Issue metadata
Sign in to add a comment
|
Bad-cast to const blink::WebPasswordCredential from blink::WebCredential;credential_manager_content_utils.cc:26:9 |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5066892538019840 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7fffa85848c8 Crash State: Bad-cast to const blink::WebPasswordCredential from blink::WebCredential credential_manager_content_utils.cc:26:9 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qpq9vvcxNGGgx3038U9GG9XAgZSn3hnLl1sVG-XHGuN7gcpIAImQv-UqZ_kECus_ShFXSH0uBD3AVXwXUwk7u3dZx5DuBIlI2cBt5QtNi5sbsx1odQW3J9G3tKyIP8EosNIqYfjv80o9Qhhv1Ycsac7XPdg <script> var local = new PasswordCredential({ }); navigator.credentials.store(local); </script> Additional requirements: Requires HTTP Filer: inferno See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 29 2016
https://codereview.chromium.org/1745963002 up for review to tighten up the checks for the constructor.
,
Feb 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/80aa06df6c68611a18eff99fc6a048d6843b9ea6 commit 80aa06df6c68611a18eff99fc6a048d6843b9ea6 Author: mkwst <mkwst@chromium.org> Date: Mon Feb 29 11:24:58 2016 CREDENTIAL: Do type checks for credential constructors. BUG= 590610 R=jochen@chromium.org Review URL: https://codereview.chromium.org/1745963002 Cr-Commit-Position: refs/heads/master@{#378194} [modify] https://crrev.com/80aa06df6c68611a18eff99fc6a048d6843b9ea6/third_party/WebKit/LayoutTests/http/tests/credentialmanager/federatedcredential-basics.html [modify] https://crrev.com/80aa06df6c68611a18eff99fc6a048d6843b9ea6/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-basics.html [modify] https://crrev.com/80aa06df6c68611a18eff99fc6a048d6843b9ea6/third_party/WebKit/Source/modules/credentialmanager/FederatedCredential.cpp [modify] https://crrev.com/80aa06df6c68611a18eff99fc6a048d6843b9ea6/third_party/WebKit/Source/modules/credentialmanager/PasswordCredential.cpp
,
Feb 29 2016
Marking as fixed based on #3. mkwst, mind updating the impact (stable/beta/head) on this bug? The crash was marked as Unreproducible on CF, so the "Head" impact may not be entirely accurate.
,
Mar 1 2016
I think this was just barely in the beta we just cut. Requesting merge.
,
Mar 1 2016
Your change meets the bar and is auto-approved for M50 (branch: 2661)
,
Mar 1 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ea796daa7f532ada0d514de9652bf78fccef99f2 commit ea796daa7f532ada0d514de9652bf78fccef99f2 Author: Mike West <mkwst@google.com> Date: Tue Mar 01 12:56:04 2016 CREDENTIAL: Do type checks for credential constructors. BUG= 590610 R=jochen@chromium.org Review URL: https://codereview.chromium.org/1745963002 Cr-Commit-Position: refs/heads/master@{#378194} (cherry picked from commit 80aa06df6c68611a18eff99fc6a048d6843b9ea6) Review URL: https://codereview.chromium.org/1755603002 . Cr-Commit-Position: refs/branch-heads/2661@{#22} Cr-Branched-From: ef6f6ae5e4c96622286b563658d5cd62a6cf1197-refs/heads/master@{#378081} [modify] https://crrev.com/ea796daa7f532ada0d514de9652bf78fccef99f2/third_party/WebKit/LayoutTests/http/tests/credentialmanager/federatedcredential-basics.html [modify] https://crrev.com/ea796daa7f532ada0d514de9652bf78fccef99f2/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-basics.html [modify] https://crrev.com/ea796daa7f532ada0d514de9652bf78fccef99f2/third_party/WebKit/Source/modules/credentialmanager/FederatedCredential.cpp [modify] https://crrev.com/ea796daa7f532ada0d514de9652bf78fccef99f2/third_party/WebKit/Source/modules/credentialmanager/PasswordCredential.cpp
,
Mar 10 2016
,
Jun 7 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
,
Jul 28
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Feb 29 2016Status: Assigned (was: Available)