Issue 704555 link

Starred by 4 users

Issue metadata

Status:	WontFix
Owner:	thomasanderson@chromium.org
Closed:	May 2017
Cc:	█ tanin@chromium.org attek...@gmail.com
Components:	UI
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug-Security
Reproducible Security_Severity-Low Security_Impact-Head Stability-Memory-MemorySanitizer allpublic Clusterfuzz ClusterFuzz-Ignore

Use-of-uninitialized-value in gdk_rectangle_intersect

Project Member Reported by ClusterFuzz, Mar 23 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4582338236514304

Fuzzer: jsbell_serviceworker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  gdk_rectangle_intersect
  gdk_x11_screen_get_monitor_workarea
  gtk_window_guess_default_size
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=458236:458264

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97So7jBfwi3fyI-iMkd7kTr_LH0sqTx4ue1kBYi5JQi5Sqb4fzleLLJiOfXrSIHFIKNvCewJmMr0-yOsceJZpCu35tkZQpHmPg3lbeOq0HqeTCaQ1D4j4DgdCwarwp5djU99KoaGj1bLOQR70GGq_r9IV0qCdGaryGQWIgND72llSdstehbGk5WzuzSe4phbJFdn33dGcpU3fUlJWjFPRLd4XJoVxgW3BvzhKyEpEn3_UGEjHZj9bF0WVONT4pJM2ugrxWPd1vm3QEwrEqHloTKuul-kvg8olNiOg78CpXrPwPc-Z_sTqZZNMADiIT6pr8Yq7R8l9VG6umImh_jqbFhsO8OXD9SUFXDnIm7khVUDEJF5Jy7vuO0vYyoRXZC9m5IGi0R5dYPamm5ext-NXK25g4rkg?testcase_id=4582338236514304


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by rsesek@chromium.org, Mar 23 2017

Components: UI
Owner: thomasanderson@chromium.org
Status: Assigned (was: Untriaged)

This may be from https://chromium.googlesource.com/chromium/src/+/0ff8b19608421be5fa5b53e90c097e4992723b90.

Project Member

Comment 2 by sheriffbot@chromium.org, Mar 24 2017

Labels: Pri-2

Comment 3 by thomasanderson@chromium.org, Mar 24 2017

I'm not able to repro, and based on the stack trace, the error would be within Gtk anyway.

#0 0x7fe38c329811 in gdk_rectangle_intersect third_party/instrumented_libraries/scripts/out/Instrumented-msan-no-origins-trusty/gen/third_party/instrumented_libraries/libgtk-3-0/gtk+3.0-3.10.8/gdk/gdkrectangle.c:111:12
#1 0x7fe38c3bbe0d in gdk_x11_screen_get_monitor_workarea third_party/instrumented_libraries/scripts/out/Instrumented-msan-no-origins-trusty/gen/third_party/instrumented_libraries/libgtk-3-0/gtk+3.0-3.10.8/gdk/x11/gdkscreen-x11.c:395:11
#2 0x7fe38cfb7830 in gtk_window_guess_default_size third_party/instrumented_libraries/scripts/out/Instrumented-msan-no-origins-trusty/gen/third_party/instrumented_libraries/libgtk-3-0/gtk+3.0-3.10.8/gtk/gtkwindow.c:5722:7
#3 0x7fe38cfae201 in gtk_window_realize third_party/instrumented_libraries/scripts/out/Instrumented-msan-no-origins-trusty/gen/third_party/instrumented_libraries/libgtk-3-0/gtk+3.0-3.10.8/gtk/gtkwindow.c:5839:7

Comment 4 by ta...@google.com, Apr 1 2017

This case is strange. ClusterFuzz found this crash many times https://clusterfuzz.com/v2/testcases?q=group%3A5056426331602944

From statistics, many times are reported as reproducible. But I can't find any reproducible testcase.

Project Member

Comment 5 by ClusterFuzz, May 1 2017

Status: WontFix (was: Assigned)

ClusterFuzz testcase 4582338236514304 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 6 by mbarbe...@chromium.org, Jun 6 2017

Cc: tanin@chromium.org

 Issue 727183  has been merged into this issue.

Comment 7 by elawrence@chromium.org, Aug 2 2017

Cc: attek...@gmail.com

 Issue 751398  has been merged into this issue.

Project Member

Comment 8 by sheriffbot@chromium.org, Aug 7 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 9 by tsepez@chromium.org, Aug 10 2017

 Issue 754412  has been merged into this issue.

Comment 10 by infe...@chromium.org, Aug 13 2017

 Issue 754990  has been merged into this issue.

Comment 11 by infe...@chromium.org, Aug 13 2017

Labels: ClusterFuzz-Ignore

Comment 12 by elawrence@chromium.org, Aug 15 2017

 Issue 755476  has been merged into this issue.

Comment 13 by elawrence@chromium.org, Aug 19 2017

 Issue 757188  has been merged into this issue.

Comment 14 by rsesek@chromium.org, Aug 21 2017

 Issue 757568  has been merged into this issue.

►

Issue 704555 link

Issue metadata

Use-of-uninitialized-value in gdk_rectangle_intersect

Issue description

Comment 1 by rsesek@chromium.org, Mar 23 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Mar 24 2017

Comment 2 Deleted

Comment 3 by thomasanderson@chromium.org, Mar 24 2017

Comment 3 Deleted

Comment 4 by ta...@google.com, Apr 1 2017

Comment 4 Deleted

Comment 5 by ClusterFuzz, May 1 2017

Comment 5 Deleted

Comment 6 by mbarbe...@chromium.org, Jun 6 2017

Comment 6 Deleted

Comment 7 by elawrence@chromium.org, Aug 2 2017

Comment 7 Deleted

Comment 8 by sheriffbot@chromium.org, Aug 7 2017

Comment 8 Deleted

Comment 9 by tsepez@chromium.org, Aug 10 2017

Comment 9 Deleted

Comment 10 by infe...@chromium.org, Aug 13 2017

Comment 10 Deleted

Comment 11 by infe...@chromium.org, Aug 13 2017

Comment 11 Deleted

Comment 12 by elawrence@chromium.org, Aug 15 2017

Comment 12 Deleted

Comment 13 by elawrence@chromium.org, Aug 19 2017

Comment 13 Deleted

Comment 14 by rsesek@chromium.org, Aug 21 2017

Comment 14 Deleted

Sign in to add a comment