This crash occurs very frequently on windows platform and is likely preventing the fuzzer bj_broddelwerk from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/4e19b363a33c5a89a2cf6125b6182a47455b23c9 (Reorganize isolated origins into a map indexed by site URLs.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Argh.  I suspect this is because host() might be empty in the new trailing dot check in ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin(), and that should be checked before looking at host().back().  I'll fix this first thing tomorrow.

Draft CL up at https://chromium-review.googlesource.com/c/chromium/src/+/1218523.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/526ce87bc3877a3398086a3df6d90aceb268743e

commit 526ce87bc3877a3398086a3df6d90aceb268743e
Author: Alex Moshchuk <alexmos@chromium.org>
Date: Tue Sep 11 18:19:36 2018

Check for empty hosts in GetMatchingIsolatedOrigin trailing dot logic.

Bug:  882686 
Change-Id: I2298e9d4a750a50334ae8047bc9f2ee95a750434
Reviewed-on: https://chromium-review.googlesource.com/1218523
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#590407}
[modify] https://crrev.com/526ce87bc3877a3398086a3df6d90aceb268743e/content/browser/child_process_security_policy_impl.cc
[modify] https://crrev.com/526ce87bc3877a3398086a3df6d90aceb268743e/content/browser/child_process_security_policy_unittest.cc

ClusterFuzz has detected this issue as fixed in range 590406:590417.

Detailed report: https://clusterfuzz.com/testcase?key=5633105313136640

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00af8559bb1f
Crash State:
  content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin
  content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin
  content::ChildProcessSecurityPolicyImpl::IsIsolatedOrigin
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=590062:590063
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=590406:590417

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5633105313136640

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5633105313136640 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 590406:590417.

Detailed report: https://clusterfuzz.com/testcase?key=5633105313136640

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x00af8559bb1f
Crash State:
  content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin
  content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin
  content::ChildProcessSecurityPolicyImpl::IsIsolatedOrigin
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=590062:590063
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=590406:590417

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5633105313136640

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot