New issue
Advanced search Search tips

Issue 712911 link

Starred by 1 user
Status: Verified
Owner:
mcasas@chromium.org
Closed: Apr 2017
Cc:
niklase@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Crash in base::internal::WeakReferenceOwner::GetRef

Project Member Reported by ClusterFuzz, Apr 18 2017

Comment 1 by mummare...@chromium.org, Apr 19 2017

Components: Blink>WebRTC>Video Internals>GPU
Labels: M-60 Test-Predator-Correct-CLs
Owner: mcasas@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: mcasas
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/d80e6732a30c9f8b5c725fc98b013577799022cd
Time: Mon Mar 06 21:35:20 2017
File html_video_element_capturer_source.cc is changed in this cl (and is part of stack frame #6, "content_shell!content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl+0x33")
Minimum distance from crash line to modified line: 24. (file: html_video_element_capturer_source.cc, crashed on: 40, modified: 64).

Comment 2 by mcasas@chromium.org, Apr 19 2017

Components: -Internals>GPU -Blink>WebRTC>Video Blink>MediaStream>CaptureFromElement
Labels: -Pri-1 Pri-2
This code is behind a flag, so Pri-1 is unjustified.
Project Member

Comment 3 by ClusterFuzz, Apr 20 2017 

ClusterFuzz has detected this issue as fixed in range 465765:465806.

Detailed report: https://clusterfuzz.com/testcase?key=6242350646165504

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000005
Crash State:
  base::internal::WeakReferenceOwner::GetRef
  base::SupportsWeakPtr<media::WebMediaPlayerImpl>::AsWeakPtr
  content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=454873:455044
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=465765:465806

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95brg8BSjiule4pWZz6SgFpe5kuuD0Y5PgVDn_3H7LVxFtqZlC2DzdnNVv1grnLgsvAD1hF3hwovoyKb2gzKnH8ZhrD3qOQXUXKxQxJP-jVYOTiHYmCrbDIYuleQ7fBA1DE_RwVhpW12HbtAnNXmNIy__cLz2scA-7veyvLIQ2bQBbckfXcVb9bbL6cyyUSASprU9UIUA0z09E8UzpLC2elnSF_NbdjIrt1rbwjG5jZmwhmcwC3Os_h1lQ29KLrnfWtDPcTPPoNP9umTN32wbGTJ_vN5OfFImnFKoDCAeU3YtJefvmoQ7EMyFoKmnbyD0bWS_ReaWLVCdHsaASLH7EJcPH5Y-LbAHIxn8_MF0tzFoH6KK8Q_IVnWCqgG0ffxZQM_Py_QlKxDdoMvBaSr4sdmKLvKQ?testcase_id=6242350646165504


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Apr 20 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6242350646165504 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment