Data race in base::PersistentMemoryAllocator::GetAllocSize |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4571384448811008 Fuzzer: inferno_layout_test_unmodified Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Data race READ 4 Crash Address: 0x7f7930951a28 Crash State: base::PersistentMemoryAllocator::GetAllocSize base::PersistentHistogramAllocator::CreateHistogram base::PersistentHistogramAllocator::GetHistogram Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=471195:471208 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4571384448811008 Issue manually filed by: aarya See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 15 2017
,
May 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/17aab96e1dfcdfdd4e4004dd3949b6b0b872dce2 commit 17aab96e1dfcdfdd4e4004dd3949b6b0b872dce2 Author: bcwhite <bcwhite@chromium.org> Date: Mon May 15 16:43:29 2017 Use acquire/relase for delayed persistent allocations. Previously, iteration was the safe way to pass allocations between threads & processes. DelayedPersistentAllocations add a second way by storing the reference in a common location so acquire/release must be used when accessing that reference to ensure data integrity of the allocation itself. BUG= 722169 Review-Url: https://codereview.chromium.org/2886453002 Cr-Commit-Position: refs/heads/master@{#471795} [modify] https://crrev.com/17aab96e1dfcdfdd4e4004dd3949b6b0b872dce2/base/metrics/persistent_histogram_allocator.cc [modify] https://crrev.com/17aab96e1dfcdfdd4e4004dd3949b6b0b872dce2/base/metrics/persistent_memory_allocator.cc [modify] https://crrev.com/17aab96e1dfcdfdd4e4004dd3949b6b0b872dce2/base/metrics/persistent_memory_allocator.h
,
May 17 2017
|
||
►
Sign in to add a comment |
||
Comment 1 by infe...@chromium.org
, May 15 2017Status: Assigned (was: Untriaged)