Commit cec028b4 authored by arthursonzogni's avatar arthursonzogni Committed by Chromium LUCI CQ

[OutOfBlinkSandbox] Reenable the DumpWithoutCrashing.

(Final attempt)

This has been enabled/disabled many times. I recently found the reason
blink was reporting a different sandbox than the one computed by the
browser process. It was caused by the 'reuse' of the LocalDomWindow for
some same-origin navigation from the initial empty document.
Blink was applying sandbox twice by mistake.

Test:
https://chromium-review.googlesource.com/c/chromium/src/+/2578957

Fix:
https://chromium-review.googlesource.com/c/chromium/src/+/2578902

Bug: 1041376
Change-Id: I5ec5339031cf9e744ca1f5bd739783b4cf53bc96
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2584872Reviewed-by: default avatarCamille Lamy <clamy@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#836090}
parent 91dbf31b
......@@ -8828,7 +8828,25 @@ void RenderFrameHostImpl::DidCommitNewDocument(
// renderer one. The browser will just "push" the correct value.
if (navigation_request->state() >=
NavigationRequest::NavigationState::WILL_PROCESS_RESPONSE) {
DCHECK_EQ(params.sandbox_flags, navigation_request->SandboxFlagsToCommit());
if (params.sandbox_flags != navigation_request->SandboxFlagsToCommit()) {
DCHECK(false);
base::debug::ScopedCrashKeyString scoped_url(
base::debug::AllocateCrashKeyString(
"url", base::debug::CrashKeySize::Size256),
params.url.possibly_invalid_spec());
base::debug::ScopedCrashKeyString scoped_sandbox(
base::debug::AllocateCrashKeyString(
"sandbox", base::debug::CrashKeySize::Size256),
base::StringPrintf(
"%u, %u", uint32_t(params.sandbox_flags),
uint32_t(navigation_request->SandboxFlagsToCommit())));
base::debug::SetCrashKeyString(
base::debug::AllocateCrashKeyString(
"is_main_frame", base::debug::CrashKeySize::Size32),
frame_tree_node_->IsMainFrame() ? "true" : "false");
base::debug::DumpWithoutCrashing();
}
}
coep_reporter_ = navigation_request->TakeCoepReporter();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment