New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 612395 link

Starred by 0 users
Status: Fixed
Owner:
paulmeyer@chromium.org
Closed: Jun 2016
Cc:
ranjitkan@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Crash in content::RenderFrameImpl::OnFind

Project Member Reported by ClusterFuzz, May 17 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4860688022896640

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  content::RenderFrameImpl::OnFind
  bool IPC::MessageT<FrameMsg_Find_Meta, std::__1::tuple<int, std::__1::basic_stri
  content::RenderFrameImpl::OnMessageReceived
  

Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94UTx9kjseXwEFuEvuvLUfJp6sOqT3NxX2T5HLyK8I_3r7UMa8HTtamsDseJ7mX3VISWAUQmwo8lCpCOOiK3gzIIKCnRRyGzajd0WXwmrJ9n8qC5mwoZbvJZdV8Gt2glhN1kBOzPBX42V2gzBVKlyGExxKdDg

Additional requirements: Requires Gestures

Filer: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, May 17 2016

Cc: ranjitkan@chromium.org
Components: Tools>Test>FindIt>CorrectResult
Labels: -Pri-1 findit-for-crash Te-Logged M-52 Pri-2
Owner: paulmeyer@chromium.org
Status: Assigned (was: Available)
Author: paulmeyer
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/8a2dc803cd6c71f8a5c8e48236335e39ecb5bbf0
Time: Tue Feb 02 13:39:18 2016
The CL last changed line 5030 of file render_frame_impl.cc, which is stack frame 0.

@paulmeyer: Assigning to you, request you to please take a look into it. Please help us to reassign if not with respect to your change.
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 1 2016

Labels: -M-52 M-53 MovedFrom-52
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by paulmeyer@chromium.org, Jun 8 2016

Status: Fixed (was: Assigned)
This was fixed by https://codereview.chromium.org/1959183002/.
Project Member

Comment 4 by ClusterFuzz, Jul 1 2016 

ClusterFuzz has detected this issue as fixed in range 398017:398351.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4860688022896640

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  content::RenderFrameImpl::OnFind
  bool IPC::MessageT<FrameMsg_Find_Meta, std::__1::tuple<int, std::__1::basic_stri
  content::RenderFrameImpl::OnMessageReceived
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=398017:398351

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95n9a0UYhF-EvskCZRB42aW_2-OhGPG3fUJjFFY87knL00n-V0JWC4WxvmhqwgNQwpFQr_5zAdpkCSqvHfpsYVkIdCpkLhzn0dhksyqG0Zd4wpGebuNl0ecAUDBYfcTuxmaK5l-AQOzyeAujlLj-9IdVerR2A?testcase_id=4860688022896640


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment