22464 2008-11-24 13:06:46 -0800 Add a test for a potential crash in same-origin checks 2008-12-01 15:59:01 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 pam pam zwarich oldest_to_newest 100026 0 pam 2008-11-24 13:06:46 -0800 Test that same-origin checks don't try to initialize the context. Doing so could cause a crash. 100028 1 25442 pam 2008-11-24 13:10:20 -0800 Created attachment 25442 New test + result In the interest of full disclosure, I know very little about the underlying problem here, but the test looks straightforward... and crashing is never success. :) 100033 2 25442 darin 2008-11-24 13:16:53 -0800 Comment on attachment 25442 New test + result The test would be better if it made some visible change to the page inside the check_blank function just before calling notifyDone. We normally write out "PASS" in code like that. That avoids having the test seem to succeed if some bug prevents the code in the test from running at all. I'm going to say review+, but the test would be better with that small refinement. Also, I'm not sure where the 100ms timeout comes from. Would the test not work with a 0 timeout? 100069 3 sam 2008-11-24 14:34:20 -0800 What is the 'context' that the test is referring to? Is there a particular patch that this was associated with? 100080 4 pam 2008-11-24 15:18:03 -0800 (In reply to comment #3) > What is the 'context' that the test is referring to? Is there a particular > patch that this was associated with? This was for a bug in V8, contributed here on the "more tests can't be bad" philosophy. The crash was exposed when trying to upload to orkut.com from a debug build of Chrome. My impression from the bug report and checkin comments is that when performing a same-origin check, they were trying to initialize the JS execution context of the target frame in order to get its security token, but allocation is disallowed in security checks, so the app aborted. To be quite frank, I have only an approximate idea what the previous paragraph means. But if some other text description would be clearer in the test, I'm happy to change it. 100084 5 sam 2008-11-24 15:27:06 -0800 Ok, than the crash seems very v8 specific, we don't even use the Security token concept. Having more tests is good, but I think the test's text should reflect what it is testing. In this case, the text and name should not indicate that it is testing some sort of initialization of contexts, as that is not what is happening. 100101 6 25458 pam 2008-11-24 16:34:51 -0800 Created attachment 25458 Addressing Darin's and Sam's comments Added "PASS" text, cut timeout to 0, reworded description, and renamed test. 100110 7 25458 darin 2008-11-24 17:20:35 -0800 Comment on attachment 25458 Addressing Darin's and Sam's comments This looks great. My only concern is that changing the timers to 0-duration might have made this so it wouldn't crash any more back with the original bug. It might be more reliable to use an onload handler on the iframe instead. r=me as is, but this may need to be tested at some point to see if it still exercises the bug with a 0 timeout. 100905 8 pam 2008-12-01 15:59:01 -0800 I ran the test with 0-duration timeouts on a pre-bugfix build of Chromium and verified that it still crashes. Landed as r38880. 25442 2008-11-24 13:10:20 -0800 2008-11-24 16:34:51 -0800 New test + result 22464a.txt text/plain 1960 pam SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDM4NzE3 KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMDgtMTEt MjQgIFBhbWVsYSBHcmVlbmUgIDxwYW1AY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0yMjQ2NAorICAgICAgICBBZGQgYSB0ZXN0IGZvciBzYW1lLW9yaWdpbiBj aGVja3MgdHJ5aW5nIHRvIGluaXRpYWxpemUgdGhlIGNvbnRleHQuCisKKyAgICAgICAgKiBmYXN0 L2pzL25vLWluaXQtY29udGV4dC1pbi1hY2Nlc3MtY2hlY2stZXhwZWN0ZWQudHh0OiBBZGRlZC4K KyAgICAgICAgKiBmYXN0L2pzL25vLWluaXQtY29udGV4dC1pbi1hY2Nlc3MtY2hlY2suaHRtbDog QWRkZWQuCisKIDIwMDgtMTEtMjQgIEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEB3ZWJraXQub3Jn PgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFkbGVyLgpJbmRleDogZmFzdC9qcy9uby1p bml0LWNvbnRleHQtaW4tYWNjZXNzLWNoZWNrLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBm YXN0L2pzL25vLWluaXQtY29udGV4dC1pbi1hY2Nlc3MtY2hlY2stZXhwZWN0ZWQudHh0CShyZXZp c2lvbiAwKQorKysgZmFzdC9qcy9uby1pbml0LWNvbnRleHQtaW4tYWNjZXNzLWNoZWNrLWV4cGVj dGVkLnR4dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwyIEBACitUaGlzIGNoZWNrcyB0aGF0IHNh bWUtb3JpZ2luIGNoZWNrcyBkb24ndCB0cnkgdG8gaW5pdGlhbGl6ZSB0aGUgY29udGV4dC4gVGhl IHRlc3QgcGFzc2VzIGlmIHRoZSBicm93c2VyIGRvZXMgbm90IGNyYXNoLiAKKwpJbmRleDogZmFz dC9qcy9uby1pbml0LWNvbnRleHQtaW4tYWNjZXNzLWNoZWNrLmh0bWwKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g ZmFzdC9qcy9uby1pbml0LWNvbnRleHQtaW4tYWNjZXNzLWNoZWNrLmh0bWwJKHJldmlzaW9uIDAp CisrKyBmYXN0L2pzL25vLWluaXQtY29udGV4dC1pbi1hY2Nlc3MtY2hlY2suaHRtbAkocmV2aXNp b24gMCkKQEAgLTAsMCArMSwzMCBAQAorPGh0bWw+Cis8c2NyaXB0PgoraWYgKHdpbmRvdy5sYXlv dXRUZXN0Q29udHJvbGxlcikgeworICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7 CisgIGxheW91dFRlc3RDb250cm9sbGVyLndhaXRVbnRpbERvbmUoKTsKK30KKwordmFyIHRhcmdl dDsKK2Z1bmN0aW9uIGNoZWNrX2JsYW5rKCkgeworICB2YXIgeCA9IHRhcmdldC5sb2NhdGlvbi5w cml2YXRlOworICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91dFRl c3RDb250cm9sbGVyLm5vdGlmeURvbmUoKTsKK30KKworZnVuY3Rpb24gcmVsb2FkX2JsYW5rKCkg eworICB0YXJnZXQgPSB3aW5kb3cuZnJhbWVzWzBdOworICB0YXJnZXQubG9jYXRpb24gPSAiYWJv dXQ6YmxhbmsiOworICB3aW5kb3cuc2V0VGltZW91dCgiY2hlY2tfYmxhbmsoKSIsIDEwMCk7Cit9 CisKK3dpbmRvdy5zZXRUaW1lb3V0KCJyZWxvYWRfYmxhbmsoKSIsIDEwMCk7CisKKzwvc2NyaXB0 PgorPGJvZHk+CitUaGlzIGNoZWNrcyB0aGF0IHNhbWUtb3JpZ2luIGNoZWNrcyBkb24ndCB0cnkg dG8gaW5pdGlhbGl6ZSB0aGUgY29udGV4dC4KK1RoZSB0ZXN0IHBhc3NlcyBpZiB0aGUgYnJvd3Nl ciBkb2VzIG5vdCBjcmFzaC4KKzxicj4KKzxpZnJhbWUgc3JjPSJhYm91dDpibGFuayI+PC9pZnJh bWU+Cis8L2JvZHk+Cis8L2h0bWw+Cg== 25458 2008-11-24 16:34:51 -0800 2008-11-24 17:20:35 -0800 Addressing Darin's and Sam's comments 22464b.txt text/plain 2215 pam SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDM4NzM2 KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAKKzIwMDgtMTEt MjQgIFBhbWVsYSBHcmVlbmUgIDxwYW1AY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0yMjQ2NAorICAgICAgICBBZGQgYSB0ZXN0IGZvciBhIHBvdGVudGlhbCBj cmFzaCB3aGVuIHBlcmZvcm1pbmcgYSBzYW1lLW9yaWdpbgorICAgICAgICBjaGVjayBvbiBhIHN1 YmZyYW1lIHJlbG9hZGVkIHdpdGggYWJvdXQ6YmxhbmsuCisKKyAgICAgICAgKiBmYXN0L2pzL3Nh bWUtb3JpZ2luLXN1YmZyYW1lLWFib3V0LWJsYW5rLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAg ICAgICogZmFzdC9qcy9zYW1lLW9yaWdpbi1zdWJmcmFtZS1hYm91dC1ibGFuay5odG1sOiBBZGRl ZC4KKwogMjAwOC0xMS0yNCAgTmlrb2xhcyBaaW1tZXJtYW5uICA8bmlrb2xhcy56aW1tZXJtYW5u QHRvcmNobW9iaWxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBHZW9yZ2UgU3RhaWtvcyAm IEVyaWMgU2VpZGVsLgpJbmRleDogZmFzdC9qcy9zYW1lLW9yaWdpbi1zdWJmcmFtZS1hYm91dC1i bGFuay1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gZmFzdC9qcy9zYW1lLW9yaWdpbi1zdWJm cmFtZS1hYm91dC1ibGFuay1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBmYXN0L2pzL3Nh bWUtb3JpZ2luLXN1YmZyYW1lLWFib3V0LWJsYW5rLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkK QEAgLTAsMCArMSwzIEBACitUaGlzIHRlc3RzIHRoZSBzYW1lLW9yaWdpbiBjaGVjayBvbiBhYm91 dDpibGFuayBsb2FkZWQgaW4gYSBzdWJmcmFtZS4gVGhlIHRlc3QgcGFzc2VzIGlmIHRoZSBicm93 c2VyIGRvZXMgbm90IGNyYXNoLiBZb3Ugc2hvdWxkIGFsc28gc2VlICJUZXN0IFBBU1NFRCIgYmVs b3cuIAorCitUZXN0IFBBU1NFRApJbmRleDogZmFzdC9qcy9zYW1lLW9yaWdpbi1zdWJmcmFtZS1h Ym91dC1ibGFuay5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGZhc3QvanMvc2FtZS1vcmlnaW4tc3ViZnJh bWUtYWJvdXQtYmxhbmsuaHRtbAkocmV2aXNpb24gMCkKKysrIGZhc3QvanMvc2FtZS1vcmlnaW4t c3ViZnJhbWUtYWJvdXQtYmxhbmsuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzMyBAQAor PGh0bWw+Cis8c2NyaXB0PgoraWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgeworICBs YXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CisgIGxheW91dFRlc3RDb250cm9sbGVy LndhaXRVbnRpbERvbmUoKTsKK30KKwordmFyIHRhcmdldDsKK2Z1bmN0aW9uIGNoZWNrX2JsYW5r KCkgeworICB2YXIgeCA9IHRhcmdldC5sb2NhdGlvbi5wcml2YXRlOworICByZXN1bHQuaW5uZXJI VE1MID0gIlRlc3QgUEFTU0VEIjsKKyAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikK KyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5ub3RpZnlEb25lKCk7Cit9CisKK2Z1bmN0aW9uIHJl bG9hZF9ibGFuaygpIHsKKyAgdGFyZ2V0ID0gd2luZG93LmZyYW1lc1swXTsKKyAgdGFyZ2V0Lmxv Y2F0aW9uID0gImFib3V0OmJsYW5rIjsKKyAgd2luZG93LnNldFRpbWVvdXQoImNoZWNrX2JsYW5r KCkiLCAwKTsKK30KKword2luZG93LnNldFRpbWVvdXQoInJlbG9hZF9ibGFuaygpIiwgMCk7CisK Kzwvc2NyaXB0PgorPGJvZHk+CitUaGlzIHRlc3RzIHRoZSBzYW1lLW9yaWdpbiBjaGVjayBvbiBh Ym91dDpibGFuayBsb2FkZWQgaW4gYSBzdWJmcmFtZS4KK1RoZSB0ZXN0IHBhc3NlcyBpZiB0aGUg YnJvd3NlciBkb2VzIG5vdCBjcmFzaC4gWW91IHNob3VsZCBhbHNvIHNlZQorIlRlc3QgUEFTU0VE IiBiZWxvdy4KKzxicj4KKzxpZnJhbWUgc3JjPSJhYm91dDpibGFuayI+PC9pZnJhbWU+Cis8ZGl2 IGlkPSJyZXN1bHQiPlRlc3QgRkFJTEVEPC9kaXY+Cis8L2JvZHk+Cis8L2h0bWw+Cg==