Issue 827180 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 827176
Owner:	jdoerrie@chromium.org
Closed:	Mar 2018
Cc:	kenrb@chromium.org martinkr@google.com engedy@chromium.org ssoneff@google.com kpaulhamus@chromium.org jdoerrie@chromium.org mknowles@chromium.org
Components:	Blink>WebAuthentication
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	0
Type:	Bug
M-67

Removing security key while winking results in crash

Project Member Reported by engedy@chromium.org, Mar 29 2018

Issue description

Received signal 11 SEGV_MAPERR ffffffffffffffff
base::debug::StackTrace::StackTrace()
base::debug::(anonymous namespace)::StackDumpSignalHandler()
<unknown>
_ZNSt3__16vectorIhNS_9allocatorIhEEE6insertINS_11__wrap_iterIPKhEEEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIhNS_15iterator_traitsISA_E9referenceEEE5valueENS5_IPhEEE4typeES8_SA_SA_
device::U2fRequest::GetU2fSignApduCommand()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
_ZN4base8internal31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS3_9allocatorIhEEEEEEEE3RunES8_
_ZN4base8internal7InvokerINS0_9BindStateIMNS0_31AdaptCallbackForRepeatingHelperIJNS_8OptionalINSt3__16vectorIhNS5_9allocatorIhEEEEEEEEEFvSA_EJNS5_10unique_ptrISB_NS5_14default_deleteISB_EEEEEEEFvSA_EE3RunEPNS0_13BindStateBaseEOSA_
device::FidoHidDevice::Transition()
device::FidoHidDevice::DeviceTransact()
device::U2fRequest::InitiateDeviceTransaction()
device::U2fSign::OnTryDevice()
_ZN4base8internal13FunctorTraitsIMN6device7U2fSignEFvNSt3__111__wrap_iterIPKNS4_6vectorIhNS4_9allocatorIhEEEEEENS3_24ApplicationParameterTypeENS_8OptionalIS9_EEEvE6InvokeINS_7WeakPtrIS3_EEJSC_SD_SF_EEEvSH_OT_DpOT0_
  r8: 00001ccbd1b8f0c1  r9: ffffffffffffffff r10: 0000000000000020 r11: 00001ccbd1b73c00
 r12: 0000000000000000 r13: 0000000000000001 r14: ffffffffffffffff r15: 00007ffdca9b77f0
  di: 00001ccbd1b8f0c1  si: 00001ccbd1b8f0c1  bp: 00007ffdca9b7760  bx: 0000000000000000
  dx: ffffffffffffffff  ax: 0000000000001fb9  cx: 000000000000003f  sp: 00007ffdca9b7710
  ip: 00007fbc4dc078b0 efl: 0000000000010286 cgf: 002b000000000033 erf: 0000000000000005
 trp: 000000000000000e msk: 0000000000000000 cr2: ffffffffffffffff
[end of stack trace]
Calling _exit(1). Core file will not be generated.

Comment 1 by engedy@chromium.org, Mar 29 2018

Mergedinto: 827176
Status: Duplicate (was: Assigned)
Summary: Removing security key while winking results in crash (was: Removing security key while winking results in crash (possibly stack exhaustion))

This occurs only for sign operations if the fake registration request errors out. Same root cause as the other bug.

►

Issue 827180 link

Issue metadata

Removing security key while winking results in crash

Issue description

Comment 1 by engedy@chromium.org, Mar 29 2018

Comment 1 Deleted

Sign in to add a comment