New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 837478 link

Starred by 4 users
Status: WontFix
Owner: ----
Closed: Jul 19
Cc:
pnangunoori@chromium.org
roc...@chromium.org
kkaluri@chromium.org
mek@chromium.org
dcheng@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Mac
Pri: 3
Type: Bug-Regression



Sign in to add a comment

CHECK failure: message->data_num_bytes() < GetConfiguration().max_message_num_bytes in node_cha

Project Member Reported by ClusterFuzz, Apr 27 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6202385048010752

Fuzzer: inferno_twister
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  message->data_num_bytes() < GetConfiguration().max_message_num_bytes in node_cha
  mojo::edk::NodeChannel::WriteChannelMessage
  mojo::edk::NodeChannel::SendChannelMessage
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6202385048010752

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Apr 27 2018

Labels: OS-Android

Comment 2 by pnangunoori@chromium.org, Apr 27 2018

Cc: pnangunoori@chromium.org
Components: Internals>Mojo
Labels: -Type-Bug M-66 Test-Predator-Wrong Type-Bug-Regression
Owner: roc...@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using the code search for the file, “node_channel.cc” assigning to concern owner from GIT blame.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/0d4eb8a5f8d99d365459af21442cbc7b8648cf66

@rockot -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thank You.

Comment 3 by roc...@chromium.org, Apr 27 2018

Cc: roc...@chromium.org mek@chromium.org dcheng@chromium.org
Labels: -Pri-1 Pri-3
Owner: ----
Add another large message to the pile. This is just a free-form string I guess. May the JS API should impose a limitation on length?

Comment 4 by mek@chromium.org, Apr 27 2018

Components: Blink>Storage>CacheStorage
Status: Available (was: Assigned)
This one is in cache storage I think? But yeah, just a "harmless" free form string passed to some API that is then passed over mojo.

At least for this case I agree that the spec probably should specify some sensible limit on cache name sizes that browser should support, as it doesn't really make sense to support multi MB (or even KB) cache names.
Project Member

Comment 6 by ClusterFuzz, Apr 28 2018

Labels: OS-Windows
Project Member

Comment 7 by ClusterFuzz, Apr 29 2018

Labels: OS-Mac
Project Member

Comment 8 by ClusterFuzz, Jul 13

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6202385048010752 appears to be flaky, updating reproducibility label.
Project Member

Comment 9 by ClusterFuzz, Jul 19

Status: WontFix (was: Available)
ClusterFuzz testcase 6202385048010752 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 10 by kkaluri@chromium.org, Jul 27

Cc: kkaluri@chromium.org
 Issue 865922  has been merged into this issue.
Project Member

Comment 11 by ClusterFuzz, Jul 27

Labels: Needs-Feedback
ClusterFuzz testcase 4550381766705152 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 12 by roc...@chromium.org, Jul 30

Labels: ClusterFuzz-Ignore

Sign in to add a comment