Possible dead loop in content::FindRequestManager when GuestViewCrossProcessFrames is off

[Roger Wang]

In FindRequestManager::Traverse() there could be a dead loop:

  while ((node = TraverseNode(node, forward, wrap)) != nullptr) {

    if (!CheckFrame(node->current_frame_host()))

      continue;

TraverseNode() has a chance to return the same node passed to it when 'wrap' and 'forward' is true, and the node's frame doesn't match. Am I understanding it correctly that it's a possible bug in Chromium? 

We found this when 'GuestViewCrossProcessFrames' is turned off in NW.js, a downstream project of Chromium. https://github.com/nwjs/nw.js/issues/6326

Thanks in advance.

Roger

[Daniel Bratell]

Doh!

Are you able to file a bug at https://crbug.com/new and CC/assign it to paulmeyer who seems to have touched the file last. I'm not familiar with the code but I hope he'll be able to figure out what to do with it, or forward it to someone appropriate.

/Daniel

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/b144e7dd-79bb-46b4-91cc-e470bedcc655%40chromium.org.

--

/* Opera Software, Linköping, Sweden: CET (UTC+1) */

[paul...@chromium.org]

Okay, I think it was not supposed to be possible for CheckFrame() to be false on all of the frames in the traversal, which the the only way this would lead to an infinite loop.

[Roger Wang]

Thanks. So I guess there is no need to submit an issue?

Roger