Crash in content::MediaDevicesDispatcherHost::~MediaDevicesDispatcherHost |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6022292875509760 Fuzzer: lcamtuf_cross_fuzz Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000000c0 Crash State: content::MediaDevicesDispatcherHost::~MediaDevicesDispatcherHost content::MediaDevicesDispatcherHost::~MediaDevicesDispatcherHost mojo::StrongBinding<mojom::MediaDevicesDispatcherHost>::OnConnectionError Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=440655:440662 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94hmCSgCQshJwIG_onEfY4ItzWd2nkiwFe7oJHZkc0X9Mztmu0S9xrzbKI2MwuqQlqxYBfIxkATLbmAWQvQUaBgXwfamgpnUUFOuuvV3i7M-C0vT23KwBpAnn1jINJzhQMRPfrrV0Xnz3EDJJzv21BY-PikPHxuq0ribkMt7S8APBU1iHc?testcase_id=6022292875509760 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 26 2016
Find it and CL did not provide any possible suspects. Assigning to the concern owner from Code Search using the file, "smedia_devices_dispatcher_host.cc" Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/e0a9f158f10a9f5ee5d21d571518ff46929af89f @blundell -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Dec 28 2016
It looks like this crash is due to https://codereview.chromium.org/2471543003. My guess is that MediaDevicesDispatcherHost's Mojo connection is going away after MediaStreamManager's media_devices_manager_ object gets destroyed.
,
Jan 3 2017
,
Jan 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a54c7ed21d7dd59213d4ac6c74f3500884de656 commit 9a54c7ed21d7dd59213d4ac6c74f3500884de656 Author: guidou <guidou@chromium.org> Date: Tue Jan 03 16:55:58 2017 Add null check for MediaDevicesManager in MDDH destructor. Under certain scenarios (e.g., shutdown) it is possible that the MediaDevicesManager object has been destroyed before a MediaDevicesDispatcherHost tries to access it. BUG= 676919 Review-Url: https://codereview.chromium.org/2606323002 Cr-Commit-Position: refs/heads/master@{#441136} [modify] https://crrev.com/9a54c7ed21d7dd59213d4ac6c74f3500884de656/content/browser/renderer_host/media/media_devices_dispatcher_host.cc [modify] https://crrev.com/9a54c7ed21d7dd59213d4ac6c74f3500884de656/content/browser/renderer_host/media/media_stream_manager.cc
,
Jan 3 2017
,
Jan 4 2017
ClusterFuzz has detected this issue as fixed in range 441109:441141. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6022292875509760 Fuzzer: lcamtuf_cross_fuzz Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000000c0 Crash State: content::MediaDevicesDispatcherHost::~MediaDevicesDispatcherHost content::MediaDevicesDispatcherHost::~MediaDevicesDispatcherHost mojo::StrongBinding<mojom::MediaDevicesDispatcherHost>::OnConnectionError Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=440655:440662 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=441109:441141 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94hmCSgCQshJwIG_onEfY4ItzWd2nkiwFe7oJHZkc0X9Mztmu0S9xrzbKI2MwuqQlqxYBfIxkATLbmAWQvQUaBgXwfamgpnUUFOuuvV3i7M-C0vT23KwBpAnn1jINJzhQMRPfrrV0Xnz3EDJJzv21BY-PikPHxuq0ribkMt7S8APBU1iHc?testcase_id=6022292875509760 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by aditar...@gmail.com
, Dec 25 2016