New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 683754 link

Starred by 1 user
Status: Duplicate
Merged: issue 683773
Owner:
roc...@chromium.org
please use my google.com address
Closed: Jan 2017
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in content::RenderProcessHostImpl::OnRouteProviderRequest

Project Member Reported by ClusterFuzz, Jan 22 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5867865963233280

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  content::RenderProcessHostImpl::OnRouteProviderRequest
  base::internal::Invoker<base::internal::BindState<void
  void IPC::ChannelProxy::BindAssociatedInterfaceRequest<content::mojom::RouteProv
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=445299:445300

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97EcuIwXm-wczdOAwUtnVd9Jtz9EzxjpmBpzUAgFj07QiUfwe1m7Uzk1gxY9tiIHpRtatULH0DZAPsj3DFNh7UeDBBdxFFBeOCEPzoohF9K_ofeCj1atHzP--nwNaWO9hKoutzf5ijEfE--18cdhM01hgc-WQF1sMc3lnpqBC_USMZfBqOk4GxfQijFvAW5YNMqPfYYA7GqX15dLOMg6wiJ7rHEid_61fpXMdJC-lJwgpkb7WM8JV2U0kTRKOcZxN5nprDD6gTelRET5UxHl8hjMig6z29K08TXFmmv9_lWXj60oGvKG-64pRRnqwf-ce8MjrK-egLXRFTfLzG8vCDnD9EUuzsHSLmhrUx47-HIy8wR3Lw?testcase_id=5867865963233280


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Jan 23 2017

Labels: Pri-2

Comment 2 by est...@chromium.org, Jan 24 2017

Owner: roc...@chromium.org
Status: Assigned (was: Untriaged)
rockot, could you please take a look at this security bug? Maybe it's a flaky crash because Clusterfuzz's regression analysis doesn't seem to be working, so there's isn't regression information, but it looks like you're familiar with this code. Thanks!

Comment 3 by roc...@chromium.org, Jan 24 2017

Mergedinto: 683773
Status: Duplicate (was: Assigned)
I believe this is the same root cause as  issue 683773 . Fix in progress.
Project Member

Comment 4 by sheriffbot@chromium.org, May 3 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment