New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 729027 link

Starred by 2 users
Status: WontFix
Owner:
keishi@chromium.org
Closed: Aug 2017
Cc:
sigbjo...@opera.com
erik.co...@gmail.com
haraken@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in blink::PersistentBase<blink::DummyGCBase,

Project Member Reported by ClusterFuzz, Jun 2 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5916038498877440

Fuzzer: inferno_layout_test_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7ebe9e721e60
Crash State:
  blink::PersistentBase<blink::DummyGCBase,
  blink::CrossThreadPersistentRegion::ShouldTracePersistentNode
  blink::PersistentRegion::TracePersistentNodes
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5916038498877440


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 3 2017

Labels: M-59
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 3 2017

Labels: Pri-1

Comment 3 by rsesek@chromium.org, Jun 9 2017

Cc: sigbjo...@opera.com erik.co...@gmail.com
Components: Blink>MemoryAllocator>GarbageCollection
Owner: haraken@chromium.org
Status: Assigned (was: Untriaged)
Looks like a potential OilPan issue.

Comment 4 by haraken@chromium.org, Jun 9 2017

Cc: haraken@chromium.org
Owner: keishi@chromium.org
Hmm, this looks like a real error.

keishi@: Would you mind taking a look?
Project Member

Comment 5 by sheriffbot@chromium.org, Jun 17 2017 

keishi: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 6 by sheriffbot@chromium.org, Jul 1 2017 

keishi: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by sheriffbot@chromium.org, Jul 26 2017

Labels: -M-59 M-60
Project Member

Comment 8 by ClusterFuzz, Aug 25 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5916038498877440 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 9 by sheriffbot@chromium.org, Dec 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment