Issue 621967 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 621849
Owner:	----
Closed:	Jun 2016
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	----
Type:	Bug-Security
Reproducible Hotlist-SyzyASAN Security_Severity-High allpublic Clusterfuzz

Heap-use-after-free in cc::SurfaceManager::Destroy

Project Member Reported by ClusterFuzz, Jun 21 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5129486882570240

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x00a6c35f
Crash State:
  cc::SurfaceManager::Destroy
  cc::SurfaceFactory::DestroyAll
  content::OffscreenCanvasSurfaceImpl::~OffscreenCanvasSurfaceImpl
  
Recommended Security Severity: High


Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96hyDC5rN0UitVh-T_b9gFETz3s1HUSFtJF3vXx6ttLhvthnPy_OPQXWRqDIR72csZJuAKenKPlvJCgh5q0Eo1TKq19s5ObLkO_0Httmy3e64cPlqS3KCQ8c-m7lpuWttNAFtAkx4oY0LvWYbP9pvMnyJhu8A?testcase_id=5129486882570240


Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ta...@google.com, Jun 21 2016

Mergedinto: 621849
Status: Duplicate (was: Available)

Project Member

Comment 2 by sheriffbot@chromium.org, Oct 2 2016

Labels: -Restrict-View-SecurityTeam

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

►

Issue 621967 link

Issue metadata

Heap-use-after-free in cc::SurfaceManager::Destroy

Issue description

Comment 1 by ta...@google.com, Jun 21 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Oct 2 2016

Comment 2 Deleted

Comment 3 by mbarbe...@chromium.org, Oct 2 2016

Comment 3 Deleted

Sign in to add a comment