Issue metadata
Sign in to add a comment
|
Heap-use-after-free in extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4582615507533824 Fuzzer: webDEViL_webgl Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x612000270850 Crash State: extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered extensions::ExtensionCommandsGlobalRegistry::IsRegistered chromeos::IsExtensionCommandRegistered Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=388170:388178 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GQ6mIQV5TQ-i4GiDIpWHoU_trjyzaP7kBommWNnDbJ4tO-A2SRXrDS1qUWVa_bRrdaIkWWyY7qZh1EuEtZSqu-ek6yIrnCr85YOPXjRQ1YnkUHQDr62yVtTMlsfBIoXlBaMpIX7wk3p1WbA7rpiEZrt8uXQ Additional requirements: Requires Gestures Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 21 2016
,
Apr 21 2016
,
Apr 21 2016
,
Apr 21 2016
ClusterFuzz has detected this issue as fixed in range 388743:388749. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4582615507533824 Fuzzer: webDEViL_webgl Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x612000270850 Crash State: extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered extensions::ExtensionCommandsGlobalRegistry::IsRegistered chromeos::IsExtensionCommandRegistered Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=388170:388178 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=388743:388749 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GQ6mIQV5TQ-i4GiDIpWHoU_trjyzaP7kBommWNnDbJ4tO-A2SRXrDS1qUWVa_bRrdaIkWWyY7qZh1EuEtZSqu-ek6yIrnCr85YOPXjRQ1YnkUHQDr62yVtTMlsfBIoXlBaMpIX7wk3p1WbA7rpiEZrt8uXQ Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 21 2016
Clusterfuzz sometimes confuses me. My understanding is that there's nothing to do here now?
,
Apr 22 2016
This medium+ severity security issue is a regression on trunk. Please fix this asap. If you are unable to look into this soon, please revert your change. - Your friendly ClusterFuzz
,
Apr 22 2016
Heya meacer@ - clusterfuzz is confusing me. Is this an issue per #1 that should be fixed asap per #7, or is this fixed per #5?
,
Apr 25 2016
Devlin, yes, since ClusterFuzz marked this issue as fixed (with a known fix range) we have nothing to do here. I assume that some of CLs in given range (388743:388749) affected the issue and fixed that.
,
Apr 26 2016
,
Jun 28 2016
I think this is fixed by https://bugs.chromium.org/p/chromium/issues/detail?id=616970#c6.
,
Jul 6 2016
Sorry to say the panel decided not to reward for this bug, as it was found by clusterfuzz gestures not the fuzzer itself.
,
Aug 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Apr 21 2016Owner: rdevlin....@chromium.org