Author: sigbjornf
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4cae4994fdd7fc1db4e88de568d57d7f1367f962
Time: Mon Feb 29 20:09:57 2016
File mock_web_speech_recognizer.cc is changed in this cl (and is part of stack frame #3, "content_shell!test_runner::`anonymous namespace'::ClientCallTask::run+0x11"; frame #4, "content_shell!test_runner::MockWebSpeechRecognizer::StepTask::RunIfValid+0x53")
Minimum distance from crash line to modified line: 25. (file: mock_web_speech_recognizer.cc, crashed on: 270, modified: 245).

@sigbjornf: Request you to please take a look into it. Please help us to reassign if not with respect to your change.

Thanks.!

Thanks, great report. There's a short window for mischief with this test only object following r378252; will fix.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a4566f392891932b136c79a31b71488d73768298

commit a4566f392891932b136c79a31b71488d73768298
Author: sigbjornf <sigbjornf@opera.com>
Date: Fri Mar 04 16:28:40 2016

Simplify mock web speech recognizer's "onend" handling.

..and fix a bug introduced by r378252 in the process, it assuming
a different interpretation of speech recognizer handle equality than
what's (reasonably) provided.

i.e., handle the completion of a speech recognition via one
task rather than two.

R=tommi,jochen
BUG= 591298 

Review URL: https://codereview.chromium.org/1750213004

Cr-Commit-Position: refs/heads/master@{#379299}

[modify] https://crrev.com/a4566f392891932b136c79a31b71488d73768298/components/test_runner/mock_web_speech_recognizer.cc
[add] https://crrev.com/a4566f392891932b136c79a31b71488d73768298/third_party/WebKit/LayoutTests/fast/speech/scripted/speechrecognition-restart-onend-expected.txt
[add] https://crrev.com/a4566f392891932b136c79a31b71488d73768298/third_party/WebKit/LayoutTests/fast/speech/scripted/speechrecognition-restart-onend.html

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4608609696088064

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::EventTarget::dispatchEvent
  blink::SpeechRecognition::didStart
  blink::SpeechRecognitionClientProxy::didStart
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=378207:378422

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94g1YRnQcOENkmJmUYpjlaW5m0llTBqxi4dMCoIdvGY7sz50rvrCH8ukCB1txgE3kxgcp29V035rKYhDNPkRtMyTIyZorRQK_BDpLYnVCmchQmjC79vLSaD_YdxDkxYWF6Hey1JdbZLzMZuo_lLZJnDVGVzAw
<script>
  var recognition = new webkitSpeechRecognition();
  recognition.onend     = function() {
    recognition.start();
  };
  recognition.start();

  </script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot