New issue
Advanced search Search tips

Issue 663688 link

Starred by 1 user
Status: Duplicate
Merged: issue 663362
Owner: ----
Closed: Nov 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in blink::Member<blink::IdTargetObserver> const* WTF::HashTable<blink::Member<blink

Project Member Reported by ClusterFuzz, Nov 9 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5332378546601984

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7fa293201a90
Crash State:
  blink::Member<blink::IdTargetObserver> const* WTF::HashTable<blink::Member<blink
  blink::IdTargetObserverRegistry::removeObserver
  blink::SVGElementProxy::removeClient
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=430525:430550

Minimized Testcase (3.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OTKf9SnzYemYURShV4uPDrPtA0CCN2s18K_JhqnTFMIp-48vW5G_YLg0YrMg8R3U6Fqw4dzIXyjZtWsH4HDRZgHY_yMiO-9kfuTUrmU7TlB9mTFlwONvsN9M53ItsWswipcn5NF6F2l0lMW9sYcRwfzwUqA?testcase_id=5332378546601984

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Nov 9 2016

Labels: M-56
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 9 2016

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 9 2016

Labels: Pri-1

Comment 4 by rickyz@chromium.org, Nov 10 2016

Mergedinto: 663362
Status: Duplicate (was: Untriaged)
Project Member

Comment 5 by ClusterFuzz, Nov 10 2016 

ClusterFuzz has detected this issue as fixed in range 430792:430869.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5332378546601984

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7fa293201a90
Crash State:
  blink::Member<blink::IdTargetObserver> const* WTF::HashTable<blink::Member<blink
  blink::IdTargetObserverRegistry::removeObserver
  blink::SVGElementProxy::removeClient
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=430525:430550
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=430792:430869

Minimized Testcase (3.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OTKf9SnzYemYURShV4uPDrPtA0CCN2s18K_JhqnTFMIp-48vW5G_YLg0YrMg8R3U6Fqw4dzIXyjZtWsH4HDRZgHY_yMiO-9kfuTUrmU7TlB9mTFlwONvsN9M53ItsWswipcn5NF6F2l0lMW9sYcRwfzwUqA?testcase_id=5332378546601984

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by sheriffbot@chromium.org, Feb 17 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment