::tuple<base::internal::UnretainedWrapper<net::(anonymous namespace)::DnsAttempt const> > const&&&, std::__1::integer_sequence<unsigned long, 0ul>, net::NetLogCaptureMode&&) at bind_internal.h:604
(lldb) f 1
frame #1: 0x000000011cef7368 libnet.dylib`net::(anonymous namespace)::DnsAttempt::NetLogResponseCallback(this=0x000000015cfd1690, capture_mode=(value_ = 1)) const at dns_transaction.cc:172
169 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
170 dict->SetInteger("rcode", GetResponse()->rcode());
171 dict->SetInteger("answer_count", GetResponse()->answer_count());
-> 172 GetSocketNetLog().source().AddToEventParameters(dict.get());
173 return std::move(dict);
174 }
175
(lldb) p ((DnsHTTPAttempt*)this)->request_
(std::__1::unique_ptr<net::URLRequest, std::__1::default_delete<net::URLRequest> >) $6 = {
__ptr_ = {
std::__1::__compressed_pair_elem<net::URLRequest *, 0, false> = {
__value_ = 0x0000000000000000
}
}
}
So, request is null, which presumably means this is running after the request completes and request_ is reset.
Comment 1 by bugdroid1@chromium.org
, Mar 30 2018