New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 677015 link

Starred by 2 users
Status: WontFix
Owner:
yukishiino@chromium.org
Closed: Dec 2016
Cc:
msrchandra@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

!context.IsEmpty() in WindowProxy.cpp

Project Member Reported by ClusterFuzz, Dec 26 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6589726573461504

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !context.IsEmpty() in WindowProxy.cpp
  blink::WindowProxy::createContext
  blink::WindowProxy::initialize
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=435209:435314

Minimized Testcase (0.15 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95MkotAICbMKc7jxcctAUZAjUueS9XU3XwKFdo1WQH4jm59i0M3ffaNwdjDExEFvtRXaw0UcQy0AzfVmsKKUc6kaSWRcbIjtrxHBj9WTii-CjW0oy8iwR1AB5JXIG8LR56Pi_XjvKkEroHaqYJ6sa7x2-KUOA?testcase_id=6589726573461504
<script>
var __v_18 = this;
   function __f_18()
{
 try {
     __f_18();
     __v_18.open();
 } catch (ex) {
 }
}
    var __v_20 = __f_18();
</script>


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Dec 27 2016

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong
Owner: yukishiino@chromium.org
Status: Assigned (was: Untriaged)
Find ti and CL did not provide any possible suspects.
Assigning to the concern owner from Code Search using for the file, "!context.IsEmpty() in WindowProxy.cpp"

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/c20eda8d50867e0378c8997ad0cdb1702950f525

@yukishiino -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by yukishiino@chromium.org, Dec 27 2016

Status: WontFix (was: Assigned)
This is happening because the test code consumed all of V8 stack, and then we cannot create a new v8::Context because of short of V8 stack.  We're safely crashing with CHECK, and it's intentional.  We're currently not supporting this situation.  So, this is working as intended.
Project Member

Comment 3 by ClusterFuzz, Apr 18 2017 

ClusterFuzz has detected this issue as fixed in range 464942:464964.

Detailed report: https://clusterfuzz.com/testcase?key=6589726573461504

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !context.IsEmpty() in WindowProxy.cpp
  blink::WindowProxy::createContext
  blink::WindowProxy::initialize
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=435209:435314
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=464942:464964

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97rCxk1fc7wf_gaDj0ZYsahmQjiErMyCQ-qvcq0NvVRUzqbgmgQRWJ3V8IC0RUYu8zidRSdg8YURwct_ZPD86KVkfKnGmiEt9gdLYb40vMbhB7kWZbgq2E54WKDzRDhzDOGwEOEjsmej6ce4YnuHcpcNmXrwzn32gJdZqrCgDRF7j5hD7karRyo10HuveMWQm78ADhRCZjEt8DAQD_b700ZtjyxtX96HBNYDi1LjOO83lZXVJFp2JY-j_UOXBhf2g1dZcGXMtVnZ0Up2dHsog8eLVFBsUN1OgG0IQbfLAmu3fS4dC6BSo1ZbN-r1OhyxPRSWC3ODs0dsJdKpGny4ofnvrAy11LM28K8ynw7cJWsQi17y0P27TM_B2WDPV_sDiGroh6gnK5HifRK-ZrNtKxPnv-DPQ?testcase_id=6589726573461504


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment