Issue metadata
Sign in to add a comment
|
Use-after-poison in blink::CompositorAnimationPlayer::NotifyAnimationFinished |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6483595367022592 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Use-after-poison READ 8 Crash Address: 0x7ee43a20a158 Crash State: blink::CompositorAnimationPlayer::NotifyAnimationFinished cc::AnimationPlayer::NotifyAnimationFinished cc::ElementAnimations::NotifyAnimationFinished Recommended Security Severity: High Minimized Testcase (0.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97613a6qJOXYO-YTInOlGoV0HwQvjZZk5VA7LF3dPJdgz56Yyy5e42tDnwCUh4jt6dvAoqX6U9hSIK0tNFkoh1oN6IgsaDel8UNSWnU8o1hgdUsOHQXT1POBKhzV4NrTWTn0ssOuoI8lyiJi1SaYETKMGuUGQ Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 1 2016
,
Apr 2 2016
,
Apr 3 2016
This is a dupe for https://bugs.chromium.org/p/chromium/issues/detail?id=590803 Do we need to merge the fix into M49?
,
Apr 4 2016
Since this is a duplicate, I think would be fine to left M-50 as it is in bug 590803 you referred.
,
Apr 4 2016
,
Apr 5 2016
,
Jul 12 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Apr 1 2016Owner: loyso@chromium.org