New issue
Advanced search Search tips

Issue 637177 link

Starred by 1 user
Status: WontFix
Owner:
wjmaclean@chromium.org
Closed: Dec 2016
Cc:
ajha@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in content::BrowserPluginEmbedder::OnAttach

Project Member Reported by ClusterFuzz, Aug 12 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5218130865684480

Fuzzer: ipc_fuzzer_gen
Job Type: windows_asan_chrome_ipc
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  content::BrowserPluginEmbedder::OnAttach
  IPC::MessageT<struct BrowserPluginHostMsg_Attach_Meta,class std::tuple<int,struc
  content::BrowserPluginEmbedder::OnMessageReceived
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=411233:411257

Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Pm50QWeK0tsrNFrGGiOFPugpPtWtMzJ77ZmbphCzVLpdvuuThpA0rPJjO78gyRtWHkNCO7HrZxlNZgEHrJfwb1xv371m5xGk2E9A_WNWfnyK-6hRmKzYOZH5Rfm6gljGmoOXhJP10PoiHEejP4VKnMcspXw?testcase_id=5218130865684480

Issue manually filed by: ajha

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ajha@chromium.org, Aug 12 2016

Cc: ajha@chromium.org
Components: Internals>Core
Labels: M-54 Te-Logged
Owner: wjmaclean@chromium.org
Status: Assigned (was: Untriaged)
Find it result:
================
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: fsamuel
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/986f59179731e7970d99d9e8d1a7de43719c73bc
Time: Wed Aug 27 01:11:30 2014
The CL last changed line 168 of file browser_plugin_embedder.cc, which is stack frame 0.

Author: mdempsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/8a5190449d48e06efa581390426dfa3bb6750f4c
Time: Tue Feb 09 05:41:47 2016
The CL last changed line 120 of file ipc_message_templates.h, which is stack frame 1.

Author: fsamuel@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c453807747fc1dfb6d6829fa431fbf7a913ad5bd
Time: Mon Mar 18 02:17:55 2013
The CL last changed line 129 of file browser_plugin_embedder.cc, which is stack frame 2.

Author: fsamuel
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/833ee7ced817effed9202b9cfddf85b067cf0edf
Time: Fri Feb 13 23:40:40 2015
The CL last changed line 3797 of file web_contents_impl.cc, which is stack frame 3.

Author: fsamuel@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c453807747fc1dfb6d6829fa431fbf7a913ad5bd
Time: Mon Mar 18 02:17:55 2013
The CL last changed line 735 of file web_contents_impl.cc, which is stack frame 4.

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f114fa461f5dbdf55ae5805983167f90b6cc9166
Time: Fri Dec 06 17:06:44 2013
The CL last changed line 651 of file web_contents_impl.cc, which is stack frame 5.

Author: jochen@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7bb761897cda2caf6d4d8b334709a3761f2a07ab
Time: Fri Jul 20 09:32:47 2012
The CL last changed line 836 of file render_view_host_impl.cc, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Internals>Core
============================================================

None of the CLs from the Findit looks related.

Based on the update on  Issue 628864 , assigning to wjmaclean@ for further investigation.

Thank you!
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5218130865684480 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment