Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brave crashed when adding scriptlet injection filters with too many arguments if VPN is enabled #33049

Closed
MadhaviSeelam opened this issue Sep 15, 2023 · 1 comment
Closed

Brave crashed when adding scriptlet injection filters with too many arguments if VPN is enabled #33049

MadhaviSeelam opened this issue Sep 15, 2023 · 1 comment
Labels
closed/invalid

Comments

@MadhaviSeelam
Copy link

MadhaviSeelam commented Sep 15, 2023
edited
Loading

Description

Found this while testing #32916. Brave didn't crash when scriptlet injection filters are added if VPN is not enabled. However, if VPN is enabled, add scriptlet injection filters, visit https://brave.com causes Brave to crash.

Steps to Reproduce

  1. Install 1.59.86
  2. launch Brave
  3. login to Brave VPN (account brave.com)
  4. enable VPN
  5. open brave://settings/shields/filters in a new tab page
  6. Add brave.com##+js(acs, this, probably, is, going, to, break, brave, and, crash, it, instead, of, ignoring, it) to the custom filters
  7. visit https://brave.com/ in a new tab page

Actual result:

Brave Crashed
Crash ID: d2120400-0209-b80a-0000-000000000000

2023-09-15_12h49_00.mp4 
[ 00 ] next(core::slice::iter::Iter<ref$<u64> > *) ( macros.rs:162 )
[ 01 ] adblock::cosmetic_filter_cache::CosmeticFilterCache::hostname_cosmetic_resources(adblock::resources::resource_storage::ResourceStorage *,ref$<str$>,bool) ( cosmetic_filter_cache.rs:300 )
[ 02 ] adblock::blocker::Blocker::check_generic_hide(adblock::request::Request *) ( blocker.rs:168 )
[ 03 ] adblock::engine::Engine::url_cosmetic_resources(ref$<str$>) ( engine.rs:224 )
[ 04 ] adblock_cxx::engine::Engine::url_cosmetic_resources(cxx::string::CxxString *) ( engine.rs:217 )
[ 05 ] __Engine__url_cosmetic_resources(adblock_cxx::engine::Engine *,cxx::string::CxxString *) ( lib.rs:19 )
[ 06 ] adblock_cxx::ffi::_::__Engine__url_cosmetic_resources::closure$0(adblock_cxx::ffi::_::__Engine__url_cosmetic_resources::closure_env$0) ( lib.rs:16 )
[ 07 ] __Engine__url_cosmetic_resources(adblock_cxx::engine::Engine *,cxx::string::CxxString *,cxx::rust_string::RustString *) ( lib.rs:74 )
[ 08 ] adblock::Engine::url_cosmetic_resources(std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> > const &) ( lib.rs.cc:1241 )
[ 09 ] brave_shields::AdBlockEngine::UrlCosmeticResources(std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> > const &) ( ad_block_engine.cc:209 )
[ 10 ] brave_shields::AdBlockService::UrlCosmeticResources(std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> > const &,bool) ( ad_block_service.cc:232 )
[ 11 ] cosmetic_filters::CosmeticFiltersResources::UrlCosmeticResources(std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> > const &,bool,base::OnceCallback<void (base::Value)>) ( cosmetic_filters_resources.cc:76 )
[ 12 ] cosmetic_filters::mojom::CosmeticFiltersResourcesStubDispatch::AcceptWithResponder(cosmetic_filters::mojom::CosmeticFiltersResources *,mojo::Message *,std::__Cr::unique_ptr<mojo::MessageReceiverWithStatus,std::__Cr::default_delete<mojo::MessageReceiverWithStatus> >) ( cosmetic_filters.mojom.cc:0 )
[ 13 ] cosmetic_filters::mojom::CosmeticFiltersResourcesStub<mojo::RawPtrImplRefTraits<cosmetic_filters::mojom::CosmeticFiltersResources> >::AcceptWithResponder(mojo::Message *,std::__Cr::unique_ptr<mojo::MessageReceiverWithStatus,std::__Cr::default_delete<mojo::MessageReceiverWithStatus> >) ( cosmetic_filters.mojom.h:159 )
[ 14 ] mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message *) ( interface_endpoint_client.cc:969 )
[ 15 ] mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message *) ( interface_endpoint_client.cc:363 )
[ 16 ] mojo::MessageDispatcher::Accept(mojo::Message *) ( message_dispatcher.cc:43 )
[ 17 ] mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message *) ( interface_endpoint_client.cc:701 )
[ 18 ] mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper *,mojo::internal::MultiplexRouter::ClientCallBehavior,base::SequencedTaskRunner *) ( multiplex_router.cc:1095 )
[ 19 ] mojo::internal::MultiplexRouter::Accept(mojo::Message *) ( multiplex_router.cc:708 )
[ 20 ] mojo::MessageDispatcher::Accept(mojo::Message *) ( message_dispatcher.cc:43 )
[ 21 ] mojo::Connector::DispatchMessageW(mojo::ScopedHandleBase<mojo::MessageHandle>) ( connector.cc:560 )
[ 22 ] mojo::Connector::ReadAllAvailableMessages() ( connector.cc:618 )
[ 23 ] mojo::Connector::OnHandleReadyInternal(unsigned int) ( connector.cc:451 )
[ 24 ] base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(const char *, unsigned int),base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>,base::internal::UnretainedWrapper<const char,base::unretained_traits::MayNotDangle,0> >,void (unsigned int)>::Run(base::internal::BindStateBase *,unsigned int) ( bind_internal.h:960 )
[ 25 ] base::RepeatingCallback<void (unsigned int)>::Run(unsigned int) ( callback.h:333 )
[ 26 ] base::internal::FunctorTraits<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),void>::Invoke((base::RepeatingCallback<void (unsigned int)> const &,unsigned int,mojo::HandleSignalsState const &) const &,base::RepeatingCallback<void (unsigned int)> const &,unsigned int &&,mojo::HandleSignalsState const &) ( bind_internal.h:632 )
[ 27 ] base::internal::InvokeHelper<0,void,0>::MakeItSo((base::RepeatingCallback<void (unsigned int)> const &,unsigned int,mojo::HandleSignalsState const &) const &,std::__Cr::tuple<base::RepeatingCallback<void (unsigned int)> > const &,unsigned int &&,mojo::HandleSignalsState const &) ( bind_internal.h:893 )
[ 28 ] base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)> >,void (unsigned int, const mojo::HandleSignalsState &)>::RunImpl((base::RepeatingCallback<void (unsigned int)> const &,unsigned int,mojo::HandleSignalsState const &) const &,std::__Cr::tuple<base::RepeatingCallback<void (unsigned int)> > const &,std::__Cr::integer_sequence<unsigned long long,0>,unsigned int &&,mojo::HandleSignalsState const &) ( bind_internal.h:993 )
[ 29 ] base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)> >,void (unsigned int, const mojo::HandleSignalsState &)>::Run(base::internal::BindStateBase *,unsigned int,mojo::HandleSignalsState const &) ( bind_internal.h:957 )
[ 30 ] base::RepeatingCallback<void (unsigned int, const mojo::HandleSignalsState &)>::Run(unsigned int,mojo::HandleSignalsState const &) ( callback.h:333 )
[ 31 ] mojo::SimpleWatcher::OnHandleReady(int,unsigned int,mojo::HandleSignalsState const &) ( simple_watcher.cc:278 )
[ 32 ] scoped_refptr<base::internal::BindStateBase>::~scoped_refptr() ( scoped_refptr.h:280 )
[ 33 ] base::internal::BindStateHolder::~BindStateHolder() ( callback_internal.cc:55 )
[ 34 ] base::OnceCallback<void ()>::Run() ( callback.h:153 )
[ 35 ] base::TaskAnnotator::RunTask(perfetto::StaticString,base::PendingTask &,base::internal::TaskTracker::RunTaskImpl::<lambda_0> &&) ( task_annotator.h:89 )
[ 36 ] base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task &,base::TaskTraits const &,base::internal::TaskSource *,base::SequenceToken const &) ( task_tracker.cc:629 )
[ 37 ] base::internal::TaskTracker::RunTask(base::internal::Task,base::internal::TaskSource *,base::TaskTraits const &) ( task_tracker.cc:485 )
[ 38 ] base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource) ( task_tracker.cc:400 )
[ 39 ] base::internal::WorkerThread::RunWorker() ( worker_thread.cc:483 )
[ 40 ] base::internal::WorkerThread::RunPooledWorker() ( worker_thread.cc:359 )
[ 41 ] base::`anonymous namespace'::ThreadFunc(void *) ( platform_thread_win.cc:126 )
[ 42 ] 0x7ffa4304257d
[ 43 ] 0x7ffa439eaa68
[ 44 ] 0x7ffa414cbb40

Expected result:

Brave should not be crashed.

Reproduces how often:

Easily

Brave version (brave://version info)

Brave | 1.59.86 Chromium: 117.0.5938.62 (Official Build) beta (64-bit)
-- | --
Revision | 3c4c1c3b2eef0fcbe8485c67e1df504942deadca
OS | Windows 11 Version 22H2 (Build 22621.2283)

Version/Channel Information:

  • Can you reproduce this issue with the current release? N/A
  • Can you reproduce this issue with the beta channel? Yes
  • Can you reproduce this issue with the nightly channel?

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields?
  • Does the issue resolve itself when disabling Brave Rewards?
  • Is the issue reproducible on the latest version of Chrome?

Miscellaneous Information:

@rebron @antonok-edm
@MadhaviSeelam
Copy link
Author

Closing the issue as no crash happened on

Brave | 1.59.87 Chromium: 117.0.5938.62 (Official Build) beta (64-bit)
-- | --
Revision | c26501cb2de033e3e84888e61109f6e90f1f2f75
OS | Windows 11 Version 22H2 (Build 22621.2283)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed/invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjozwiak @MadhaviSeelam