Issue metadata
Sign in to add a comment
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::ResolutionSet::SelectClosestPointToIdealAspectRatio;content::ResolutionSet::SelectClosestPointToIdeal |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5338096586719232 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7f668a12f0b0 Crash State: Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr content::ResolutionSet::SelectClosestPointToIdealAspectRatio content::ResolutionSet::SelectClosestPointToIdeal Sanitizer: cfi (CFI) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=460787:460815 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94dZ5MdK57iICq6q6STRkxhKViDjXnrxmevKr4qfE70COyKeJNeZGa7pi_gBUhMNciYv2ylubjIm4rQOzv1bjvNbqRwdbeWn7Xk2EbpptmnCmcjxb3tJw6GYXkJQ2vkY_i6ApGxb6hx8_QSWjcwVFuDQyR8rA36-VvihEfinbdBhYuRn3UF5Us17pDnZHdnikU_eDRDeAP37bhzK7q805nsSPXBjYdevdoSgTHhWsUlsP30Z4eVDU7Ip-Zw4m6kfn0rHzr7xVRD4TgWSXFzXiHulVtfy9iG2DeYVVVD5cP0uMEKNQxglv9e175v3Pt_e-2oQ5S0kPrcGAprthZPpd4ldQdWo7i0g5PZEg8GnHkmyrvZVKeHk44PMVn_Pi-lIDh93Hieql8oUbCJSgLcJT5MzdfHRA?testcase_id=5338096586719232 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 31 2017
,
Apr 1 2017
It seems clusterfuzz found this crash and resolved it (705158).
,
Apr 4 2017
Clusterfuzz doesn't seem to think this is resolved. I think https://crbug.com/705158 is a different trigger. +guidou@: you landed crrev.com/2777703002 last week, which made changes to the method at the call site which ClusterFuzz trips up on here. Can you please take a look and investigate?
,
Apr 5 2017
Found the issue. Working on a fix.
,
Apr 6 2017
revision 2798843005 should have fixed it.
,
Apr 6 2017
ClusterFuzz has detected this issue as fixed in range 462131:462197. Detailed report: https://clusterfuzz.com/testcase?key=5338096586719232 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7f668a12f0b0 Crash State: Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr content::ResolutionSet::SelectClosestPointToIdealAspectRatio content::ResolutionSet::SelectClosestPointToIdeal Sanitizer: cfi (CFI) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=460787:460815 Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=462131:462197 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94dZ5MdK57iICq6q6STRkxhKViDjXnrxmevKr4qfE70COyKeJNeZGa7pi_gBUhMNciYv2ylubjIm4rQOzv1bjvNbqRwdbeWn7Xk2EbpptmnCmcjxb3tJw6GYXkJQ2vkY_i6ApGxb6hx8_QSWjcwVFuDQyR8rA36-VvihEfinbdBhYuRn3UF5Us17pDnZHdnikU_eDRDeAP37bhzK7q805nsSPXBjYdevdoSgTHhWsUlsP30Z4eVDU7Ip-Zw4m6kfn0rHzr7xVRD4TgWSXFzXiHulVtfy9iG2DeYVVVD5cP0uMEKNQxglv9e175v3Pt_e-2oQ5S0kPrcGAprthZPpd4ldQdWo7i0g5PZEg8GnHkmyrvZVKeHk44PMVn_Pi-lIDh93Hieql8oUbCJSgLcJT5MzdfHRA?testcase_id=5338096586719232 Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 6 2017
,
Apr 7 2017
,
Jul 13 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Mar 31 2017