New issue
Advanced search Search tips

Issue 621967 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 621849
Owner: ----
Closed: Jun 2016
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: ----
Type: Bug-Security



Sign in to add a comment

Heap-use-after-free in cc::SurfaceManager::Destroy

Project Member Reported by ClusterFuzz, Jun 21 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5129486882570240

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x00a6c35f
Crash State:
  cc::SurfaceManager::Destroy
  cc::SurfaceFactory::DestroyAll
  content::OffscreenCanvasSurfaceImpl::~OffscreenCanvasSurfaceImpl
  
Recommended Security Severity: High


Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96hyDC5rN0UitVh-T_b9gFETz3s1HUSFtJF3vXx6ttLhvthnPy_OPQXWRqDIR72csZJuAKenKPlvJCgh5q0Eo1TKq19s5ObLkO_0Httmy3e64cPlqS3KCQ8c-m7lpuWttNAFtAkx4oY0LvWYbP9pvMnyJhu8A?testcase_id=5129486882570240


Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 

Comment 1 by ta...@google.com, Jun 21 2016

Mergedinto: 621849
Status: Duplicate (was: Available)
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 2 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment