New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 702480 link

Starred by 1 user
Status: Fixed
Owner:
jamescook@chromium.org
Closed: Mar 2017
Cc:
msrchandra@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocked on:
issue 717559


Sign in to add a comment

Crash in ash::PaletteTray::ShowPalette

Project Member Reported by ClusterFuzz, Mar 17 2017

Comment 1 by msrchandra@chromium.org, Mar 17 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong M-58
Owner: jamescook@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not find any possible suspects.
Using Code Search for the file, "ash::PaletteTray::ShowPalette" assigning to the concern owner.

@James Cook -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by jamescook@chromium.org, Mar 17 2017

Status: Started (was: Assigned)
https://codereview.chromium.org/2758863002
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8a9f744dfa2a4299d50b3474b0d9699070158e0f

commit 8a9f744dfa2a4299d50b3474b0d9699070158e0f
Author: jamescook <jamescook@chromium.org>
Date: Fri Mar 17 18:39:18 2017

cros: Fix clusterfuzz crash opening stylus palette

Clusterfuzz skips the login pathway and injects keystrokes immediately on
startup. This can trigger accelerators before the status area is initialized.
Add a null check -- this case doesn't happen in production.

BUG= 702480 
TEST=clusterfuzz

Review-Url: https://codereview.chromium.org/2758863002
Cr-Commit-Position: refs/heads/master@{#457827}

[modify] https://crrev.com/8a9f744dfa2a4299d50b3474b0d9699070158e0f/ash/common/accelerators/accelerator_controller.cc

Comment 4 by jamescook@chromium.org, Mar 17 2017

Status: Fixed (was: Started)

Comment 5 by jamescook@chromium.org, May 2 2017

Blockedon: 717559
Project Member

Comment 6 by ClusterFuzz, May 3 2017 

ClusterFuzz has detected this issue as fixed in range 468630:468676.

Detailed report: https://clusterfuzz.com/testcase?key=5246543889432576

Fuzzer: noel-image-flip
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x000000000418
Crash State:
  ash::PaletteTray::ShowPalette
  ash::AcceleratorController::PerformAction
  ash::AcceleratorController::AcceleratorPressed
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=448729:448967
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=468630:468676

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5246543889432576


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment