Issue metadata
Sign in to add a comment
|
Use-after-poison in blink::CompositorAnimationPlayer::NotifyAnimationFinished |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4686443959549952 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Use-after-poison READ 8 Crash Address: 0x7efa68f2e2d8 Crash State: blink::CompositorAnimationPlayer::NotifyAnimationFinished cc::ElementAnimations::NotifyAnimationFinished cc::AnimationHost::SetAnimationEvents Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=377255:377290 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97_5T-Y6V3NJ4N_TWBeoGZriUkx-Msn0sPp6MAUeovFosXsSh1uNSpBeSEaEaKN-SCAlz_xgJpB7qJPelNyL-XhORqyaQ1Ys5HF9Ba1lwUK1dyOxDGV8UQm6Tg7yT09G5RbvJboXhL4-Hyk80SQcv1mg9jVu5IK3bD3n-X_6TgkapBlqJ4 Filer: mbarbella See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 28 2016
,
Apr 28 2016
Probably we need to reopen 590803.
,
Apr 29 2016
,
May 8 2016
ClusterFuzz has detected this issue as fixed in range 391820:391873. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4686443959549952 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Use-after-poison READ 8 Crash Address: 0x7efa68f2e2d8 Crash State: blink::CompositorAnimationPlayer::NotifyAnimationFinished cc::ElementAnimations::NotifyAnimationFinished cc::AnimationHost::SetAnimationEvents Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=377255:377290 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=391820:391873 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97_5T-Y6V3NJ4N_TWBeoGZriUkx-Msn0sPp6MAUeovFosXsSh1uNSpBeSEaEaKN-SCAlz_xgJpB7qJPelNyL-XhORqyaQ1Ys5HF9Ba1lwUK1dyOxDGV8UQm6Tg7yT09G5RbvJboXhL4-Hyk80SQcv1mg9jVu5IK3bD3n-X_6TgkapBlqJ4 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 5 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Apr 28 2016