Crash in WebPrivatePtr<WTF::StringImpl |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5882974081122304 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000278 Crash State: WebPrivatePtr<WTF::StringImpl blink::WebString::WebString blink::WebURL::WebURL Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=441141:441201 Minimized Testcase (0.55 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97pGZn0oVoF4RbnuUx_KNmNVaTF5Wax1ZpxfTboVw6UHX6fl3EG08aG7tPFjj3cIrGyFa2jl_fHElb4C_l1o6inpflhR73eCtNuF-4CiuIAR8qrrrqqtTZB7xYlmuVIHuXZlGM-VrkKzYMzzfxoQthISjaoSOaDUCM7b1JdKEpkAOib6rWBP_fz_x1wTDGLfkfuBAVGswdjoiETBKeQi0Qtcd5fmseTWNsQpePGY73hBwOt5pSki1vm-9JKNa_4U95_r8u7MAtrIsoI7SaODRZcj8rSpwWVmpWW4H70SyMp6qUBUv5AeGXuuLeE9MPHf8pvdyYDGQh2RzSFtbtEhtYmYhxkn-f1w1Cz1-_2OpK2yd8u96o?testcase_id=5882974081122304 <script> function eventhandler7() { /*string_event*/ var var00013 = "webkitprerenderload"; //line 15 /*DOMWindow*/ var var00215 = window; //line 240 /*long*/ var var00296 = var00215.setTimeout("eventhandler7()"); //line 328 var00215.close(); //line 378 /*DOMWindow*/ var var00357 = window; //line 396 /*string*/ var var00358 = "j&{9LqMW00c"; //line 397 /*string*/ var var00359 = Array(31); //line 398 /*DOMWindow*/ var var00360 = var00357.open(var00358,var00359,var00013); //line 399 } </script> M蝆<iframe onload=eventhandler7() id=tCF2</style> Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 23 2017
ClusterFuzz has detected this issue as fixed in range 452047:452095. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5882974081122304 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000278 Crash State: WebPrivatePtr<WTF::StringImpl blink::WebString::WebString blink::WebURL::WebURL Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=441141:441201 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=452047:452095 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97pGZn0oVoF4RbnuUx_KNmNVaTF5Wax1ZpxfTboVw6UHX6fl3EG08aG7tPFjj3cIrGyFa2jl_fHElb4C_l1o6inpflhR73eCtNuF-4CiuIAR8qrrrqqtTZB7xYlmuVIHuXZlGM-VrkKzYMzzfxoQthISjaoSOaDUCM7b1JdKEpkAOib6rWBP_fz_x1wTDGLfkfuBAVGswdjoiETBKeQi0Qtcd5fmseTWNsQpePGY73hBwOt5pSki1vm-9JKNa_4U95_r8u7MAtrIsoI7SaODRZcj8rSpwWVmpWW4H70SyMp6qUBUv5AeGXuuLeE9MPHf8pvdyYDGQh2RzSFtbtEhtYmYhxkn-f1w1Cz1-_2OpK2yd8u96o?testcase_id=5882974081122304 Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 23 2017
ClusterFuzz testcase 5882974081122304 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Jan 16 2017Labels: Test-Predator-Wrong-CLs
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)