New issue
Advanced search Search tips

Issue 636834 link

Starred by 1 user
Status: Duplicate
Merged: issue 637052
Owner:
ccameron@chromium.org
Closed: Aug 2016
Cc:
nyerramilli@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Data race in blink::ImageFrame::setSizeAndColorProfile

Project Member Reported by ClusterFuzz, Aug 11 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4824672334249984

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 1
Crash Address: 0x7f887001fab0
Crash State:
  blink::ImageFrame::setSizeAndColorProfile
  blink::GIFImageDecoder::initFrameBuffer
  blink::GIFImageDecoder::haveDecodedRow
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=411233:411257

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95bd-sRoztjZSPxzcPJTP3aR7YK8xswOZXgcx0cSUU-JA5xTHzpgfWV028mHoguoKSdQtCqJAbAe_0laR2jDAwM93eRnk-PBsH8RrOqAwBFFO4rgUUP4-D2k22YAnD5avInhzKlYH7wXgQQfk6ZlOYVTXQmSQ?testcase_id=4824672334249984
<meta http-equiv="refresh" content="0; url=http://natpa.com/"</html>


Issue manually filed by: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@google.com, Aug 11 2016

Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>CorrectResult
Labels: Findit-for-crash Te-Logged
Owner: ccameron@chromium.org
Status: Assigned (was: Untriaged)
based on Findit results assigning to ccameron@, Could you please check the above issue & help us in finding an owner it its not yours.

Suspected CLs	The result is a list of CLs that change the crashed files.

Author: ccameron
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7c4df6c240fd6bbc5fbf622d503f470cd505c643
Time: Thu Aug 11 03:03:15 2016
Lines 1036-1037 of file render_view_impl.cc which potentially caused crash are changed in this cl (frame #1, "content::RenderView::ApplyWebPreferences").
Minimum distance from crash line to modified line: 0. (file: render_view_impl.cc, crashed on: 1036, modified: 1036).

Suspected Project: chromium
Suspected Component: Internals>Core

Comment 2 by ccameron@chromium.org, Aug 11 2016

Mergedinto: 637052
Status: Duplicate (was: Assigned)
Project Member

Comment 3 by ClusterFuzz, Nov 19 2016 

ClusterFuzz has detected this issue as fixed in range 433191:433320.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4824672334249984

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 1
Crash Address: 0x7f887001fab0
Crash State:
  blink::ImageFrame::setSizeAndColorProfile
  blink::GIFImageDecoder::initFrameBuffer
  blink::GIFImageDecoder::haveDecodedRow
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=411233:411257
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=433191:433320

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95bd-sRoztjZSPxzcPJTP3aR7YK8xswOZXgcx0cSUU-JA5xTHzpgfWV028mHoguoKSdQtCqJAbAe_0laR2jDAwM93eRnk-PBsH8RrOqAwBFFO4rgUUP4-D2k22YAnD5avInhzKlYH7wXgQQfk6ZlOYVTXQmSQ?testcase_id=4824672334249984
<meta http-equiv="refresh" content="0; url=http://natpa.com/"</html>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment