New issue
Advanced search Search tips

Issue 741256 link

Starred by 3 users
Status: Fixed
Owner:
rsesek@chromium.org
Closed: Jul 2017
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: ----
Type: ----



Sign in to add a comment

jingle_unittests failing on chromium.mac/Mac10.9 Tests (dbg)

Project Member Reported by keishi@chromium.org, Jul 12 2017

Comment 1 by keishi@chromium.org, Jul 12 2017 

ipc_tests and content_browsertests are also failing in WaitableEvent
https://uberchromegw.corp.google.com/i/chromium.memory/builders/Mac%20ASan%2064%20Tests%20%281%29/builds/32326

Comment 3 by keishi@chromium.org, Jul 12 2017

Status: Fixed (was: Available)

Comment 4 by rsesek@chromium.org, Jul 12 2017 

 Issue 741369  has been merged into this issue.

Comment 5 by rsesek@chromium.org, Jul 12 2017

Cc: rsesek@chromium.org
Project Member

Comment 6 by ClusterFuzz, Jul 12 2017

Labels: OS-Mac

Comment 7 by rsesek@chromium.org, Jul 12 2017

Cc: -rsesek@chromium.org
Owner: rsesek@chromium.org
Status: Started (was: Fixed)
There were two issues:

- A legit UAF also found by clusterfuzz ( Issue 741369 )
- Jingle uses MessagePumpDefault in a death test, which won't work since kqueues are not inherited across fork

Comment 8 by mark@chromium.org, Jul 12 2017

Labels: -Sheriff-Chromium
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6d38e78f585fc84c2757e9f09ac09f50615c8438

commit 6d38e78f585fc84c2757e9f09ac09f50615c8438
Author: Robert Sesek <rsesek@chromium.org>
Date: Thu Jul 13 00:46:50 2017

Add new test WaitableEventWatcherDeletionTest.DeleteWatcherBeforeCallback.

This verifies the potential for use-after-free that can occur if the
WaitableEventWatcher is deleted after the event is signaled but before the
callback is run.

Bug: 681167
Bug:  741256 
Change-Id: Ic5ca2bc48cb51d5f50be7e67773f8213fbbc80d3
Reviewed-on: https://chromium-review.googlesource.com/568371
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486191}
[modify] https://crrev.com/6d38e78f585fc84c2757e9f09ac09f50615c8438/base/synchronization/waitable_event_watcher_unittest.cc
Project Member

Comment 10 by ClusterFuzz, Jul 13 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 6431112846114816 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 11 by rsesek@chromium.org, Jul 13 2017

Labels: ClusterFuzz-Wrong
Status: Started (was: Verified)
Project Member

Comment 12 by bugdroid1@chromium.org, Jul 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b6bd20af95a73a79ba0d9ae0af95c2882abf0802

commit b6bd20af95a73a79ba0d9ae0af95c2882abf0802
Author: Robert Sesek <rsesek@chromium.org>
Date: Thu Jul 13 18:35:18 2017

Use the threadsafe GTest death test style in two //jingle tests.

Using MessageLoop across the death test fork does not work well on Mac. The
threadsafe death test style solves this issue.

Bug:  741256 
Bug: 681167
Change-Id: I301981a704c284d4264642d4a553d3cc2570e0fa
Reviewed-on: https://chromium-review.googlesource.com/568800
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486445}
[modify] https://crrev.com/b6bd20af95a73a79ba0d9ae0af95c2882abf0802/jingle/glue/chrome_async_socket_unittest.cc
[modify] https://crrev.com/b6bd20af95a73a79ba0d9ae0af95c2882abf0802/jingle/notifier/base/xmpp_connection_unittest.cc

Comment 13 by rsesek@chromium.org, Jul 13 2017

Status: Fixed (was: Started)

Comment 14 by infe...@chromium.org, Jul 14 2017

Labels: -ClusterFuzz-Wrong
Cleanup time.

Sign in to add a comment