Crash in test_runner::TestPlugin::initialize |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6478446850473984 Fuzzer: mbarbella_js_mutation_layout Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000003 Crash State: test_runner::TestPlugin::initialize blink::FrameLoaderClientImpl::createPlugin blink::HTMLPlugInElement::loadPlugin Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=381525:381877 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96eMIqfcejjm2sP-g0TPIVcm3xbNnPjuP9N1eO1fxoPYTZdVTSRoWU9gwxt_mKf55GrCT0CTQrlH_dcsZcwCdf4ZVAcqkqmuIXdefbWXTh8beS6XXkM3a85v_Si12CLZOlUsDCBrE4B0a4XPQrTQTnfxCMW974tk2cpc_xraI-1xOoCrVo Filer: ligimole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 18 2016
https://code.google.com/p/chromium/codesearch#chromium/src/components/test_runner/test_plugin.cc&l=178 will crash on disable-gpu I think. context_ will be null there. gl_ should be null too.
,
Mar 18 2016
Agreed, context_ can be null, and equivalently, gl_ should be set to null in that case.
,
Mar 18 2016
,
Mar 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7865b1d30daf6e4b75d8fe89768828e09b44caee commit 7865b1d30daf6e4b75d8fe89768828e09b44caee Author: danakj <danakj@chromium.org> Date: Fri Mar 18 22:18:40 2016 Fix crash without GPU in test_plugin.cc When GPU isn't available, context_ will be null. gl_ should be equally null in that case, and we should not deref the context_. R=pfeldman@chromium.org, piman@chromium.org TBR=pfeldman BUG= 596147 Review URL: https://codereview.chromium.org/1817463003 Cr-Commit-Position: refs/heads/master@{#382110} [modify] https://crrev.com/7865b1d30daf6e4b75d8fe89768828e09b44caee/components/test_runner/test_plugin.cc
,
Mar 18 2016
,
Mar 20 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6478446850473984 Fuzzer: mbarbella_js_mutation_layout Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000003 Crash State: test_runner::TestPlugin::initialize blink::FrameLoaderClientImpl::createPlugin blink::HTMLPlugInElement::loadPlugin Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=381525:381877 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96eMIqfcejjm2sP-g0TPIVcm3xbNnPjuP9N1eO1fxoPYTZdVTSRoWU9gwxt_mKf55GrCT0CTQrlH_dcsZcwCdf4ZVAcqkqmuIXdefbWXTh8beS6XXkM3a85v_Si12CLZOlUsDCBrE4B0a4XPQrTQTnfxCMW974tk2cpc_xraI-1xOoCrVo See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 21 2016
Issue 596492 has been merged into this issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ligim...@chromium.org
, Mar 18 2016Owner: danakj@chromium.org
Status: Assigned (was: Available)