New issue
Advanced search Search tips

Issue 642869 link

Starred by 1 user
Status: Duplicate
Merged: issue 642803
Owner: ----
Closed: Aug 2016
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: ----
Type: Bug-Security



Sign in to add a comment

Heap-use-after-free in std::__1::unordered_map<cc::BeginFrameSource*, unsigned int, std::__1::hash<cc::

Project Member Reported by ClusterFuzz, Aug 31 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6514542781923328

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x6120000746b0
Crash State:
  std::__1::unordered_map<cc::BeginFrameSource*, unsigned int, std::__1::hash<cc::
  cc::SurfaceManager::UnregisterBeginFrameSource
  cc::Display::~Display
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=415049:415582

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97cLp28pQBejLqxwcLZo5IEL2WHeeIBJEDR3Ymz6PFu4hbfjqmCAsF0ky-Lcy3i6QMKOie5BHpIsMVJeXJpI6CzXQPKk5HfuIyP59hP3xONuRN9VcGcUWX72ixdGkmD3w5LM2QrHG4QWkJI8qjohXgfm5hslQ?testcase_id=6514542781923328

Additional requirements: Requires HTTP

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by infe...@chromium.org, Aug 31 2016

Mergedinto: 642803
Status: Duplicate (was: Untriaged)
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 16 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment