New issue
Advanced search Search tips

Issue 631385 link

Starred by 0 users
Status: Duplicate
Merged: issue 612098
Owner:
lukasza@chromium.org
Closed: Jul 2016
Cc:
thestig@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Crash in content::MHTMLGenerationManager::OnFileClosed

Project Member Reported by ClusterFuzz, Jul 26 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5891764645003264

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000110
Crash State:
  content::MHTMLGenerationManager::OnFileClosed
  void base::internal::ReplyAdapter<long, long>
  base::PostTaskAndReplyRelay::RunReplyAndSelfDestruct
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=386428:386438

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96EsjuTch_zFBipf2EDDclB1hc8idVxK8V2dTxaOWpYNTUHq7jW_p1JdnJ9wwGW_yzvYWKIs5pbMiCidIpm07wNBOqjGxrj-S1GsX4SSrQYk_YDf9qJHFyN8GXJ7V2Yk4tAC0Mg817af4HsH1oSubk68G9wWA?testcase_id=5891764645003264


Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by rnimmagadda@chromium.org, Jul 26 2016

Components: Blink>HTML Tools>Test>FindIt>CorrectResult
Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Suspecting:

Author: thestig
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/233a1a912ef205b176cb170e68f6e03078949ff7
Time: Mon Apr 11 19:22:33 2016
Lines 402 of file mhtml_generation_manager.cc which potentially caused crash are changed in this cl (frame #2, "content::MHTMLGenerationManager::OnFileClosed").
Minimum distance from crash line to modified line: 0. (file: mhtml_generation_manager.cc, crashed on: 402, modified: 402).

@thestig: Could you please look into this issue.

Thank you.

Comment 2 by lukasza@chromium.org, Jul 26 2016

Cc: thestig@chromium.org
Owner: lukasza@chromium.org
This seems to be a dupe of  issue 612098  (but this should have been fixed last week).

Comment 3 by lukasza@chromium.org, Jul 26 2016

Components: -Blink>HTML -Tools>Test>FindIt>CorrectResult Tools>Test>FindIt>WrongResult Blink>SavePage

Comment 4 by thestig@chromium.org, Jul 26 2016 

I should just stop doing cleanup CLs. ;)

Comment 5 by lukasza@chromium.org, Jul 26 2016

Mergedinto: 612098
Status: Duplicate (was: Assigned)
ClusterFuzz report says the crash revision for Chromium is r406944.  This is earlier than the fix from  issue 612098  (r407244).
Project Member

Comment 6 by ClusterFuzz, Jul 27 2016 

ClusterFuzz has detected this issue as fixed in range 407004:407711.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5891764645003264

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000110
Crash State:
  content::MHTMLGenerationManager::OnFileClosed
  void base::internal::ReplyAdapter<long, long>
  base::PostTaskAndReplyRelay::RunReplyAndSelfDestruct
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=386428:386438
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=407004:407711

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96EsjuTch_zFBipf2EDDclB1hc8idVxK8V2dTxaOWpYNTUHq7jW_p1JdnJ9wwGW_yzvYWKIs5pbMiCidIpm07wNBOqjGxrj-S1GsX4SSrQYk_YDf9qJHFyN8GXJ7V2Yk4tAC0Mg817af4HsH1oSubk68G9wWA?testcase_id=5891764645003264


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 7 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment