New issue
Advanced search Search tips

Issue 707599 link

Starred by 2 users
Status: Fixed
Owner:
qin...@chromium.org
Closed: Apr 2017
Cc:
qin...@chromium.org
twelling...@chromium.org
ivancic@google.com
xingliu@chromium.org
dtrainor@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in content::LayoutTestDownloadManagerDelegate::ShouldOpenDownload

Project Member Reported by ClusterFuzz, Apr 2 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5235239703281664

Fuzzer: tokenfuzz_pdf_march16
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x000000000000
Crash State:
  content::LayoutTestDownloadManagerDelegate::ShouldOpenDownload
  content::DownloadItemImpl::OnDownloadRenamedToFinalName
  _ZN4base8internal7InvokerINS0_9BindStateINS_8CallbackIFvN7content23DownloadInter
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=461346:461347

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95dMb55j3_7O1hcKRjV3zsQV87Pa2SnYJONmM_MwXdBt2hV3q_2cTK5IDb5oLUzg1qZg4vXHCdRC7IU8W8LZYt9nluzSXjM1xunjfJzwrA3jBVsBWoYGzQv0HRa4gBEDd0CP-gsSYp04PXTr2x3ZtJPpZRxFG47Luv2WQfpra9ss5qDlE_C3ir5I-fPxsAvCdG7JoFLDPXqj9q4uTslRrDXFLAr_4vyBjay_7hzw9tAdvpExf8d9lyfN72bw6t99oZfhTPz-wQzvQ2dhdIM2d13WskDeu94QlcjbW-GMjAeAS-d7ELpFlSH-gStwtHxoQ3wNF09vkw2m-7jMa76f7xSo9QekxhkepiQAE42JPGeNihG1DBlkfJ9KtqXPc01hfjiS5oOXopICJjjgCKKC7p9OfaSfQ?testcase_id=5235239703281664


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Apr 3 2017

Cc: twelling...@chromium.org xingliu@chromium.org dtrainor@chromium.org qin...@chromium.org
Components: UI>Browser>Downloads
Labels: Test-Predator-Wrong
Predator and regressing range did not given any suspected CL. could someone please take a look?

Comment 2 by dah...@chromium.org, Apr 6 2017

Owner: qin...@chromium.org

Comment 3 by msrchandra@chromium.org, Apr 11 2017

Status: Assigned (was: Untriaged)
Project Member

Comment 4 by bugdroid1@chromium.org, Apr 26 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/58a9ac7a9f534ef3cda229da75cff9e6f6487a24

commit 58a9ac7a9f534ef3cda229da75cff9e6f6487a24
Author: qinmin <qinmin@chromium.org>
Date: Wed Apr 26 18:45:03 2017

fix a layout test crash due to no browser window

The test opens a link to a pdf, which results in a download and closing the
tab immediately.
As a result, the crash could triggered by potential race between shut down the
content shell and opening the download.

BUG= 707599 

Review-Url: https://codereview.chromium.org/2842023003
Cr-Commit-Position: refs/heads/master@{#467392}

[modify] https://crrev.com/58a9ac7a9f534ef3cda229da75cff9e6f6487a24/content/shell/browser/layout_test/layout_test_download_manager_delegate.cc

Comment 5 by qin...@chromium.org, Apr 28 2017

Status: Fixed (was: Assigned)
0 crash reported yesterday, this should have been fixed.

Sign in to add a comment