New issue
Advanced search Search tips

Issue 704172 link

Starred by 1 user
Status: Duplicate
Merged: issue 657165
Owner: ----
Closed: Mar 2017
Cc:
japhet@chromium.org
ricea@chromium.org
csharrison@chromium.org
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash in content::WebURLLoaderImpl::Context::Start

Project Member Reported by ClusterFuzz, Mar 22 2017

Comment 1 by erikc...@chromium.org, Mar 22 2017

Components: Blink
"""
#0 0x112b61170 in content::WebURLLoaderImpl::Context::Start(blink::WebURLRequest const&, content::SyncLoadResponse*) content/child/web_url_loader_impl.cc:0:39
#1 0x112b69770 in content::WebURLLoaderImpl::loadAsynchronously(blink::WebURLRequest const&, blink::WebURLLoaderClient*) content/child/web_url_loader_impl.cc:1236:13
#2 0x10a5dec6d in blink::ResourceLoader::start(blink::ResourceRequest const&) third_party/WebKit/Source/platform/loader/fetch/ResourceLoader.cpp:104:15
#3 0x10a5bcab7 in blink::ResourceFetcher::startLoad(blink::Resource*) third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp:1277:11
#4 0x10a5bab7d in blink::ResourceFetcher::requestResource(blink::FetchRequest&, blink::ResourceFactory const&, blink::SubstituteData const&) third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp:632:8
#5 0x10a58f4f2 in blink::RawResource::fetchMainResource(blink::FetchRequest&, blink::ResourceFetcher*, blink::SubstituteData const&) third_party/WebKit/Source/platform/loader/fetch/RawResource.cpp:83:33
#6 0x11192f26c in blink::DocumentLoader::startLoadingMainResource() third_party/WebKit/Source/core/loader/DocumentLoader.cpp:761:7
#7 0x111960f48 in blink::FrameLoader::startLoad(blink::FrameLoadRequest&, blink::FrameLoadType, blink::NavigationPolicy) third_party/WebKit/Source/core/loader/FrameLoader.cpp:1688:34
#8 0x111959d24 in blink::FrameLoader::load(blink::FrameLoadRequest const&, blink::FrameLoadType, blink::HistoryItem*, blink::HistoryLoadType) third_party/WebKit/Source/core/loader/FrameLoader.cpp:1104:3
#9 0x10fa9a441 in blink::WebLocalFrameImpl::createChildFrame(blink::FrameLoadRequest const&, WTF::AtomicString const&, blink::HTMLFrameOwnerElement*) third_party/WebKit/Source/web/WebLocalFrameImpl.cpp:1687:36
"""

Comment 2 by mummare...@chromium.org, Mar 22 2017

Cc: mmoroz@chromium.org ricea@chromium.org japhet@chromium.org csharrison@chromium.org
Labels: Test-Predator-Wrong M-59
Author: ricea
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/d91ea73de426248bf5d8524da38c07c0a6b34b19
Time: Wed Jul 20 12:53:28 2016
Lines 119 of file ResourceLoader.cpp which potentially caused crash are changed in this cl (frame #2, "blink::ResourceLoader::start").

could someone please take a look and help us to find correct owner?.
Thank you

Comment 3 by japhet@chromium.org, Mar 22 2017

Mergedinto: 657165
Status: Duplicate (was: Untriaged)
Project Member

Comment 4 by ClusterFuzz, May 27 2017 

ClusterFuzz has detected this issue as fixed in range 474926:474952.

Detailed report: https://clusterfuzz.com/testcase?key=4920081881759744

Fuzzer: libfuzzer_renderer_tree_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  content::WebURLLoaderImpl::Context::Start
  content::WebURLLoaderImpl::LoadAsynchronously
  blink::ResourceLoader::Start
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=406358:408804
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=474926:474952

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4920081881759744


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment