Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in OmniboxMetricsProvider::RecordOmniboxOpenedURL |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5132640652099584 Fuzzer: meacer_extension_apis Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: OmniboxMetricsProvider::RecordOmniboxOpenedURL OmniboxEventGlobalTracker::OnURLOpened OmniboxEditModel::OpenMatch Sanitizer: memory (MSAN) Recommended Security Severity: Low Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=461326:461327 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv977hBiUs5anaKV2ucEYnrpF-cGtABWeAWa3yByc6gq1a4B4mN2GOd79UlZyB62A20ENN0ewDur4WFfkN11HRGvHi8va_jMdZJ2a-vUANvFI3A74vfg5KY1p0FJp2nkcUU4UYRu6xPaUSha6fqHHpnWKDL3SBaC_r5wTE8v7JdKpWR3s5EuvZT59IG2yLawRfrTuBg7wbhXDwca3tiCyYf8Dp7ZE84nhkEKLt6Tc2Xjjoe8NWNW_zhtOPs3c1YfNSn1yBzCuvKqyYj1yQeXKWgN1YG0Iiz1UexxSJD_WccSr0T8fj69UMR4fJicRk-rI1pgHMK9u59LvmBq8SQYc1rkxd2_eVyCp6kwXgDrceSKsVPnJPoKE00andq-xdPNhfbtJ0IXFrc6oS7iwqV5UdNGuNi9Xow?testcase_id=5132640652099584 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 2 2017
Looks like a regression from a recent CL? https://chromium.googlesource.com/chromium/src/+/67d53ace23978af7d28d83fade1a09993079085a
,
Apr 2 2017
,
Apr 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0e282db620025b8a3e4386e67e0d76d1008c5742 commit 0e282db620025b8a3e4386e67e0d76d1008c5742 Author: gcomanici <gcomanici@chromium.org> Date: Mon Apr 03 18:07:48 2017 Fix constructor for AutocompleteMatch to initialize |subtype_identifier| This bug was due to CL https://codereview.chromium.org/2755503002/. An additional fix is applied to two comments. These were inconsisitent with the variable names it they were refering to. BUG= 707537 Review-Url: https://codereview.chromium.org/2792983002 Cr-Commit-Position: refs/heads/master@{#461470} [modify] https://crrev.com/0e282db620025b8a3e4386e67e0d76d1008c5742/components/omnibox/browser/autocomplete_match.cc [modify] https://crrev.com/0e282db620025b8a3e4386e67e0d76d1008c5742/components/omnibox/browser/autocomplete_match.h [modify] https://crrev.com/0e282db620025b8a3e4386e67e0d76d1008c5742/components/omnibox/browser/search_suggestion_parser.h
,
Apr 3 2017
,
Apr 4 2017
ClusterFuzz has detected this issue as fixed in range 461467:461483. Detailed report: https://clusterfuzz.com/testcase?key=5132640652099584 Fuzzer: meacer_extension_apis Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: OmniboxMetricsProvider::RecordOmniboxOpenedURL OmniboxEventGlobalTracker::OnURLOpened OmniboxEditModel::OpenMatch Sanitizer: memory (MSAN) Recommended Security Severity: Low Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=461326:461327 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=461467:461483 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv977hBiUs5anaKV2ucEYnrpF-cGtABWeAWa3yByc6gq1a4B4mN2GOd79UlZyB62A20ENN0ewDur4WFfkN11HRGvHi8va_jMdZJ2a-vUANvFI3A74vfg5KY1p0FJp2nkcUU4UYRu6xPaUSha6fqHHpnWKDL3SBaC_r5wTE8v7JdKpWR3s5EuvZT59IG2yLawRfrTuBg7wbhXDwca3tiCyYf8Dp7ZE84nhkEKLt6Tc2Xjjoe8NWNW_zhtOPs3c1YfNSn1yBzCuvKqyYj1yQeXKWgN1YG0Iiz1UexxSJD_WccSr0T8fj69UMR4fJicRk-rI1pgHMK9u59LvmBq8SQYc1rkxd2_eVyCp6kwXgDrceSKsVPnJPoKE00andq-xdPNhfbtJ0IXFrc6oS7iwqV5UdNGuNi9Xow?testcase_id=5132640652099584 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 4 2017
,
Jul 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Apr 2 2017