Crash in blink::WebURLResponse::url |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5128312824791040 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLResponse::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=379500:379506 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96y51NiK_UiIrtSKT4RoxLVOKlmSzF9LiVYxDs5XraJbCFCDLtGBuMsPNg8LxdnDRKPewuA-WpR7yBkxoool3yXs-gdMTTHorZsJImgRCo-ZggYxNCEBreiGSvc_g2i1eVxSfSAMqiqsf4WrSDthqUqY2VFijhUwvERv8ub1Qbo6_hEzeo Filer: pucchakayala See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6503648191840256 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLRequest::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=379469:379486 Minimized Testcase (27.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94aiQIDk3uHfr3pEBcW5WzpPrWZmJ_PDv92WWv5DpW68BlMOc6ycfAzKggLOHyYP9dF4oPVuXckJxwWKBGWvk8q5tP9QHT5Iw8Dbj6mZBhtmyNZecsJ8SdVJRJi9LjRD7mhcWAILzZucL5BJJgKT90SjBzRNWbrxb37gaNpnI8K4eQb3_c Filer: pucchakayala See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 8 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6503648191840256 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLRequest::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=379469:379486 Minimized Testcase (27.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94aiQIDk3uHfr3pEBcW5WzpPrWZmJ_PDv92WWv5DpW68BlMOc6ycfAzKggLOHyYP9dF4oPVuXckJxwWKBGWvk8q5tP9QHT5Iw8Dbj6mZBhtmyNZecsJ8SdVJRJi9LjRD7mhcWAILzZucL5BJJgKT90SjBzRNWbrxb37gaNpnI8K4eQb3_c See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2016
sammc: Could you handle this? This seems due to a null |response| at mojo_context_state.cc [1]. Since it can be null on error case, we need an error handling here. [1] https://chromium.googlesource.com/chromium/src/+/c1bb9d9096de137378cb1029021aed40fcbf76e4/content/renderer/mojo_context_state.cc#183
,
Mar 9 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5128312824791040 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLResponse::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=379500:379506 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96y51NiK_UiIrtSKT4RoxLVOKlmSzF9LiVYxDs5XraJbCFCDLtGBuMsPNg8LxdnDRKPewuA-WpR7yBkxoool3yXs-gdMTTHorZsJImgRCo-ZggYxNCEBreiGSvc_g2i1eVxSfSAMqiqsf4WrSDthqUqY2VFijhUwvERv8ub1Qbo6_hEzeo See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 11 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2eb97bdbc5ebc7fec94c53010b064c677e4cab8f commit 2eb97bdbc5ebc7fec94c53010b064c677e4cab8f Author: sammc <sammc@chromium.org> Date: Fri Mar 11 05:24:39 2016 Handle JS mojo module fetch failures gracefully. Currently, if the fetch of the source for a JS mojo module fails, the requesting renderer crashes. With this CL, it logs an error instead. BUG= 592831 Review URL: https://codereview.chromium.org/1776263002 Cr-Commit-Position: refs/heads/master@{#380528} [modify] https://crrev.com/2eb97bdbc5ebc7fec94c53010b064c677e4cab8f/content/renderer/mojo_context_state.cc [modify] https://crrev.com/2eb97bdbc5ebc7fec94c53010b064c677e4cab8f/content/renderer/mojo_context_state.h
,
Mar 11 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4874772107755520 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLResponse::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=380397:380402 Minimized Testcase (24.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96kW2Ndin9Vdmg8LH2SFRsYxvYAGRkMkaTOHVPsyeFpso6npz2IiBx-90lIBWL00Cje3e39LBLIDyEcnJsTKbYy2pb8W6Yb57ZwQWichbgD3YMHg-tvTFA6eHRKyd3ivLUNiUrbuQSggjKrPWSuO7wSlTFB3vc45TAJq2Yn_YEaYRfhbW0 Additional requirements: Requires Gestures Filer: nyerramilli See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 13 2016
,
Mar 13 2016
,
Mar 17 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4874772107755520 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: blink::WebURLResponse::url content::MojoContextState::OnFetchModuleComplete base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base: Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=380397:380402 Minimized Testcase (24.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96kW2Ndin9Vdmg8LH2SFRsYxvYAGRkMkaTOHVPsyeFpso6npz2IiBx-90lIBWL00Cje3e39LBLIDyEcnJsTKbYy2pb8W6Yb57ZwQWichbgD3YMHg-tvTFA6eHRKyd3ivLUNiUrbuQSggjKrPWSuO7wSlTFB3vc45TAJq2Yn_YEaYRfhbW0 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by pucchakayala@chromium.org
, Mar 8 2016Owner: tzik@chromium.org
Status: Assigned (was: Available)