Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in LayoutTestBrowserMain |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6256160593412096 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_msan_content_shell_drt Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: LayoutTestBrowserMain content::ShellMainDelegate::RunProcess content::RunNamedProcessTypeMain Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=459323:459353 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95D-ijAs-y-NLgjS2FbJtzJUtmxjVwf1UH5561KS7LXT4qLwqQTMXQABjXKeHC601AQUx50Y904R86_UXsFSE6vH7cxTi1T_W3uIkVEuhqBvnznxOqUFDynuyjmNBvrdcDCMBiaEzhQzLVXIacLD0CE_SiHk2jtA_BXGqS9x3sKwR9qLpubmSewYCUCT2PCQZhMPyAhwtspT1tKMLzqgs1RzVC4lpRswuBRVqy7acK0XEDVPm64O7V5lLyDnbzRFpNVrBT43pa0y4T_UGFgMbRMzRHLkwrcgkRHJRC88OvZ0ns0IryrZGq1totf5wCXL-HqWFoZTp7I9GPICySeKzySUen0r2Ii5gtr3FlGPUbjTTENA48?testcase_id=6256160593412096 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 11 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 11 2017
,
Apr 11 2017
The likely culprit is https://codereview.chromium.org/2756623002. chenwilliam -- Can you take a look?
,
Apr 11 2017
Taking a look.
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cfaf69d33ef9a51db827b68edee25553ab39f797 commit cfaf69d33ef9a51db827b68edee25553ab39f797 Author: chenwilliam <chenwilliam@chromium.org> Date: Wed Apr 12 21:29:21 2017 DevTools: fix memory issue with layout test No longer using unique_ptr to manage the lifetime of devtools_window_ because the Shell object is currently getting deleted twice (once from Shell::CloseAllWindows and once by the unique_ptr). BUG= 710356 Review-Url: https://codereview.chromium.org/2810873006 Cr-Commit-Position: refs/heads/master@{#464156} [modify] https://crrev.com/cfaf69d33ef9a51db827b68edee25553ab39f797/content/shell/browser/layout_test/blink_test_controller.cc [modify] https://crrev.com/cfaf69d33ef9a51db827b68edee25553ab39f797/content/shell/browser/layout_test/blink_test_controller.h
,
Apr 12 2017
,
Apr 13 2017
,
Apr 17 2017
,
Jul 20 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Apr 11 2017