Crash in content::OffscreenCanvasSurfaceImpl::~OffscreenCanvasSurfaceImpl |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6553782473457664 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: content::OffscreenCanvasSurfaceImpl::~OffscreenCanvasSurfaceImpl mojo::StrongBinding<content::mojom::FrameFactory>::OnConnectionError mojo::internal::BindingState<content::mojom::LevelDBObserver,0>::RunConnectionEr Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97ZqD8kwZOHkkiVZu9IHkPY8ceJZPhK944ygRloizUfa5GGZ6HEG2nXj-VF5r6OERxsU98JJNecbeGWn4kVZbwIQiHLDPN4fyuH5OYq3XVaGbFEeqzbOJpboFFD7W-vNGiXJ8OWss6I4iHVR0HzTLUd6sPIbQ?testcase_id=6553782473457664 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 29 2016
mojo::StrongBinding is doing exactly what it's supposed to do. I suspect this might be related to https://codereview.chromium.org/2087383002.
,
Jun 29 2016
Looks like the class doesn't handle the case when connection has error. Fixing it now.
,
Jun 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cc6d8be3a8408f452c52d7a8d0ac9529fc8c0cf1 commit cc6d8be3a8408f452c52d7a8d0ac9529fc8c0cf1 Author: xlai <xlai@chromium.org> Date: Wed Jun 29 23:35:21 2016 Fix Crash on destructor of OffscreenCanvasSurfaceImpl during ConnectionError TBR=junov@chromium.org BUG= 624206 Review-Url: https://codereview.chromium.org/2102973005 Cr-Commit-Position: refs/heads/master@{#402991} [modify] https://crrev.com/cc6d8be3a8408f452c52d7a8d0ac9529fc8c0cf1/content/browser/renderer_host/offscreen_canvas_surface_impl.cc
,
Jun 30 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6553782473457664 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000007 Crash State: content::OffscreenCanvasSurfaceImpl::~OffscreenCanvasSurfaceImpl mojo::StrongBinding<content::mojom::FrameFactory>::OnConnectionError mojo::internal::BindingState<content::mojom::LevelDBObserver,0>::RunConnectionEr Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97ZqD8kwZOHkkiVZu9IHkPY8ceJZPhK944ygRloizUfa5GGZ6HEG2nXj-VF5r6OERxsU98JJNecbeGWn4kVZbwIQiHLDPN4fyuH5OYq3XVaGbFEeqzbOJpboFFD7W-vNGiXJ8OWss6I4iHVR0HzTLUd6sPIbQ?testcase_id=6553782473457664 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 30 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmohammad@chromium.org
, Jun 29 2016Status: Assigned (was: Available)