New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 689265 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::ExecutionContext::completeURL

Project Member Reported by ClusterFuzz, Feb 6 2017

Issue description

Cc: pilgrim@chromium.org tzik@chromium.org
Labels: Test-Predator-Wrong M-58
Could not find exact culprit CL using regression range and code search.
Adding few devs for further triaging. could someone please look into the issue.
Thank you

Cc: msrchandra@chromium.org
Components: Blink>DOM
Owner: nhiroki@chromium.org
Status: Assigned (was: Untriaged)
Using Code Search for the file, "Worklet.cpp", assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/f1e393e2cab401597d52fe9b7ed90946c5d426d3

nhiroki -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Components: -Blink>DOM Blink>Workers
Status: Started (was: Assigned)
I can reproduce this and have a WIP fix.
A CL is under review: https://codereview.chromium.org/2697243003/
Project Member

Comment 6 by ClusterFuzz, Feb 16 2017

ClusterFuzz has detected this issue as fixed in range 450943:450980.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5168550932381696

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::ExecutionContext::completeURL
  blink::Worklet::import
  blink::V8Worklet::importMethodCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=446721:447186
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=450943:450980

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97VeNkIB4xELTH7tCV48YRC2yJWVVyFL9uxrn2t6bmLMKzAe1_3bT6tyP12Zq-L5XaynGa6IxWY3kYVf2TIwFMQKSfFfwfPXbr734H-KOXfBPHVSbZBUlxsoHoug0ILeYDCkSBB_8GDQgc_Y_bTqqly_o9gM6YOG9kd1gAy0OWHPg6c5yQ2GXgpvq9Rb1G_e0Lkw3j-1C_iYMniXhjbSfZ3tGS82QIJBQeC9w39xP55_qd2WajsDjMW_JuV_bb06vYtc--hd-hQDp7NFqosBmG1k6E9BrKO6PMRqMQIG-oRCD1tkTPW78CereIIISCfhPGPz3q259i2OsE4ZeCrcveFtMvb1hOWrIG41Ie6uMufwMOfYGw?testcase_id=5168550932381696


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Started)
It looks like my patch is working well. I'll close this.

Sign in to add a comment