Crash in blink::FrameHost::globalRootScrollerController |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5829289405841408 Fuzzer: ifratric-browserfuzzer-v3 Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000038 Crash State: blink::FrameHost::globalRootScrollerController blink::FrameView::dispose blink::HTMLFrameOwnerElement::UpdateSuspendScope::performDeferredWidgetTreeOpera Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=436692:436770 Minimized Testcase (4.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94jrmr7XLM60BegWHXrSQAJwQ2rpD3umrwtCSk7EyCeJdN0prInt1PlFlBbOoTAn8Bvr3ofTyIQ0Kpw-zUius6kHi4zcPInWpLosFgIuLy-QQtfoF6wfuu7jBn83sRQPcnIJIV8iZ0zQJHYAQXXYRk_xfHob_yOebXlXOKXtvCYTkOXLo66-Z1a-iTvsrAHFhihew63KD4ANWHtLypaV25unGMJzHWtxsdUgpOno3VGGFk3Q72t9FFpadJnnHjwOJXqItkaTd9hSsYgkAKqeBnZbeYK9y81sGZ4dXjjJQXYZsgddCweljv840_OUo9CLuj-cxixzsDRH-VQx9BJfMqWqn0HUQxs6nTCJA1D5q5iVBmbYK3IzmOrGPjZqyw4gcvhSvfIxDzZEWd5UW440DSSDJeMOw?testcase_id=5829289405841408 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 20 2017
+dcheng@: Looks like we're still getting into FrameView::dispose with a detached FrameHost. Are you still the one to look at these Widget issues? (I also have another in issue 677758 ).
,
Mar 2 2017
ClusterFuzz has detected this issue as fixed in range 453344:453359. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5829289405841408 Fuzzer: ifratric-browserfuzzer-v3 Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000038 Crash State: blink::FrameHost::globalRootScrollerController blink::FrameView::dispose blink::HTMLFrameOwnerElement::UpdateSuspendScope::performDeferredWidgetTreeOpera Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=436692:436770 Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=453344:453359 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94jrmr7XLM60BegWHXrSQAJwQ2rpD3umrwtCSk7EyCeJdN0prInt1PlFlBbOoTAn8Bvr3ofTyIQ0Kpw-zUius6kHi4zcPInWpLosFgIuLy-QQtfoF6wfuu7jBn83sRQPcnIJIV8iZ0zQJHYAQXXYRk_xfHob_yOebXlXOKXtvCYTkOXLo66-Z1a-iTvsrAHFhihew63KD4ANWHtLypaV25unGMJzHWtxsdUgpOno3VGGFk3Q72t9FFpadJnnHjwOJXqItkaTd9hSsYgkAKqeBnZbeYK9y81sGZ4dXjjJQXYZsgddCweljv840_OUo9CLuj-cxixzsDRH-VQx9BJfMqWqn0HUQxs6nTCJA1D5q5iVBmbYK3IzmOrGPjZqyw4gcvhSvfIxDzZEWd5UW440DSSDJeMOw?testcase_id=5829289405841408 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 2 2017
ClusterFuzz testcase 5829289405841408 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Jan 19 2017Labels: M-57 Test-Predator-Correct
Owner: bokan@chromium.org
Status: Assigned (was: Untriaged)