Issue 682288 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	tzik@chromium.org
Closed:	Jan 2017
Cc:	█ msrchandra@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz Test-Predator-Wrong

result || flags & PartitionAllocReturnNull in partition_alloc.h

Project Member Reported by ClusterFuzz, Jan 18 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4533600717635584

Fuzzer: cdiehl_dharma
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result || flags & PartitionAllocReturnNull in partition_alloc.h
  blink::DOMTypedArray<WTF::Uint8ClampedArray,v8::Uint8ClampedArray>::createOrNull
  blink::ImageData::create
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=444293:444318

Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96UoL-p8n6b8xMJPiM8Xdj2qdyfHP6nft5J63M-ox47XXGgb9kMf4bdFCTlOb8iyt0YUVg6FP3_lEDI7jPUr9h7CsPJGXFxVyRsCpKyV0dM9aDtS3KQVJERKhY6ByvlUkbQifuSjE14iHqHKKXw9bS6PZmMID5XhKENkECyq9OiROaZ_ovdaa2lMm9ztbnzcjGV0duTKd9hxJ3l5tmzHOKlfT7cLJmiHvEIMrIQU7kc1SzEjnXcfXOljAOF1Z561KBpZ4LBugIVc8jSJCivltT8A4e5EWlM_hJa3f1RrsqMIfZos31pK53XjtIoYDx2em2ZvOReE4dQ1cq73geFv2tgrmK8tiI77KP0uHOfW18xjzSa7jQ?testcase_id=4533600717635584

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Jan 18 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)

Find it and CL did not provide any possible suspects.
Using Code Search for the file, "partition_alloc.h" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/877d29b7d92ad602c0eb80f01cd995cf4cd0f28d

@tzik -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by tzik@chromium.org, Jan 19 2017

Status: WontFix (was: Assigned)

This is an intended out of memory crash.

Project Member

Comment 3 by ClusterFuzz, Apr 16 2017

ClusterFuzz has detected this issue as fixed in range 453840:453876.

Detailed report: https://clusterfuzz.com/testcase?key=4533600717635584

Fuzzer: cdiehl_dharma
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result || flags & PartitionAllocReturnNull in partition_alloc.h
  blink::DOMTypedArray<WTF::Uint8ClampedArray,v8::Uint8ClampedArray>::createOrNull
  blink::ImageData::create
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=444293:444318
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=453840:453876

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95tntBbV0bpKYvBOSKXPYk_NyuHGWBRjLnTaT5bwJXMQYJVev4LaZOQrjBN0kJgQydKfeROROfmd46S-kPab_C-qKO9U22C8kjQ6VHWtgvwG4ejhnZ7MTns6a4sPIkxcxH9nFdGCD5IUezUvB8nKrGZBMGc-AUEIj03w3za8w50EAxALfPzhVH19FGVoU4_kcTbPdVA3IV3y4T8_ZxzCTOtHsVn9wKNitP4GEIslnKLazxvxJqfldST0BJZXYl7sLHlhVe0_UibkqacdrR59jHUDxheuxQYTKlY3qrGROujC6AxBl9XbydHUqLK_H4agA8OB9hcKPqP0sd4ikRVLfXo9kH7G1XueUme19Hh4Nx0lPszIAD2HaVur4ZDt7tRZFYEdHm8xAdAOerfhmBFjJ7s_NTCiw?testcase_id=4533600717635584


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 682288 link

Issue metadata

result || flags & PartitionAllocReturnNull in partition_alloc.h

Issue description

Comment 1 by msrchandra@chromium.org, Jan 18 2017

Comment 1 Deleted

Comment 2 by tzik@chromium.org, Jan 19 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Apr 16 2017

Comment 3 Deleted

Sign in to add a comment