Null-dereference READ in blink::AXNodeObject::NativeAccessibilityRoleIgnoringAria |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6290127533113344 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000140 Crash State: blink::AXNodeObject::NativeAccessibilityRoleIgnoringAria blink::AXNodeObject::DetermineAccessibilityRole blink::AXNodeObject::Init Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=474287:474307 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6290127533113344 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 25 2017
Assigning to the concern owner from Predator results -- The result is a list of CLs that change the crashed files. Author: aleventhal Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/5730ebb5038385964944377c1256244068b134d1 Time: Wed May 24 15:51:21 2017 Lines 546 of file AXNodeObject.cpp which potentially caused crash are changed in this cl (frame #1, "blink::AXNodeObject::NativeAccessibilityRoleIgnoringAria"). Minimum distance from crash line to modified line: 0. (file: AXNodeObject.cpp, crashed on: 543, modified: 543). @aleventhal -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7f03309fde80e0cf33cb99519d2716cb5160aac6 commit 7f03309fde80e0cf33cb99519d2716cb5160aac6 Author: aleventhal <aleventhal@chromium.org> Date: Thu May 25 17:43:43 2017 Fix null ptr exception BUG= 726209 Review-Url: https://codereview.chromium.org/2905053002 Cr-Commit-Position: refs/heads/master@{#474692} [modify] https://crrev.com/7f03309fde80e0cf33cb99519d2716cb5160aac6/third_party/WebKit/Source/modules/accessibility/AXNodeObject.cpp
,
May 25 2017
,
May 26 2017
ClusterFuzz has detected this issue as fixed in range 474686:474713. Detailed report: https://clusterfuzz.com/testcase?key=6290127533113344 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000140 Crash State: blink::AXNodeObject::NativeAccessibilityRoleIgnoringAria blink::AXNodeObject::DetermineAccessibilityRole blink::AXNodeObject::Init Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=474287:474307 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=474686:474713 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6290127533113344 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, May 25 2017