CHECK failure: has_pending_error_event_ in ImageLoader.cpp |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4876188245032960 Fuzzer: inferno_twister_c Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: has_pending_error_event_ in ImageLoader.cpp blink::ImageLoader::DispatchPendingErrorEvent blink::EventSender<>::DispatchPendingEvents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=471391:471465 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4876188245032960 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 13 2017
,
May 13 2017
Also crashing in the wild: QUERY: custom_data.ChromeCrashProto.magic_signature_1.name='blink::ImageLoader::DispatchPendingErrorEvent' Suspected CL: https://codereview.chromium.org/2859383002/ Reverting.
,
May 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9d5bcf58d9932d151f12231a6544b67903780fed commit 9d5bcf58d9932d151f12231a6544b67903780fed Author: hiroshige <hiroshige@chromium.org> Date: Sat May 13 18:03:28 2017 Revert of Add CHECK()s about ImageLoader::has_pending_load_event_ (patchset #12 id:220001 of https://codereview.chromium.org/2859383002/ ) Reason for revert: Assertion failures in the wild and on clusterfuzz. BUG= 721994 Original issue's description: > Add CHECK()s about ImageLoader::has_pending_load_event_ > > As preparation for [1], this CL checks some assumptions to hold that > are helpful for proving the equivalences in [1]. > > [1] https://codereview.chromium.org/2859093003/ > > BUG= 624697 , 719759 > > Review-Url: https://codereview.chromium.org/2859383002 > Cr-Commit-Position: refs/heads/master@{#471464} > Committed: https://chromium.googlesource.com/chromium/src/+/1b070387595668ec438ffec65185e61017300e3c TBR=japhet@chromium.org,yhirano@chromium.org,kinuko@chromium.org,kouhei@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 624697 , 719759 Review-Url: https://codereview.chromium.org/2878263002 Cr-Commit-Position: refs/heads/master@{#471598} [modify] https://crrev.com/9d5bcf58d9932d151f12231a6544b67903780fed/third_party/WebKit/Source/core/loader/ImageLoader.cpp
,
May 13 2017
,
May 13 2017
,
May 13 2017
Reverted. I expect fixed on next canary.
,
May 14 2017
ClusterFuzz has detected this issue as fixed in range 471596:471599. Detailed report: https://clusterfuzz.com/testcase?key=4876188245032960 Fuzzer: inferno_twister_c Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: has_pending_error_event_ in ImageLoader.cpp blink::ImageLoader::DispatchPendingErrorEvent blink::EventSender<>::DispatchPendingEvents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=471391:471465 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=471596:471599 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4876188245032960 Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 14 2017
ClusterFuzz testcase 4876188245032960 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 15 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by hirosh...@chromium.org
, May 13 2017Owner: hirosh...@chromium.org
Status: Started (was: Untriaged)