Issue metadata
Sign in to add a comment
|
Heap-use-after-free in blink::ExtraDataContainer::~ExtraDataContainer |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4625776716808192 Fuzzer: cpaulin_mediarecorder Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x61400004e640 Crash State: blink::ExtraDataContainer::~ExtraDataContainer blink::MediaStreamSource::invokePreFinalizer blink::ThreadState::invokePreFinalizers Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=392988:393062 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97hU1z7yb7AQNk9zfKGgDvFLNvO5XgBcvMzbY0kwoJzx70S9Nv1DpmGtJBMXwNLCVHGs5hlBJilw-icMZM_KzwsNeqz98g6K8zFFBsnc8v6EEkerIfMm40r9m4zKduqz5zXGBzNKI-2Ly7jScgVewB985P0HMvll1LhRqXp3jwQbB3od6E Additional requirements: Requires Gestures Additional requirements: Requires HTTP Filer: inferno See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 23 2016
,
May 23 2016
,
Jun 9 2016
ClusterFuzz has detected this issue as fixed in range 395936:396053. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4625776716808192 Fuzzer: cpaulin_mediarecorder Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x61400004e640 Crash State: blink::ExtraDataContainer::~ExtraDataContainer blink::MediaStreamSource::invokePreFinalizer blink::ThreadState::invokePreFinalizers Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=392988:393062 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395936:396053 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97hU1z7yb7AQNk9zfKGgDvFLNvO5XgBcvMzbY0kwoJzx70S9Nv1DpmGtJBMXwNLCVHGs5hlBJilw-icMZM_KzwsNeqz98g6K8zFFBsnc8v6EEkerIfMm40r9m4zKduqz5zXGBzNKI-2Ly7jScgVewB985P0HMvll1LhRqXp3jwQbB3od6E Additional requirements: Requires Gestures Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, May 23 2016Labels: -Security_Severity-Medium Security_Severity-High
Owner: cpaulin@chromium.org
Status: Assigned (was: Available)