Issue 636235 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	msw@chromium.org
Closed:	Dec 2016
Cc:	tzik@chromium.org nyerramilli@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Te-Logged Reproducible Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer M-53 findit-wrong Clusterfuzz Test-Predator-Wrong

Direct-leak in ExternalProtocolHandler::RunExternalProtocolDialog

Project Member Reported by ClusterFuzz, Aug 10 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5232351259131904

Fuzzer: attekett_dom_fuzzer
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  ExternalProtocolHandler::RunExternalProtocolDialog
  base::internal::Invoker<base::internal::BindState<void
  shell_integration::DefaultWebClientWorker::OnCheckIsDefaultComplete
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=391535:391649

Minimized Testcase (0.10 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96FwODvGZQYGyGmXUHLyOcGFg4mSGOj1noBl0Rp8XHJOn6TthnVUy43J9I8rBfEpzaPoXUaGxnSYY5AVpmjAJ7QJZCkaT7oDBeU7XF1utONbGyEwB8OX45CGDb8otjVP2tqO_ejbx42umlGJnCK52jRdSvVKA?testcase_id=5232351259131904
<script>
  var w = window.open("ajout:blank", "", "wwidth=200,height=200,dialog");
  w.close();
;
</script>


Issue manually filed by: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@chromium.org, Aug 10 2016

Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>WrongResult
Labels: findit-wrong Te-Logged M-53
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)

providing Findit results for internal purpose:
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: dcheng
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4a9d9829bc889e6a2cc02dbc443d3032e1d2c81f
Time: Sat Dec 26 22:35:30 2015
The CL last changed line 47 of file external_protocol_dialog.cc, which is stack frame 1.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 164 of file bind_internal.h, which is stack frame 2.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 283 of file bind_internal.h, which is stack frame 3.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 346 of file bind_internal.h, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 324 of file bind_internal.h, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/77d41139d261342a429d2775c59d8e8a386d4c81
Time: Wed Mar 09 09:47:03 2016
The CL last changed line 389 of file callback.h, which is stack frame 6.

Author: pmonette
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/b920414395d38375b35ae02d3ccbed7ea1c9c177
Time: Tue Mar 08 20:02:44 2016
The CL last changed line 210 of file shell_integration.cc, which is stack frame 7.

Suspected Project: chromium
Suspected Component: Internals>Views

assigning to tzik@, made few changes to 'bind_internal.h'
tzik@, Could you please check the above issue & help us in finding an owner it its not yours.

Comment 2 by tzik@chromium.org, Aug 10 2016

Cc: tzik@chromium.org
Owner: msw@chromium.org

msw: Could you handle this as an OWNER of //chrome/browser/ui/views?
ExternalProtocolDialog seems to leak if |web_contents| at external_protocol_dialog.cc:142 is null.

Comment 3 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong

Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 5 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)

ClusterFuzz testcase 5232351259131904 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 636235 link

Issue metadata

Direct-leak in ExternalProtocolHandler::RunExternalProtocolDialog

Issue description

Comment 1 by nyerramilli@chromium.org, Aug 10 2016

Comment 1 Deleted

Comment 2 by tzik@chromium.org, Aug 10 2016

Comment 2 Deleted

Comment 3 by kateso...@chromium.org, Oct 18 2016

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Comment 4 Deleted

Comment 5 by ClusterFuzz, Dec 22 2016

Comment 5 Deleted

Sign in to add a comment