New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 666156 link

Starred by 2 users
Status: Duplicate
Merged: issue 630515
Owner:
xidac...@chromium.org
Closed: Nov 2016
Cc:
junov@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::EventTarget::dispatchEvent

Project Member Reported by ClusterFuzz, Nov 17 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6114688914161664

Fuzzer: mbarbella_js_mutation_layout
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::EventTarget::dispatchEvent
  blink::WebGLRenderingContextBase::dispatchContextLostEvent
  blink::TaskRunnerTimer<blink::VibrationController>::fired
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=411923:411924

Minimized Testcase (0.57 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97Sc2s7GUG2ExzoGtvN3U3G0TTt39NPTo0guqnBAz_c-aN80_e_wSHjOutJW_xPoNdZrpgd7MxDvnyNKSUcgFAVdLwyg2R8djGyjxScWRSzU5ZsVIRnMOhP1bBZikmC56jVo0nyXzxpK_XoG_PFOObJBXkzjg?testcase_id=6114688914161664
<body onload="__f_6();"<script id="myWorker" type="text/worker">
;

self.onmessage = function() {
    var __v_5 = new OffscreenCanvas(100, 100);
    var __v_3 = __v_5.getContext('webgl');
;
    var __v_0 = new OffscreenCanvas(50, 50);
    var __v_2 = __v_0.getContext('webgl');
};
</script>
  <script>


    testRunner.waitUntilDone();
var blob = new Blob([document.getElementById('myWorker').textContent]);
var worker = new Worker(URL.createObjectURL(blob));
var bitmap2;
worker.postMessage("");
worker.postMessage("");


        worker.postMessage("");
      </script>
 <body>
  


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by sigbjo...@opera.com, Nov 17 2016

Components: Blink>Canvas Blink>WebGL

Comment 2 by kbr@chromium.org, Nov 17 2016

Owner: xidac...@chromium.org
Status: Assigned (was: Untriaged)
I think Xida just fixed this under a different bug ID.

Comment 3 by xidac...@chromium.org, Nov 17 2016

Cc: junov@chromium.org
I feel really strange about this report. The timestamp on the detailed report is 2016-08-14 20:14:29, and the stacktrace shows that the code path is really outdated. I wonder which version of chrome was this test ran on? It should not crash on ToT.

Comment 4 by xidac...@chromium.org, Nov 17 2016

Status: WontFix (was: Assigned)

Comment 5 by kbr@chromium.org, Nov 17 2016

Status: Assigned (was: WontFix)
Xida, didn't you just fix this crash in another bug ID? Please duplicate this into the other report rather than closing it as WontFix.

Comment 6 by xidac...@chromium.org, Nov 17 2016

Mergedinto: 630515
Status: Duplicate (was: Assigned)
That makes perfect sense, thanks for pointing it out.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment