New issue
Advanced search Search tips

Issue 713336 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security



Sign in to add a comment

Heap-use-after-free in content::BlinkTestController::~BlinkTestController

Project Member Reported by ClusterFuzz, Apr 19 2017

Issue description

Project Member

Comment 1 by ClusterFuzz, Apr 19 2017

ClusterFuzz has detected this issue as fixed in range 459701:459783.

Detailed report: https://clusterfuzz.com/testcase?key=6218805232795648

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x30cf37d3
Crash State:
  content::BlinkTestController::~BlinkTestController
  RunTests
  LayoutTestBrowserMain
  
Memory Tool: SYZYASAN

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=459323:459360
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=459701:459783

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96lRGixVHJ6yT0g03KSFxUyiY5zNCwtXjH2x9QyDw3sTO3dntzEsz8EZVS43AmhpyX5iIddLVKEbR7z_6NISJ7x9n2akuJdG3f_V5icVGQXL6lLnpjHrN_6fO4tO-5deXZRe6ynT5fNaAZG1zPYO4bAa_1_Ik1qrlCFJHOXO5_vJeE8FlUDhc5Xmm1sBtji6-BxBhDDVSA7AWE6_i49_UbY5J2h_q0Np-UkK3uvkAS4cUB3lp2EnWlljihrGKL-HnEfq04PKOsk4JNMpllFIiXTqeRXkIINk53OEVD5QPihYJ8egF7Yyl-nZmtjj5_SWSHsXiz1DR9Zrptnhs6zjus37mUjFswLyaMna7OKghfNxdz7nxH2tqnPASXOwGwUA1OGDIYKcEF0CuJJAcvWohhZcQFI1g?testcase_id=6218805232795648


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 2 by ClusterFuzz, Apr 19 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 6218805232795648 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 20 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 27 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Jul 28

Labels: Pri-1

Sign in to add a comment