DetachToBrowserInSeparateDisplayAndCancelTabDragControllerTest uninitialized reads |
||||||
Issue descriptionDetachToBrowserInSeparateDisplayAndCancelTabDragControllerTest.CancelDragTabToWindowIn1stDisplay is exhibiting `use-of-uninitialized-value` on Chromium OS MSAN bots in a flaky fashion. https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium.memory%2FLinux_ChromiumOS_MSan_Tests%2F1372%2F%2B%2Frecipes%2Fsteps%2Finteractive_ui_tests%2F0%2Flogs%2FDetachToBrowserInSeparateDisplayAndCancelTabDragControllerTest.CancelDragTabToWindowIn1stDisplay%2F0 ==22454==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0xc46dfaf in SkBlitter::Choose(SkPixmap const&, SkMatrix const&, SkPaint const&, SkArenaAlloc*, bool) third_party/skia/src/core/SkBlitter.cpp:935:24 #1 0xbc38128 in SkAutoBlitterChoose third_party/skia/src/core/SkAutoBlitterChoose.h:25:20 #2 0xbc38128 in SkDraw::drawRect(SkRect const&, SkPaint const&, SkMatrix const*, SkRect const*) const third_party/skia/src/core/SkDraw.cpp:793:0 #3 0xc454557 in drawRect third_party/skia/src/core/SkDraw.h:42:15 #4 0xc454557 in SkBitmapDevice::drawRect(SkRect const&, SkPaint const&) third_party/skia/src/core/SkBitmapDevice.cpp:206:0 #5 0xba6df23 in SkCanvas::onDrawRect(SkRect const&, SkPaint const&) third_party/skia/src/core/SkCanvas.cpp:2018:27 #6 0xba650b7 in SkCanvas::drawRect(SkRect const&, SkPaint const&) third_party/skia/src/core/SkCanvas.cpp:1714:11 #7 0xebce6f3 in Raster cc/paint/paint_op_buffer.cc:510:3 #8 0xebce6f3 in cc::PaintOpBuffer::Playback(SkCanvas*, SkPicture::AbortCallback*, std::__1::vector<unsigned long, std::__1::allocator<unsigned long> > const*) const cc/paint/paint_op_buffer.cc:774:0 #9 0xebce6f3 in Raster cc/paint/paint_op_buffer.cc:510:3
,
Jun 28 2017
I think this is unrelated to tabtstrip. It looks from the callstack like the bug is that IndicatorView in ash/display/shared_display_edge_indicator.cc doesn't init |color_|, and in this case no one is calling SetColor(). There's a secondary issue that SharedDisplayEdgeIndicator::Show() uses new-without-parens, which in some cases can lead to uninitialized members, but I think since IndicatorView declares a constructor that has no effect here. oshima is an OWNER here and added this code in https://chromiumcodereview.appspot.com/10917090 , so assigning to him.
,
Jun 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/41f6d1dad03160bbc855f7b4b0f1c42ad5d485a0 commit 41f6d1dad03160bbc855f7b4b0f1c42ad5d485a0 Author: Balazs Engedy <engedy@chromium.org> Date: Wed Jun 28 09:29:52 2017 Disable DetachToBrowserInSeparateDisplayAndCancelTabDragControllerTest.CancelDragTabToWindowIn1stDisp on MSAN builders. Bug: 737469 Change-Id: I92f597a7ee21e95aaece1eb3c9af5c0978c39eee TBR: pkasting@chromium.org Reviewed-on: https://chromium-review.googlesource.com/551718 Reviewed-by: Balazs Engedy <engedy@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#482926} [modify] https://crrev.com/41f6d1dad03160bbc855f7b4b0f1c42ad5d485a0/chrome/browser/ui/views/tabs/tab_drag_controller_interactive_uitest.cc
,
Jun 28 2017
Thanks a lot for the speedy triaging and routing!
,
Jun 28 2017
Peter is right. Thank you for the investigation. I'll fix it.
,
Jul 12 2017
,
Jul 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/43f0cf4e9b24024299bf3e29084c6e8551bedc0c commit 43f0cf4e9b24024299bf3e29084c6e8551bedc0c Author: Mitsuru Oshima <oshima@chromium.org> Date: Fri Jul 28 13:17:24 2017 Initialize color_ in edge indicator BUG= 737469 Change-Id: I1b66659819182ab51db1743702fc870b40773224 Reviewed-on: https://chromium-review.googlesource.com/567198 Reviewed-by: Peter Kasting <pkasting@chromium.org> Commit-Queue: Mitsuru Oshima <oshima@chromium.org> Cr-Commit-Position: refs/heads/master@{#490379} [modify] https://crrev.com/43f0cf4e9b24024299bf3e29084c6e8551bedc0c/ash/display/shared_display_edge_indicator.cc [modify] https://crrev.com/43f0cf4e9b24024299bf3e29084c6e8551bedc0c/chrome/browser/ui/views/tabs/tab_drag_controller_interactive_uitest.cc
,
Aug 3 2017
,
Jan 22 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by engedy@chromium.org
, Jun 28 2017