New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 728516 link

Starred by 2 users
Status: WontFix
Owner:
sunyunjia@chromium.org
Closed: Jul 2017
Cc:
aarya@google.com
bokan@chromium.org
ranjitkan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in blink::AutoscrollController::Animate

Project Member Reported by ClusterFuzz, Jun 1 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5609261735608320

Fuzzer: inferno_twister
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::AutoscrollController::Animate
  blink::PageWidgetDelegate::Animate
  blink::WebViewImpl::BeginFrame
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=457847:457887

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5609261735608320


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, Jun 1 2017

Cc: ranjitkan@chromium.org
Labels: M-61 Test-Predator-Correct-CLs
Owner: tzik@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/ecb1b24070b8cbf7958f05ecad9373b979e212b9
Time: Tue Mar 21 07:25:54 2017
The CL last changed line 91 of file callback.h, which is stack frame 4. 

@tzik: Assigning to you, kindly take a look into it. Please help us to find an owner if not with respect to your change.

Thanks.!

Comment 2 by tzik@chromium.org, Jun 2 2017

Cc: aarya@google.com
Labels: -Test-Predator-Correct-CLs Test-Predator-Wrong QA-Triage-Wrong
Owner: ----
Status: Untriaged (was: Assigned)
Please do not use the Predator result when it's from git blame. It's rarely accurate.
Project Member

Comment 3 by ClusterFuzz, Jun 2 2017

Labels: OS-Windows
Project Member

Comment 4 by ClusterFuzz, Jun 8 2017

Labels: OS-Mac

Comment 5 by dtapu...@chromium.org, Jun 9 2017

Cc: bokan@chromium.org
Components: Blink>Scroll
Owner: sunyunjia@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 6 by ClusterFuzz, Jul 9 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5609261735608320 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment