Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in net::LayeredNetworkDelegate::OnURLRequestDestroyed |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5538247192346624 Fuzzer: jsbell_serviceworker Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: net::LayeredNetworkDelegate::OnURLRequestDestroyed net::NetworkDelegate::NotifyURLRequestDestroyed net::NetworkDelegate::NotifyURLRequestDestroyed Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=435514:435553 Minimized Testcase (0.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97wvB9D769K3DOt8QcRRJyWvEUGAkZ3EAEbltfaZb65rLPzLwbIdBghp0R3iEMO9eeuN2LVDu7oZAMUiNX8G5blCpx7sT5hLBivO7F1bFfF1FGTPBgt2mxF7Pq5OkxfbCKLNDAjhYwmuS1yn8xLUEXdwF92PA?testcase_id=5538247192346624 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 1 2016
,
Dec 1 2016
reassigning to kundaji@ as he has a fix for all of the fuzzer bugs.
,
Dec 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c6d437f401a1b5053d7d1bf3aa2b13c99d854e70 commit c6d437f401a1b5053d7d1bf3aa2b13c99d854e70 Author: kundaji <kundaji@chromium.org> Date: Fri Dec 02 00:46:45 2016 Set main frame id on DataUseRecorder created for render frame. Without this id, there is no way to look this instance up in the render frame map. BUG=670257, 670240 , 670438 Review-Url: https://codereview.chromium.org/2545963002 Cr-Commit-Position: refs/heads/master@{#435797} [modify] https://crrev.com/c6d437f401a1b5053d7d1bf3aa2b13c99d854e70/chrome/browser/data_use_measurement/chrome_data_use_ascriber.cc
,
Dec 2 2016
ClusterFuzz has detected this issue as fixed in range 435745:435840. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5538247192346624 Fuzzer: jsbell_serviceworker Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: net::LayeredNetworkDelegate::OnURLRequestDestroyed net::NetworkDelegate::NotifyURLRequestDestroyed net::NetworkDelegate::NotifyURLRequestDestroyed Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=435514:435553 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=435745:435840 Minimized Testcase (0.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97wvB9D769K3DOt8QcRRJyWvEUGAkZ3EAEbltfaZb65rLPzLwbIdBghp0R3iEMO9eeuN2LVDu7oZAMUiNX8G5blCpx7sT5hLBivO7F1bFfF1FGTPBgt2mxF7Pq5OkxfbCKLNDAjhYwmuS1yn8xLUEXdwF92PA?testcase_id=5538247192346624 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 2 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 2 2016
,
Mar 10 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by och...@chromium.org
, Dec 1 2016Owner: kundaji@chromium.org
Status: Assigned (was: Untriaged)