New issue
Advanced search Search tips

Issue 654310 link

Starred by 1 user
Status: WontFix
Owner:
sadrul@chromium.org
Closed: Oct 2016
Cc:
attek...@gmail.com
tsepez@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in gtk_path_bar_get_info_callback

Project Member Reported by ClusterFuzz, Oct 10 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6322783590285312

Fuzzer: attekett_surku_fuzzer
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  gtk_path_bar_get_info_callback
  query_info_callback
  complete_in_idle_cb
  
Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=308051:308099

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv958Xxb7P8TTbDj8VlMQpAf0a_-mjtGrAN2F0HGuX5CS8q-pzMu4H_49SvxgLGo4kNzq-2pQ4czVHQAAYqWkuMHGMhFPdaB1aMA9tvxi78V6pf4xpYH7AFoU2HlAb68xyf-wsDk5OaktiF9_86xVVYqK0-ShvFKv8hNosi-fm3m15a7wD_U?testcase_id=6322783590285312


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Oct 10 2016

Labels: Pri-2

Comment 2 by tsepez@chromium.org, Oct 10 2016

Labels: -Pri-2 M-55 Pri-3
Owner: sadrul@chromium.org
Status: Assigned (was: Untriaged)
Guessing an owner with familiarity in X11/gtk etc. Issue probably lies upstream.

Comment 3 by tsepez@chromium.org, Oct 10 2016

Components: UI

Comment 4 by sadrul@chromium.org, Oct 21 2016

Cc: tsepez@chromium.org
Yep, looks like a problem in gtk+.

More specifically: I suspect gtk+ 2.24 is missing this fix: https://git.gnome.org/browse/gtk+/commit/gtk/gtkpathbar.c?id=63bc3542ce5cf5f9e711c8f4caad8a1ee1cf0cb0

In the worst case, I think it can lead to a crash. Considering upstream already has a fix, I assume we can close this as wontfix?

Comment 5 by aarya@google.com, Oct 21 2016

Status: WontFix (was: Assigned)
Project Member

Comment 6 by sheriffbot@chromium.org, Oct 22 2016

Labels: -reward-topanel reward-ineligible
Project Member

Comment 7 by sheriffbot@chromium.org, Jan 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by tsepez@chromium.org, Mar 20 2017 

 Issue 702881  has been merged into this issue.

Comment 9 by est...@chromium.org, Jun 13 2017 

 Issue 731611  has been merged into this issue.
Project Member

Comment 10 by ClusterFuzz, Jul 14 2017

Labels: Needs-Feedback
ClusterFuzz testcase 5910792162770944 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Sign in to add a comment