New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 910899 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Out until 24 Jan
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: params->origin.IsSameOriginWith(url::Origin::Create(params->url)). url:http://N

Project Member Reported by ClusterFuzz, Dec 2

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5355238698254336

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  params->origin.IsSameOriginWith(url::Origin::Create(params->url)).  url:http://N
  content::RenderFrameImpl::MakeDidCommitProvisionalLoadParams
  content::RenderFrameImpl::DidFinishSameDocumentNavigation
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5355238698254336

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Dec 2

Labels: OS-Linux
Cc: kkaluri@chromium.org
Labels: M-71 Test-Predator-Wrong
Owner: dgozman@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "render_frame_impl.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/730b21cc8c2ff27358e3aa7ae6e50ed21a9acc54

dgozman@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!
Cc: lukasza@chromium.org dgozman@chromium.org
Owner: toyoshim@chromium.org
Over to toyoshim@ who introduced the CHECK. Also adding lukasza@ who was working with origins recently.
Cc: toyoshim@chromium.org
Owner: nasko@chromium.org
My change was a function rename. I checked history, and found many rename changes :O
Then, this nasko's change seems to have introduced this check first.
https://codereview.chromium.org/2151323003
We are also hitting this at the moment on Chromium M66.
Addition: we are hitting it on Android, but we don't have a repro.... (the crashpad reports it).
The fact that clusterfuzz hits this is expected, as it is trying to send various invalid inputs into Chrome. In this case, it did trip this CHECK since it sends URL and origin that don't match. The reason this check exists is to catch issues in real world cases.

If someone can repro this outside of clusterfuzz, I'd be happy to investigate and understand it/fix it. However I haven't seen real repro yet outside of clusterfuzz.

Sign in to add a comment