Issue 699509 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	bokan@chromium.org
Closed:	Mar 2017
Cc:	mac-bugs-priority@chromium.org
Components:	Internals>Compositing
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz M-59 Test-Predator-Wrong

Crash in cc::PaintedScrollbarLayerImpl::PushPropertiesTo

Project Member Reported by ClusterFuzz, Mar 8 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5651174100566016

Fuzzer: marty_html_twiddler
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  cc::PaintedScrollbarLayerImpl::PushPropertiesTo
  cc::TreeSynchronizer::PushLayerProperties
  cc::LayerTreeHostImpl::ActivateSyncTree
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=455091:455389

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv959Ten9-9WiyGuhoRy2_Nstx9BVvU23_OwEOdoUUHGMSEGs0VbmKMfnTBJq8ZwX_sGwV_cz3nOEavGCqsMIZdRFd5x2mp-9IEuERJKdjg06GlYIXAj1to3QeHrrHTpyJ_8DXiGQt6jd2QLyWQKCcgT3uDRKXHjcJGGReSJvOpFBzkIwZqiH9gqnYQwMJSkjHmJ2ujQn3I65T_DsByhiQNm18pwt38ObptyRDDijzm8acCCD6g94m2QS_OR7Zz_I4h71pMw3XgO50MeePltGf7OQ9oMeor6qSjPQINLA31iU5C1DeWMnBofWS8o5Xj9f4V5x1wTTFuuEutB8Ts0HIQdRbTVYrHbRxxg4CXZ3P46ItC12MaQ?testcase_id=5651174100566016


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Mar 9 2017

Components: Internals>Compositing
Labels: Test-Predator-Wrong M-59
Owner: bokan@chromium.org
Status: Assigned (was: Untriaged)

Based on issue 699504 and 699343, assigning to bokan@. could you please take a look and duplicate if it is same.
Thank you.

Comment 2 by bokan@chromium.org, Mar 9 2017

Mergedinto: 699504
Status: Duplicate (was: Assigned)

Project Member

Comment 3 by ClusterFuzz, Mar 10 2017

ClusterFuzz has detected this issue as fixed in range 455700:456019.

Detailed report: https://clusterfuzz.com/testcase?key=5651174100566016

Fuzzer: marty_html_twiddler
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  cc::PaintedScrollbarLayerImpl::PushPropertiesTo
  cc::TreeSynchronizer::PushLayerProperties
  cc::LayerTreeHostImpl::ActivateSyncTree
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=455091:455389
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=455700:456019

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv959Ten9-9WiyGuhoRy2_Nstx9BVvU23_OwEOdoUUHGMSEGs0VbmKMfnTBJq8ZwX_sGwV_cz3nOEavGCqsMIZdRFd5x2mp-9IEuERJKdjg06GlYIXAj1to3QeHrrHTpyJ_8DXiGQt6jd2QLyWQKCcgT3uDRKXHjcJGGReSJvOpFBzkIwZqiH9gqnYQwMJSkjHmJ2ujQn3I65T_DsByhiQNm18pwt38ObptyRDDijzm8acCCD6g94m2QS_OR7Zz_I4h71pMw3XgO50MeePltGf7OQ9oMeor6qSjPQINLA31iU5C1DeWMnBofWS8o5Xj9f4V5x1wTTFuuEutB8Ts0HIQdRbTVYrHbRxxg4CXZ3P46ItC12MaQ?testcase_id=5651174100566016


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 699509 link

Issue metadata

Crash in cc::PaintedScrollbarLayerImpl::PushPropertiesTo

Issue description

Comment 1 by mummare...@chromium.org, Mar 9 2017

Comment 1 Deleted

Comment 2 by bokan@chromium.org, Mar 9 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Mar 10 2017

Comment 3 Deleted

Sign in to add a comment