New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 652214 link

Starred by 1 user
Status: Fixed
Owner:
guidou@chromium.org
Closed: Oct 2016
Cc:
tzik@chromium.org
ranjitkan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Crash in blink::AudioOutputDeviceClient::from

Project Member Reported by ClusterFuzz, Oct 3 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5162709853405184

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::AudioOutputDeviceClient::from
  blink::SetSinkIdResolver::timerFired
  blink::TaskRunnerTimer<blink::BitmapImage>::fired
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=422169:422171

Minimized Testcase (4.72 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95npJTzebExVzk-ryO0NOHmOMzy4poQX9kwYEm38xxNbdgzuQEfoTTyQCJ8uYXWlRxIm7BxJhvL3dz5YyIw7RzxaThnYf_qSCsC6U1RN5q0LM7ox737qnhGa6MuVNdL21CXcr78_BMZChfwB6LQxLzD3aWfhw?testcase_id=5162709853405184

Issue manually filed by: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, Oct 3 2016

Cc: ranjitkan@chromium.org
Components: Blink>Media>Audio
Labels: -Type-Bug M-55 Te-Logged Type-Bug-Regression
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 214 of file bind_internal.h, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 305 of file bind_internal.h, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/ee2487294417a82adfc854aa680c7765eef7494e
Time: Wed Jun 01 08:22:51 2016
The CL last changed line 361 of file bind_internal.h, which is stack frame 6.

@tzik: Assigning to you, request you to please take a look into it. Please help us to reassign to the right owner, if not with respect to your changes.

Thanks.!

Comment 2 by ranjitkan@chromium.org, Oct 3 2016

Components: Tools>Test>FindIt>CorrectResult
Labels: Findit-for-crash

Comment 3 by tzik@chromium.org, Oct 4 2016

Components: -Tools>Test>FindIt>CorrectResult Tools>Test>FindIt>WrongResult

Comment 4 by tzik@chromium.org, Oct 4 2016

Cc: tzik@chromium.org
Owner: guidou@chromium.org
guidou: Looks like a null pointer crash of ExecutionContext in AudioOutputDeviceClient::from(). Could you handle this?

Comment 5 by guidou@chromium.org, Oct 4 2016 

I'll take a look at it.
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 6 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b4bd6dcf5c7d86f7a50aa401652c166cfc23f442

commit b4bd6dcf5c7d86f7a50aa401652c166cfc23f442
Author: guidou <guidou@chromium.org>
Date: Thu Oct 06 15:38:36 2016

Check for valid context in AudioOutputDeviceClient::from.

BUG= 652214 

Review-Url: https://codereview.chromium.org/2397173002
Cr-Commit-Position: refs/heads/master@{#423544}

[modify] https://crrev.com/b4bd6dcf5c7d86f7a50aa401652c166cfc23f442/third_party/WebKit/Source/modules/audio_output_devices/AudioOutputDeviceClient.cpp

Comment 7 by guidou@chromium.org, Oct 6 2016

Status: Fixed (was: Assigned)

Comment 8 by tzik@chromium.org, Oct 12 2016 

 Issue 653812  has been merged into this issue.

Comment 9 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong
Project Member

Comment 10 by bugdroid1@chromium.org, Oct 27 2016

Labels: merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b4bd6dcf5c7d86f7a50aa401652c166cfc23f442

commit b4bd6dcf5c7d86f7a50aa401652c166cfc23f442
Author: guidou <guidou@chromium.org>
Date: Thu Oct 06 15:38:36 2016

Check for valid context in AudioOutputDeviceClient::from.

BUG= 652214 

Review-Url: https://codereview.chromium.org/2397173002
Cr-Commit-Position: refs/heads/master@{#423544}

[modify] https://crrev.com/b4bd6dcf5c7d86f7a50aa401652c166cfc23f442/third_party/WebKit/Source/modules/audio_output_devices/AudioOutputDeviceClient.cpp

Comment 11 by dimu@google.com, Nov 4 2016

Labels: -merge-merged-2840
[Automated comment] removing mislabelled merge-merged-2840
Project Member

Comment 12 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment