New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 717422 link

Starred by 1 user
Status: Fixed
Owner:
est...@chromium.org
Closed: May 2017
Cc:
msrchandra@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocked on:
issue 717559


Sign in to add a comment

Crash in ash::PaletteTray::ShowPalette

Project Member Reported by ClusterFuzz, May 2 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5911594593943552

Fuzzer: cdiehl_peach
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000410
Crash State:
  ash::PaletteTray::ShowPalette
  ash::AcceleratorController::PerformAction
  ash::AcceleratorController::AcceleratorPressed
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=468411:468487

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5911594593943552


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, May 2 2017

Cc: msrchandra@chromium.org
Labels: M-60 Test-Predator-Wrong
Owner: est...@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "palette_tray.cc" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/6806c795184e4012764bf389f63f95c4e266d382

@estade -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by jamescook@chromium.org, May 2 2017

Blockedon: 717559
Project Member

Comment 3 by bugdroid1@chromium.org, May 2 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be86e8abc1a85b3cdb7b575ed1f5d6a6bbbfd460

commit be86e8abc1a85b3cdb7b575ed1f5d6a6bbbfd460
Author: estade <estade@chromium.org>
Date: Tue May 02 15:58:35 2017

Fix crash when pressing stylus tools accelerator with null PaletteTray.

BUG= 717422 

Review-Url: https://codereview.chromium.org/2858583002
Cr-Commit-Position: refs/heads/master@{#468651}

[modify] https://crrev.com/be86e8abc1a85b3cdb7b575ed1f5d6a6bbbfd460/ash/accelerators/accelerator_controller.cc

Comment 4 by est...@chromium.org, May 2 2017

Status: Fixed (was: Assigned)
Project Member

Comment 5 by ClusterFuzz, May 3 2017 

ClusterFuzz has detected this issue as fixed in range 468630:468676.

Detailed report: https://clusterfuzz.com/testcase?key=5911594593943552

Fuzzer: cdiehl_peach
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000410
Crash State:
  ash::PaletteTray::ShowPalette
  ash::AcceleratorController::PerformAction
  ash::AcceleratorController::AcceleratorPressed
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=468411:468487
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=468630:468676

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5911594593943552


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 6 by wutao@chromium.org, May 3 2017 

The cl 2858583002 could be changed in this cl:
https://codereview.chromium.org/2825383003/
Project Member

Comment 7 by bugdroid1@chromium.org, May 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313

commit 53e9c2e81bf4fe7d0f6bcaebca0c717b19430313
Author: wutao <wutao@chromium.org>
Date: Thu May 04 19:19:29 2017

Fix stylus tools palette.

HandleShowStylusTools crashes at desktop ChromeOS UI and shows stylus
tools on device does not have stylus. Adding more checks when we should
HandleShowStylusTools and when to AddPaletteTray.

BUG= 712887 ,  717674 ,  717422 
TEST=Manual && AboutFlagsHistogramTest.CheckHistograms

Review-Url: https://codereview.chromium.org/2825383003
Cr-Commit-Position: refs/heads/master@{#469418}

[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/accelerators/accelerator_controller.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/ash_switches.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/ash_switches.h
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/palette/palette_tray.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/palette/palette_tray.h
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/palette/palette_utils.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/palette/palette_utils.h
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/status_area_widget.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ash/system/status_area_widget_unittest.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/chrome/browser/about_flags.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/chrome/browser/chromeos/login/chrome_restart_request.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/chrome/browser/chromeos/note_taking_helper_unittest.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ui/events/devices/input_device.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ui/events/devices/touchscreen_device.cc
[modify] https://crrev.com/53e9c2e81bf4fe7d0f6bcaebca0c717b19430313/ui/events/devices/touchscreen_device.h

Sign in to add a comment