Crash in ImeController::CanCycleIme |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5765974948315136 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: ImeController::CanCycleIme ash::AcceleratorController::AcceleratorPressed ui::AcceleratorManager::Process Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96dc2WYUceJ4-BCGKIRhtmqI5NvjqSOd5dXx8WnCep5UpcoNY0kwNcGsfCu7NSXukYA4DN2XYjN8MHglblOsjuFW4gHQ1mKQdcroFZbqDypObjvHnzkbfqXW11UA56GxC8dDK_oxu31l8x2Z5TUL3BPD31FIQ?testcase_id=5765974948315136 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 8 2016
The CL in #1 is not related. The crash happens here: https://cs.chromium.org/chromium/src/chrome/browser/ui/ash/ime_controller_chromeos.cc?sq=package:chromium&type=cs&l=13 Not sure if the InputMethodManager or the InputMethodManager::State instances can be nulls. Passing to the IME expert.
,
Dec 9 2016
Most likely the InputMethodManager::State instance is null. The ActiveIMEState can only be null before InputMethodManager::SetState() is called.
,
Dec 9 2016
Most likely the InputMethodManager::State instance is null. The ActiveIMEState can only be null before InputMethodManager::SetState() is called. The early calls could be either ChromeBrowserMainPartsChromeos::PostProfileInit(), or UserSessionManager::InitializeUserSession(). +alemate@, do you think adding a null-check in ImeController::CanCycleIme is sufficient to fix this issue? Thanks.
,
Jan 14 2017
ClusterFuzz has detected this issue as fixed in range 443393:443475. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5765974948315136 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: ImeController::CanCycleIme ash::AcceleratorController::AcceleratorPressed ui::AcceleratorManager::Process Sanitizer: address (ASAN) Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=443393:443475 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96dc2WYUceJ4-BCGKIRhtmqI5NvjqSOd5dXx8WnCep5UpcoNY0kwNcGsfCu7NSXukYA4DN2XYjN8MHglblOsjuFW4gHQ1mKQdcroFZbqDypObjvHnzkbfqXW11UA56GxC8dDK_oxu31l8x2Z5TUL3BPD31FIQ?testcase_id=5765974948315136 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 14 2017
ClusterFuzz testcase 5765974948315136 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by msrchandra@chromium.org
, Dec 8 2016Labels: Test-Predator-Wrong-CLs
Owner: afakhry@chromium.org
Status: Assigned (was: Untriaged)